add permissions to stock acquisitions permission groups

Bug #1862022 reported by Galen Charlton on 2020-02-05
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Evergreen
Wishlist
Unassigned

Bug Description

The permissions assigned to the Acquisitions and Acquisitions Administrator permission groups are not quite enough to effectively perform typical acquisitions workflows. ECDI has proposed the following additions:

Acquisitions Administrator Profile
VIEW_FUND
VIEW_FUNDING_SOURCE
VIEW_FUND_ALLOCATION
VIEW_PICKLIST
VIEW_PROVIDER
VIEW_PURCHASE_ORDER
VIEW_INVOICE
CREATE_PICKLIST
ACQ_ADD_LINEITEM_IDENTIFIER
ACQ_SET_LINEITEM_IDENTIFIER
MANAGE_FUND
CREATE_INVOICE
CREATE_PURCHASE_ORDER
IMPORT_ACQ_LINEITEM_BIB_RECORD
IMPORT_ACQ_LINEITEM_BIB_RECORD_UPLOAD
MANAGE_CLAIM
MANAGE_PROVIDER
MANAGE_FUNDING_SOURCE
RECEIVE_PURCHASE_ORDER
ADMIN_ACQ_LINEITEM_ALERT_TEXT
UPDATE_FUNDING_SOURCE
UPDATE_PROVIDER
VIEW_IMPORT_MATCH_SET
VIEW_MERGE_PROFILE
IMPORT_MARC

Also, permissions don’t currently exist in the Concerto data set to allow this profile to update, and in some case to view, acquisitions library settings in the Library Settings Editor

Acquisitions Profile
ACQ_ADD_LINEITEM_IDENTIFIER
ACQ_SET_LINEITEM_IDENTIFIER
ADMIN_ACQ_FUND
ADMIN_FUND
ACQ_INVOICE-REOPEN
ADMIN_ACQ_DISTRIB_FORMULA
ADMIN_INVOICE
IMPORT_ACQ_LINEITEM_BIB_RECORD_UPLOAD
VIEW_IMPORT_MATCH_SET
VIEW_MERGE_PROFILE

I'm opening this bug to discuss the permissions that should be included in the seed data. A historical note: I discussed this with Mike Rylander, and he mentioned that the Acquisitions Administration profile was originally intended to be strictly for configuration acquisitions, not doing normal ordering and receiving. Of course, there's nothing stopping us from shifting if folks would prefer that Acq Admin also be able to do everything that Acquisitions can do.

Evergreen master

Jane Sandberg (sandbej) on 2020-02-05
tags: added: acq permissions
Lynn Floyd (lfloyd) wrote :

I am thinking about smaller institutions and how they work. Mostly, that the same person who administers Acq is also the same person who actually does the acquisitions. In this case the permissions should be granted for the Acq Administration Profile.

Andrea Neiman (aneiman) on 2020-02-05
tags: added: needsdiscussion
Irene Patrick (iepatrick) wrote :

I would like to take this opportunity to say that I am glad the Acq permissions are being looked at. I was very surprised when we migrated to Evergreen to see that Acquisitions staff automatically got the cataloger permissions. We had previously used two different ILS's, and we had no trouble giving Acquisitions staff separate permissions from cataloging staff.

This past year, the Cardinal consortium reviewed the permissions structure and made changes. I was hoping we could separate out the Acquisitions permissions from the Cataloging permissions. However, Cardinal said "Evergreen would not allow for a complete separation of acquisitions permissions from cataloging permissions" so it's apparently not possible with the current Evergreen structure. I have concerns with this as detailed below:

Problem #1: In our situation, the person responsible for the collection is the one who handles the budget and sets up book funds. This person may not be a cataloger. The Cardinal consortium now requires all staff to pass a cataloging assessment before they can become a cataloger. Unfortunately, as Evergreen is currently structured, the person handling the budget now has to take and pass the cataloging assessment whether they actually do any cataloging or not, in order to be able to control the fund setup in Evergreen. Our preference would be for the person who sets up funds and allocates money to not be required to pass a Bib Cataloging assessment in order to be able to carry out those functions in Evergreen.

Problem #2: Our catalogers have *never* been involved with handling money, and it's concerning to me to see that they get that ability by default in Evergreen. I believe that auditors would be extremely concerned to see that staff who have no responsibility for handling money get permissions to control that in Evergreen. It's the whole "principle of least privilege," where people whose job doesn't require access to handling of money should not be given that ability in their permissions.

So I personally would very much like to see the entire fund setup and control completely separated from cataloging permissions. Catalogers who actually do need that access should be able to get it as assigned by system administrators, but they should not have it by default. And staff who need the ability to control funds should not be required to be catalogers.

A final note-- when we first migrated to Evergreen, we used the Acquisitions module. However, due to some of the difficulties with the module, and largely due to the fact that the state is now requiring us to do all our ordering in their system, we have stopped using the Evergreen Acquisitions module at this time. So I don't currently have a horse in this race, and I'm not in a position to do any testing. But I do feel strongly that it is important to separate acquisitions permissions from cataloging permissions, and I believe that the work you are undertaking to do this is necessary and will improve overall Acquisitions functionality. So I thank you for looking at it.

Mary Llewellyn (mllewell) wrote :

We've recently been re-doing all our users and permissions and assigning secondary permission groups where a staff member's tasks cross into different areas, so we're OK with keeping the acq and acq admin permissions grouped separately. We can give our people access to both groups if it comes to it.

Tiffany Little (tslittle) wrote :

I agree with Lynn's point. In all of my libraries, the person who does the Acq administration is also doing the ordering. Or at the very least, there is one local contact who should have access to everything. Even our largest systems don't have someone who *only* sets up Acq. I could see if there was a separation where there was a permission profile that had only access to the financials like setting up funds, etc., but that would be a different profile. For the purposes of general administration there should be an ACQADMIN profile that can do everything.

And following up on Irene's point, I also have no problem with having Acquisitions and cataloger permissions more separate *unless* there is a cataloging perm that specifically blocks Acquisitions work from being done. Often our libraries do have the cataloger and the acquisitions person be the same, but in that circumstance they have the ACQADMIN permission and a secondary cataloger permission (or vice versa). I am fine with that, and I think that leaves room for other institutions to have those be more divided if they choose.

So my opinion is that an Acquisitions Administrator profile should have access to everything Acquisitions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers