Evergreen

Privilege Expiration should block login to Staff Client

Bug #1870548 reported by Carrie Cleary
28
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Evergreen
Confirmed
Wishlist
Unassigned

Bug Description

Even when a staff account has a privilege expiration date in the long ago past, they can still login to the staff web client.
It would be great if the expiration date prevented login to the staff client so that libraries were required to review staff accounts on a regular basis.

Revision history for this message
Jonathan Moore (jonathanmoore) wrote :

Yes! Please do so.

Revision history for this message
Terran McCanna (tmccanna) wrote :

+1

Changed in evergreen:
importance: Undecided → Wishlist
Revision history for this message
Jason Stephenson (jstephenson) wrote :

My understanding, and I could very well be mistaken, is that the current behavior was an original requirement of Evergreen.

Also, preventing login on expired staff accounts will not work so well for some sites that use generic logins. This should be optional, perhaps controlled by yet-another-org-unit-setting.

Revision history for this message
Mike Rylander (mrylander) wrote :

Jason, I believe you understand correctly. "Staff accounts don't expire" was an original desire at PINES, due to frustration with staff accounts "randomly" getting locked in previous ILS' IIRC.

An YAOUS or even a global flag would make sense to me.

Revision history for this message
Anna Goben (agoben) wrote :

I would love for this to be at least a setting. We have definitely had trouble getting some libraries to be diligent about clearing out old staff accounts, and it's a significant security risk.

Revision history for this message
Meg Stroup (mstroup) wrote :

+1 to what Anna said: it can be difficult to stay on top of old staff accounts.

Terran McCanna (tmccanna)
Changed in evergreen:
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.