Hi Joel! Earlier I wrote about a similar problem. https://lists.katipo.co.nz/public/koha/2023-April/059340.html I have tried different options, the search ends with an error if "edit_borrowers" is not allowed. Now version 23.05.03 the problem remains.
Good Luck! Igor A. Sychev Tomsk Polytechnic University https://lib.tpu.ru -----Original Message----- From: Koha <koha-boun...@lists.katipo.co.nz> On Behalf Of Coehoorn, Joel Sent: Friday, September 8, 2023 9:00 PM To: koha <koha@lists.katipo.co.nz> Subject: [Koha] Minimum permissions needed for patron search We're a small college using Koha for our library circulation. Our library uses workstudy students to man the desk and do *basic *circulation tasks. Anything advanced, like adding or receiving holds, fines, etc, and the student will get an actual librarian. These workstudy students are also regular patrons, so the workstudy job is accomplished with a dedicated login, with the password saved on the circulation PC so the students don't actually know how to login as a staff person otherwise. FERPA and related laws require us to treat this as an extremely low-trust position. Historically, this login has only had the "View Patron Infos from any Libraries (view_borrower_infos_from_any_libraries)" permission in the "Add Modify Patron Information (borrowers)" section. We also use SAML for authentication. Recently, this account is no longer able to search for patrons by name. If a student comes to the desk to checkout a book and forgets their card, our workstudy account used to be able to search them by name and proceed with the checkout process. Now, this enters a SAML redirect loop trying to validate permissions for the login, which is detected and broken with an error by the identity provider. I can't find where in Koha, if anywhere, this is being logged to help resolve it. They are otherwise able to circulate material if they can lookup the patron by barcode. I discovered the problem goes away if we add the "Add, modify and view patron information (edit_borrowers)" to the login. Then they are able to continue circulation as normal. However, we don't want this account to be able to add or modify borrows, especially as this information all syncs from our student information system. We don't want manual edits... ever. How can I fix this? Why do we need to give edit permissions just to do a search? *Joel Coehoorn* Director of Information Technology *York University* Office: 402-363-5603 | jcoeho...@york.edu | york.edu *Please contact helpd...@york.edu <helpd...@york.edu> for technical assistance.* The mission of York University is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
