MilSerials item record deletion
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Date: Sat, 10 Aug 2002 09:57:15 -0700
- From: "LaCount, Leslie" <LLACOUNT@xxxxxxxxxx>
- Subject: MilSerials item record deletion
I've run across a loophole that circumvents non-authorized item record
deletion in Millennium Serials. For your system security I prefer not to
post the details on the list. I've submitted an enhancement request that
speaks to the problem. Please refer to that, or email me for information.
Thank you.
Leslie Bass LaCount
Technical Services Librarian
Orange County Public Law Library
515 N. Flower Street
Santa Ana, CA 92703
(714) 834-3004
-----Original Message-----
From: innopac-request@xxxxxxxxxx
[mailto:innopac-request@xxxxxxxxxx]
Sent: Saturday, August 10, 2002 5:02 AM
To: innopac@xxxxxxxxxx
Subject: INNOPAC digest, Vol 1 #442 - 7 msgs
Send INNOPAC mailing list submissions to
innopac@xxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
http://innopacusers.org/list/listinfo/innopac
or, via email, send a message with subject or body 'help' to
innopac-request@xxxxxxxxxx
You can reach the person managing the list at
innopac-admin@xxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of INNOPAC digest..."
Today's Topics:
1. Generic Authorizations (Mark Cesare)
2. Re: Generic Authorizations (Jennifer Merrill)
3. Re: Generic Authorizations (Sue Boggs)
4. RE: Generic Authorizations (Fred McIlvain)
5. RE: Generic Authorizations (Barb Anderson)
6. RE: Generic Authorizations (Miller, David)
7. RE: Generic Authorizations (Howard Pasternack)
--__--__--
Message: 1
Date: Fri, 09 Aug 2002 10:42:49 -0700
From: Mark Cesare <Mark.Cesare@xxxxxxxxxx>
Subject: Generic Authorizations
To: innopac@xxxxxxxxxx
Reply-To: innopac@xxxxxxxxxx
<html>
For student worker access, our library uses logins in a very general
fashion and authorizations in a very specific fashion. For example, all
students that work in the circulation area use the same login to access
the system, but each will have an individual set of authorized initials
and unique associated functions. (Beginning students will all have the
same functions assigned, with new functions added as training and
experience allow.) On the other hand, staff all have unique, individual
logins and authorizations.<br><br>
-- From a work-flow perspective this is beneficial because some
workstations are logged-in in the morning and stay on all day (E.g. those
at the circulation desk). Having all the students working the circulation
desk logging-in and logging-out all day would be cumbersome -- so generic
logins work in this instance.<br>
-- From a security (and troubleshooting) standpoint, this has worked
because the login gives them very basic access to the system; that is,
they can't do any real harm. They can look and they can print, but they
can't change, delete, or override important data. To change, delete, or
override, the system requires authorization.<br>
-- From a troubleshooting perspective, the override file provides useful
information <i>because</i> it contains reference to authorized initials.
<br><br>
The Head of our Access Services department wants to streamline system
maintenance by eliminating individual authorized initials and replacing
them with generic accounts. All student workers would use the same logins
AND authorized initials. While this plan may have some merit from the
work flow perspective (fewer accounts to manage, setting the initials in
Millennium, etc.), I don't like the idea of losing user accountability.
User accountability and system security are vital to a well maintained
system!<br><br>
As a note, student workers (in general) will work at the library at least
a year. Many will stay for two or three years. We employ approximately 50
students library-wide. <br><br>
Questions:<br>
Are there other benefits to keeping individual authorizations? (in
addition to user accountability and system security)<br>
How do your libraries handle logins and authorizations? (I've been told
that "no one else" uses individual authorizations.)<br>
Would anyone care to give general comments pertinent to this
topic?<br><br>
Thanks for your time!<br><br>
--Mark.<x-tab> </x-tab><x-tab>  
; </x-tab><br><br>
<x-sigsep><p></x-sigsep>
Mark Cesare, Support Systems Analyst<br>
Northern Arizona University ~ Cline Library / Technology Services<br>
P.O. Box 6022 ~ Flagstaff, AZ ~ 86011<br>
<i>e-mail</i>: Mark.Cesare@xxxxxxxxxx<br>
<i>phone</i>: (928) 523-2330<br>
<i>fax</i>: (928) 523-3770</html>
--__--__--
Message: 2
Date: 09 Aug 2002 14:39:38 EDT
From: Jennifer.Merrill@xxxxxxxxxx (Jennifer Merrill)
Subject: Re: Generic Authorizations
To: innopac@xxxxxxxxxx
Reply-To: innopac@xxxxxxxxxx
At Dartmouth we use generic login accounts for each area Acquisitions,
Cataloging, each branch's Circ. For the initials/password we assign
individual
initials to staff and we use generic initials for students. Some areas have
multiple sets of initials for students when different levels of work are
being
performed, for instance in our storage library there are students who do
circulation functions and students who work on serial barcoding projects.
They
have separate initials.
Supervisors in each area are encouraged to change the password for student
initials each time there is student turnover. I would be surprised if that
happens as often as it should.
Jennifer
---
Jennifer K. Merrill
Head, Digital Library Technologies Group Voice: 603 646-3389
Dartmouth College Fax: 603 646-1043
Hanover, NH 03755
Jennifer.Merrill@xxxxxxxxxx
--- Mark Cesare wrote:
<html>
For student worker access, our library uses logins in a very general
fashion and authorizations in a very specific fashion. For example, all
students that work in the circulation area use the same login to access
the system, but each will have an individual set of authorized initials
and unique associated functions. (Beginning students will all have the
same functions assigned, with new functions added as training and
experience allow.) On the other hand, staff all have unique, individual
logins and authorizations.<br><br>
-- From a work-flow perspective this is beneficial because some
workstations are logged-in in the morning and stay on all day (E.g. those
at the circulation desk). Having all the students working the circulation
desk logging-in and logging-out all day would be cumbersome -- so generic
logins work in this instance.<br>
-- From a security (and troubleshooting) standpoint, this has worked
because the login gives them very basic access to the system; that is,
they can't do any real harm. They can look and they can print, but they
can't change, delete, or override important data. To change, delete, or
override, the system requires authorization.<br>
-- From a troubleshooting perspective, the override file provides useful
information <i>because</i> it contains reference to authorized initials.
<br><br>
The Head of our Access Services department wants to streamline system
maintenance by eliminating individual authorized initials and replacing
them with generic accounts. All student workers would use the same logins
AND authorized initials. While this plan may have some merit from the
work flow perspective (fewer accounts to manage, setting the initials in
Millennium, etc.), I don't like the idea of losing user accountability.
User accountability and system security are vital to a well maintained
system!<br><br>
As a note, student workers (in general) will work at the library at least
a year. Many will stay for two or three years. We employ approximately 50
students library-wide. <br><br>
Questions:<br>
Are there other benefits to keeping individual authorizations? (in
addition to user accountability and system security)<br>
How do your libraries handle logins and authorizations? (I've been told
that "no one else" uses individual authorizations.)<br>
Would anyone care to give general comments pertinent to this
topic?<br><br>
Thanks for your time!<br><br>
--Mark.<x-tab> </x-tab><x-tab>  
;&nb
sp;</x-tab><br><br>
<x-sigsep><p></x-sigsep>
Mark Cesare, Support Systems Analyst<br>
Northern Arizona University ~ Cline Library / Technology Services<br>
P.O. Box 6022 ~ Flagstaff, AZ ~ 86011<br>
<i>e-mail</i>: Mark.Cesare@xxxxxxxxxx<br>
<i>phone</i>: (928) 523-2330<br>
<i>fax</i>: (928) 523-3770</html>
--
This message was distributed through the Innovative Users Group INNOPAC list
Public replies: INNOPAC@xxxxxxxxxx
Update your subscription options:
http://innopacusers.org/list/listinfo/innopac
--- end of quote ---
--__--__--
Message: 3
Date: Fri, 09 Aug 2002 11:44:17 -0700
To: innopac@xxxxxxxxxx
From: Sue Boggs <boggs@xxxxxxxxxx>
Subject: Re: Generic Authorizations
Reply-To: innopac@xxxxxxxxxx
At 10:42 AM 8/9/2002 -0700, you wrote:
>Questions:
>Are there other benefits to keeping individual authorizations? (in
>addition to user accountability and system security)
>How do your libraries handle logins and authorizations? (I've been told
>that "no one else" uses individual authorizations.)
With the character based, everyone in the library, students and staff, have
the same login but everyone has individual initials and passwords that as
you say allow them access to different functions. The one login has
occasionally caused difficulty with III trying to troubleshoot problems
because they say "the login was this" and I have to reply, "well, that
doesn't narrow it down because everyone on staff uses that one."
We are in the process of moving to Millennium and I am taking the
opportunity to add a few more logins so we can differentiate between the
units. For instance I have three Milcirc logins, one for students, one for
library staff and one for the computer staff that need it just to circulate
equipment. Everyone still has individual initials and passwords. Another
advantage in Millennium of course is you can customize the look of the
"screen". Students will never use the merge patron feature so for their
login I have removed it from the sidebar.
Making student & department logins would be a compromise- less logins for
the administrator to maintain but still not the same one for everyone in
the library.
>Would anyone care to give general comments pertinent to this topic?
It may be a pain to make individual passwords if you are a very large
university but the first time you are able to track down the student that
input less than flattering hand keyed bib records, visible to anyone
searching the database, because they didn't know their initials showed up
as the creator in the first time headings report, it makes up for it. Gee,
why would I think of that as an example...
Sue
Sue Boggs
Electronic Resources Supervisor
Information & Access Services
Library
University of Puget Sound
1500 N. Warner St. #1021
Tacoma, WA 98416-1021
(253) 879-2667
boggs@xxxxxxxxxx
--__--__--
Message: 4
Date: Fri, 09 Aug 2002 12:58:15 -0700
From: Fred McIlvain <FRED.McILVAIN@xxxxxxxxxx>
Subject: RE: Generic Authorizations
To: "'innopac@xxxxxxxxxx'" <innopac@xxxxxxxxxx>
Reply-To: innopac@xxxxxxxxxx
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--Boundary_(ID_nKGJfz2ZW5lvyBhNIU6S4g)
Content-type: text/plain; charset="iso-8859-1"
Historically, we have used generic logins for all departments, generic
initials & passwords for all student workers, and individual initials and
passwords for Library Staff. The login passwords are changed each
semester, or whenever the supervisors are concerned that the system might be
compromised.
Personally, I would like to move to a system such as you are using, generic
logins, with individual initials and passwords for all student employees.
That way, they can be deleted when they leave. I have been unsuccessful in
getting the departments to agree to this. Every time we have a possible
security problem, I suggest it again.
Fred McIlvain
Support Systems Analyst, Senior
Library Instruction, Systems and Technology (LIST)
ASU Libraries, Tempe, AZ 85287-1006
fred.mcilvain@xxxxxxxxxx
Voice (480) 965-9427 Fax (480) 965-7595
-----Original Message-----
From: Mark Cesare [mailto:Mark.Cesare@xxxxxxxxxx]
Sent: Friday, August 09, 2002 10:43 AM
To: innopac@xxxxxxxxxx
Subject: Generic Authorizations
For student worker access, our library uses logins in a very general fashion
and authorizations in a very specific fashion. For example, all students
that work in the circulation area use the same login to access the system,
but each will have an individual set of authorized initials and unique
associated functions. (Beginning students will all have the same functions
assigned, with new functions added as training and experience allow.) On the
other hand, staff all have unique, individual logins and authorizations.
-- From a work-flow perspective this is beneficial because some workstations
are logged-in in the morning and stay on all day (E.g. those at the
circulation desk). Having all the students working the circulation desk
logging-in and logging-out all day would be cumbersome -- so generic logins
work in this instance.
-- From a security (and troubleshooting) standpoint, this has worked because
the login gives them very basic access to the system; that is, they can't do
any real harm. They can look and they can print, but they can't change,
delete, or override important data. To change, delete, or override, the
system requires authorization.
-- From a troubleshooting perspective, the override file provides useful
information because it contains reference to authorized initials.
The Head of our Access Services department wants to streamline system
maintenance by eliminating individual authorized initials and replacing them
with generic accounts. All student workers would use the same logins AND
authorized initials. While this plan may have some merit from the work flow
perspective (fewer accounts to manage, setting the initials in Millennium,
etc.), I don't like the idea of losing user accountability. User
accountability and system security are vital to a well maintained system!
As a note, student workers (in general) will work at the library at least a
year. Many will stay for two or three years. We employ approximately 50
students library-wide.
Questions:
Are there other benefits to keeping individual authorizations? (in addition
to user accountability and system security)
How do your libraries handle logins and authorizations? (I've been told that
"no one else" uses individual authorizations.)
Would anyone care to give general comments pertinent to this topic?
Thanks for your time!
--Mark.
Mark Cesare, Support Systems Analyst
Northern Arizona University ~ Cline Library / Technology Services
P.O. Box 6022 ~ Flagstaff, AZ ~ 86011
e-mail: Mark.Cesare@xxxxxxxxxx
phone: (928) 523-2330
fax: (928) 523-3770 -- This message was distributed through the
Innovative Users Group INNOPAC list Public replies: INNOPAC@xxxxxxxxxx
Update your subscription options:
http://innopacusers.org/list/listinfo/innopac
--Boundary_(ID_nKGJfz2ZW5lvyBhNIU6S4g)
Content-type: text/html; charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4916.2300" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Verdana><FONT color=#000080><FONT size=2><SPAN
class=531555319-09082002>Historically, we have used generic logins for all
departments, generic initials & passwords for all student workers,
and
individual initials and passwords for Library Staff</SPAN>.<SPAN
class=531555319-09082002> The login passwords are changed
each
semester, or whenever the supervisors are concerned that the system might be
compromised.</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT color=#000080><FONT size=2><SPAN
class=531555319-09082002></SPAN></FONT></FONT></FONT> </DIV>
<DIV><FONT face=Verdana><FONT color=#000080><FONT size=2><SPAN
class=531555319-09082002>Personally, I would like to move to a system such
as
you are using, generic logins, with individual initials and passwords for
all
student employees. That way, they can be deleted when they
leave. I
have been unsuccessful in getting the departments to agree to this.
Every
time we have a possible security problem, I suggest it
again.</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT color=#000080><FONT size=2><SPAN
class=531555319-09082002></SPAN></FONT></FONT></FONT> </DIV>
<DIV><FONT face=Verdana><FONT color=#000080><FONT size=2><SPAN
class=531555319-09082002>
<P><B><FONT face=Tahoma size=2>Fred McIlvain</FONT></B> <BR><B><FONT
face=Tahoma
size=2>Support Systems Analyst, Senior</FONT></B> <BR><B><FONT face=Tahoma
size=2>Library Instruction, Systems and Technology (LIST)</FONT></B>
<BR><B><FONT face=Tahoma size=2>ASU Libraries, Tempe, AZ
85287-1006</FONT></B> <BR><B><FONT face=Tahoma
size=2>fred.mcilvain@xxxxxxxxxx</FONT></B> <BR><B><FONT face=Tahoma
size=2>Voice
(480) 965-9427 Fax (480) 965-7595</FONT></B>
</P></SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT color=#000080><FONT size=2><SPAN
class=531555319-09082002></SPAN></FONT></FONT></FONT> </DIV>
<DIV><FONT face=Verdana><FONT color=#000080><FONT size=2><SPAN
class=531555319-09082002> </SPAN></FONT></FONT></FONT><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Mark Cesare
[mailto:Mark.Cesare@xxxxxxxxxx]<BR><B>Sent:</B> Friday, August 09, 2002 10:43
AM<BR><B>To:</B> innopac@xxxxxxxxxx<BR><B>Subject:</B> Generic
Authorizations<BR><BR></DIV></FONT>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">For student worker access, our
library uses logins in a very general fashion and authorizations in a very
specific fashion. For example, all students that work in the circulation
area
use the same login to access the system, but each will have an individual
set
of authorized initials and unique associated functions. (Beginning
students
will all have the same functions assigned, with new functions added as
training and experience allow.) On the other hand, staff all have unique,
individual logins and authorizations.<BR><BR>-- From a work-flow
perspective
this is beneficial because some workstations are logged-in in the morning
and
stay on all day (E.g. those at the circulation desk). Having all the
students
working the circulation desk logging-in and logging-out all day would be
cumbersome -- so generic logins work in this instance.<BR>-- From a
security
(and troubleshooting) standpoint, this has worked because the login gives
them
very basic access to the system; that is, they can't do any real harm.
They
can look and they can print, but they can't change, delete, or override
important data. To change, delete, or override, the system requires
authorization.<BR>-- From a troubleshooting perspective, the override file
provides useful information <I>because</I> it contains reference to
authorized
initials. <BR><BR>The Head of our Access Services department wants to
streamline system maintenance by eliminating individual authorized
initials
and replacing them with generic accounts. All student workers would use
the
same logins AND authorized initials. While this plan may have some merit
from
the work flow perspective (fewer accounts to manage, setting the initials
in
Millennium, etc.), I don't like the idea of losing user accountability.
User
accountability and system security are vital to a well maintained
system!<BR><BR>As a note, student workers (in general) will work at the
library at least a year. Many will stay for two or three years. We employ
approximately 50 students library-wide. <BR><BR>Questions:<BR>Are there
other
benefits to keeping individual authorizations? (in addition to user
accountability and system security)<BR>How do your libraries handle logins
and
authorizations? (I've been told that "no one else" uses individual
authorizations.)<BR>Would anyone care to give general comments pertinent
to
this topic?<BR><BR>Thanks for your
time!<BR><BR>--Mark.<X-TAB> </X-TAB><X-TAB> &nbs
p; </X-TAB><BR><BR><X-SIGSEP>
<P></X-SIGSEP>Mark Cesare, Support Systems Analyst<BR>Northern Arizona
University ~ Cline Library / Technology Services<BR>P.O. Box 6022 ~
Flagstaff,
AZ ~ 86011<BR><I>e-mail</I>:
Mark.Cesare@xxxxxxxxxx<BR><I>phone</I>: (928)
523-2330<BR> <I>fax</I>: (928)
523-3770 --
This message was distributed through the Innovative Users Group INNOPAC
list
Public replies: INNOPAC@xxxxxxxxxx Update your subscription options:
http://innopacusers.org/list/listinfo/innopac</P></BLOCKQUOTE></BODY></HTML>
--Boundary_(ID_nKGJfz2ZW5lvyBhNIU6S4g)--
--__--__--
Message: 5
Date: Fri, 09 Aug 2002 16:23:00 -0400
To: innopac@xxxxxxxxxx
From: Barb Anderson <bja9@xxxxxxxxxx>
Subject: RE: Generic Authorizations
Reply-To: innopac@xxxxxxxxxx
Remember if you use generic logins and need to restart a terminal it
becomes MUCH easier to kill the wrong session. Nothing worse than one or
two logins and 20 people using it in the same department--which one is the
terminal that got hung and needs restarted now???
I am going away from the generic logins as people shift to Millennium as it
is more apropos there for Acquisitions, Cataloging and Serials anyway--they
can individualize the session to meet their work needs and know the
settings will remain. I keep emphasizing that this is a tool for them to
use to perform their jobs and they need to get it set to work most
efficiently for them and not worry about losing the settings because the
login is theirs alone (emphasized by incorporating their initials in the
naming convention.) That alone has helped reluctant folks to embrace the
new interfaces. YMMV
Barb
At 03:58 PM 8/9/2002, you wrote:
>Historically, we have used generic logins for all departments, generic
>initials & passwords for all student workers, and individual initials and
>passwords for Library Staff. The login passwords are changed each
>semester, or whenever the supervisors are concerned that the system might
>be compromised.
>
>Personally, I would like to move to a system such as you are using,
>generic logins, with individual initials and passwords for all student
>employees. That way, they can be deleted when they leave. I have been
>unsuccessful in getting the departments to agree to this. Every time we
>have a possible security problem, I suggest it again.
>
>
>Fred McIlvain
>Support Systems Analyst, Senior
>Library Instruction, Systems and Technology (LIST)
>ASU Libraries, Tempe, AZ 85287-1006
>fred.mcilvain@xxxxxxxxxx
>Voice (480) 965-9427 Fax (480) 965-7595
>
> -----Original Message-----
>From: Mark Cesare [mailto:Mark.Cesare@xxxxxxxxxx]
>Sent: Friday, August 09, 2002 10:43 AM
>To: innopac@xxxxxxxxxx
>Subject: Generic Authorizations
>For student worker access, our library uses logins in a very general
>fashion and authorizations in a very specific fashion. For example, all
>students that work in the circulation area use the same login to access
>the system, but each will have an individual set of authorized initials
>and unique associated functions. (Beginning students will all have the
>same functions assigned, with new functions added as training and
>experience allow.) On the other hand, staff all have unique, individual
>logins and authorizations.
>
>-- From a work-flow perspective this is beneficial because some
>workstations are logged-in in the morning and stay on all day (E.g. those
>at the circulation desk). Having all the students working the circulation
>desk logging-in and logging-out all day would be cumbersome -- so generic
>logins work in this instance.
>-- From a security (and troubleshooting) standpoint, this has worked
>because the login gives them very basic access to the system; that is,
>they can't do any real harm. They can look and they can print, but they
>can't change, delete, or override important data. To change, delete, or
>override, the system requires authorization.
>-- From a troubleshooting perspective, the override file provides useful
>information because it contains reference to authorized initials.
>
>The Head of our Access Services department wants to streamline system
>maintenance by eliminating individual authorized initials and replacing
>them with generic accounts. All student workers would use the same logins
>AND authorized initials. While this plan may have some merit from the work
>flow perspective (fewer accounts to manage, setting the initials in
>Millennium, etc.), I don't like the idea of losing user accountability.
>User accountability and system security are vital to a well maintained
system!
>
>As a note, student workers (in general) will work at the library at least
>a year. Many will stay for two or three years. We employ approximately 50
>students library-wide.
>
>Questions:
>Are there other benefits to keeping individual authorizations? (in
>addition to user accountability and system security)
>How do your libraries handle logins and authorizations? (I've been told
>that "no one else" uses individual authorizations.)
>Would anyone care to give general comments pertinent to this topic?
>
>Thanks for your time!
>
>--Mark.
>
>Mark Cesare, Support Systems Analyst
>Northern Arizona University ~ Cline Library / Technology Services
>P.O. Box 6022 ~ Flagstaff, AZ ~ 86011
>e-mail: Mark.Cesare@xxxxxxxxxx
>phone: (928) 523-2330
> fax: (928) 523-3770 -- This message was distributed through the
> Innovative Users Group INNOPAC list Public replies:
> INNOPAC@xxxxxxxxxx Update your subscription options:
> http://innopacusers.org/list/listinfo/innopac
Barbara J. Anderson
Library Systems Specialist
Kelvin Smith Library
Case Western Reserve University
11055 Euclid Ave.
Cleveland, OH 44106-7151
bja9@xxxxxxxxxx
(voice) 216-368-2666
(fax) 216-368-6506
--__--__--
Message: 6
From: "Miller, David" <dmiller@xxxxxxxxxx>
To: "'innopac@xxxxxxxxxx'" <innopac@xxxxxxxxxx>
Subject: RE: Generic Authorizations
Date: Fri, 9 Aug 2002 16:23:59 -0400
Reply-To: innopac@xxxxxxxxxx
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C23FE2.B1DB6720
Content-Type: text/plain;
charset="iso-8859-1"
Well, it's not true that "no one else" does as you are doing. We do, and
find the advantages you describe. We have about 50 individual password
authorizations, including staff and students. By contrast, we have 29
logins, including a few generic logins, one of which is for the circulation
desk.
David Miller
Levin Library, Curry College
Milton, Mass.
dmiller@xxxxxxxxxx <mailto:dmiller@xxxxxxxxxx>
-----Original Message-----
From: Mark Cesare [mailto:Mark.Cesare@xxxxxxxxxx]
Sent: Friday, August 09, 2002 1:43 PM
To: innopac@xxxxxxxxxx
Subject: Generic Authorizations
Questions:
Are there other benefits to keeping individual authorizations? (in addition
to user accountability and system security)
How do your libraries handle logins and authorizations? (I've been told that
"no one else" uses individual authorizations.)
Would anyone care to give general comments pertinent to this topic?
Thanks for your time!
--Mark.
------_=_NextPart_001_01C23FE2.B1DB6720
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D707382120-09082002><FONT face=3DArial =
color=3D#0000ff size=3D2>Well,=20
it's not true that "no one else" does as you are doing. We do, and find =
the=20
advantages you describe. We have about 50 individual password =
authorizations,=20
including staff and students. By contrast, we have 29 logins, including =
a few=20
generic logins, one of which is for the circulation =
desk.</FONT></SPAN></DIV>
<DIV><SPAN class=3D707382120-09082002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D707382120-09082002><FONT face=3DArial =
color=3D#0000ff size=3D2>David=20
Miller</FONT></SPAN></DIV>
<DIV><SPAN class=3D707382120-09082002><FONT face=3DArial =
color=3D#0000ff size=3D2>Levin=20
Library, Curry College</FONT></SPAN></DIV>
<DIV><SPAN class=3D707382120-09082002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2>Milton, Mass.</FONT></SPAN></DIV>
<DIV><SPAN class=3D707382120-09082002><FONT face=3DArial =
color=3D#0000ff size=3D2><A=20
href=3D"mailto:dmiller@xxxxxxxxxx">dmiller@xxxxxxxxxx</A></FONT></SPAN></D=
IV>
<DIV><SPAN class=3D707382120-09082002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Mark Cesare=20
[mailto:Mark.Cesare@xxxxxxxxxx]<BR><B>Sent:</B> Friday, August 09, 2002 =
1:43=20
PM<BR><B>To:</B> innopac@xxxxxxxxxx<BR><B>Subject:</B> Generic=20
Authorizations<BR></FONT></DIV>
<DIV><SPAN class=3D707382120-09082002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV>Questions:<BR>Are there other benefits to keeping individual=20
authorizations? (in addition to user accountability and system=20
security)<BR>How do your libraries handle logins and authorizations? =
(I've=20
been told that "no one else" uses individual =
authorizations.)<BR>Would anyone=20
care to give general comments pertinent to this topic?<BR><BR>Thanks =
for your=20
=
time!<BR><BR>--Mark.<X-TAB> </X-TAB><X-TAB> =
</X-TAB><BR></DIV></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C23FE2.B1DB6720--
--__--__--
Message: 7
Date: Fri, 09 Aug 2002 16:56:33 -0400
To: innopac@xxxxxxxxxx
From: Howard Pasternack <Howard_Pasternack@xxxxxxxxxx>
Subject: RE: Generic Authorizations
Reply-To: innopac@xxxxxxxxxx
<html>
At Brown no one has a login for security reasons. All of the
devices are logged in automatically by ip number. The larger
buildings are subnetted so that staff and public devices are in different
subnets, which makes maintenance of the login table not horrendous. The
Millennium machines all have shortcuts which do the Millennium
login. We'll probably change to the ip autologon once the need for
separate Millennium logins is implemented. (Yeah, I know that in
Millennium this is largely a waste for someone savy). <br><br>
The situation with initials varies. At the circ desks, the MilCirc
logins have a basic set of initials automatically executed which enable
the students to do the basic student tasks. So no one needs to log in to
check out or return a book. Staff have individual initials which
include the advanced functions as appropriate. In other units,
students are issued individual initials for the most part. Staff
are asked to identify the students no longer working at the beginning of
each semester. The names on the students account (Student - Acq -
Jane Doe) are used to segregate a list of the student accounts for
checking. Since the students can't get into the staff mode except
on devices in the staff areas of the libraries, there is some control on
these accounts. -- Howard<br>
<x-sigsep><p></x-sigsep>
<font face="Courier New, Courier"
size=2>*******************************************************************<b
r>
Howard
Pasternack<x-tab> </x-tab><x-tab>&n
bsp; </x-tab><x-tab> &nb
sp; </x-tab><x-tab> &nbs
p; </x-tab><br>
Library Systems Officer<x-tab> </x-tab><br>
Brown University Library Email:
Howard_Pasternack@xxxxxxxxxx<br>
Box
A &nb
sp;
Phone: (401) 863-3346<br>
Providence, RI 02906
Fax: (401) 863-9639 <br>
*******************************************************************</font></
html>
--__--__--
--
This message was distributed through the Innovative Users Group INNOPAC
digest
Public replies: INNOPAC@xxxxxxxxxx
Update your subscription options:
http://innopacusers.org/list/listinfo/innopac
End of INNOPAC Digest