add permissions to stock acquisitions permission groups

I am thinking about smaller institutions and how they work. Mostly, that the same person who administers Acq is also the same person who actually does the acquisitions. In this case the permissions should be granted for the Acq Administration Profile.

I would like to take this opportunity to say that I am glad the Acq permissions are being looked at. I was very surprised when we migrated to Evergreen to see that Acquisitions staff automatically got the cataloger permissions. We had previously used two different ILS's, and we had no trouble giving Acquisitions staff separate permissions from cataloging staff.

This past year, the Cardinal consortium reviewed the permissions structure and made changes. I was hoping we could separate out the Acquisitions permissions from the Cataloging permissions. However, Cardinal said "Evergreen would not allow for a complete separation of acquisitions permissions from cataloging permissions" so it's apparently not possible with the current Evergreen structure. I have concerns with this as detailed below:

Problem #1: In our situation, the person responsible for the collection is the one who handles the budget and sets up book funds. This person may not be a cataloger. The Cardinal consortium now requires all staff to pass a cataloging assessment before they can become a cataloger. Unfortunately, as Evergreen is currently structured, the person handling the budget now has to take and pass the cataloging assessment whether they actually do any cataloging or not, in order to be able to control the fund setup in Evergreen. Our preference would be for the person who sets up funds and allocates money to not be required to pass a Bib Cataloging assessment in order to be able to carry out those functions in Evergreen.

Problem #2: Our catalogers have *never* been involved with handling money, and it's concerning to me to see that they get that ability by default in Evergreen. I believe that auditors would be extremely concerned to see that staff who have no responsibility for handling money get permissions to control that in Evergreen. It's the whole "principle of least privilege," where people whose job doesn't require access to handling of money should not be given that ability in their permissions.

So I personally would very much like to see the entire fund setup and control completely separated from cataloging permissions. Catalogers who actually do need that access should be able to get it as assigned by system administrators, but they should not have it by default. And staff who need the ability to control funds should not be required to be catalogers.

A final note-- when we first migrated to Evergreen, we used the Acquisitions module. However, due to some of the difficulties with the module, and largely due to the fact that the state is now requiring us to do all our ordering in their system, we have stopped using the Evergreen Acquisitions module at this time. So I don't currently have a horse in this race, and I'm not in a position to do any testing. But I do feel strongly that it is important to separate acquisitions permissions from cataloging permissions, and I believe that the work you are undertaking to do this is necessary and will improve overall Acquisitions functionality. So I thank you for looking at it.

We've recently been re-doing all our users and permissions and assigning secondary permission groups where a staff member's tasks cross into different areas, so we're OK with keeping the acq and acq admin permissions grouped separately. We can give our people access to both groups if it comes to it.

I agree with Lynn's point. In all of my libraries, the person who does the Acq administration is also doing the ordering. Or at the very least, there is one local contact who should have access to everything. Even our largest systems don't have someone who *only* sets up Acq. I could see if there was a separation where there was a permission profile that had only access to the financials like setting up funds, etc., but that would be a different profile. For the purposes of general administration there should be an ACQADMIN profile that can do everything.

And following up on Irene's point, I also have no problem with having Acquisitions and cataloger permissions more separate *unless* there is a cataloging perm that specifically blocks Acquisitions work from being done. Often our libraries do have the cataloger and the acquisitions person be the same, but in that circumstance they have the ACQADMIN permission and a secondary cataloger permission (or vice versa). I am fine with that, and I think that leaves room for other institutions to have those be more divided if they choose.

So my opinion is that an Acquisitions Administrator profile should have access to everything Acquisitions.

A patch for the original proposed set of permissions changes is now available as part of the branch for bug 1850547. The permissions changes, however, can be reviewed mostly independent of the acquisitions search branch; the specific commit to look at is:

https://git.evergreen-ils.org/?p=working/Evergreen.git;a=commit;h=f21117136207eab2a4e22a2405c96ecf93951f39

Noting that this was merged when the patch series for bug 1850547 was.