Patron search does not search Secondary Permission Group

This would be helpful for many things since we are now encouraging staff to have as few accounts as possible and also investigating modular permission groups.

The profile group is special because it is used in lots of places like circ and hold matrices, so should searching secondary permission groups be separate? Or perhaps there should be a general Permission Groups option the includes profile and secondary groups?

Related, would it be useful to be able to search for users that have a particular permission, whether granted by the profile group, a secondary group, or even granted directly?

My initial thought was that it could be a tickbox similar to the "inactive?" box, but I think the searchability is markedly different.

I'm not sure about the general permission group option. It seems like it could potentially confuse users. With that said, maybe not. It's a limited group of people generally with advanced knowledge of Evergreen administration that would be using it. So..maybe?

I think it would be useful to search for users with a particular permission although notable that this would also include "patrons." I can envision a case where someone searched the entire consortium for "resident" cardholders and it causing problems. Though, thinking about it, that ability already exists but just doesn't use secondary permissions.

In terms of searching for users with a specific permission rather than a specific group, I think this would need to be another interface rather than relying on the patron search interface. In fact, all of this could possibly be accomplished in a new interface that perhaps linked off of the patron search interface and/or was linked from an admin page/menu and/or circ menu.

I agree with Mike's points about the user's Main Profile being special as it is used for circulation and hold rules.

Also agree that it could be useful (in addition to the secondary permission group) to be able to search for staff users that have a particular permission (via permission group or individually assigned via the User Permission Editor) and expose the depth of the assigned permission. Another useful criteria for staff users would be working location.

I'd be concerned about too much clutter in the existing search interface mainly used to find patrons, though. Maybe we need a dedicated staff user search interface? Or a section of staff only criteria in the existing interface that could be expanded when required?

I do think it would be most useful to have a separate secondary permission group search field instead of a general permission field that searches both, but I see Michele's point in how it could clutter the patron search.

I also like the idea of a staff account search interface to include individual permissions (with depth and grantability) and secondary permission groups and to track how the permission was assigned.

I added the needsdicussion tag.

I also agree that having a separate box for secondary permission group would be better than having a single box that searches both primary and secondary.

And I also agree that having a new interface that can search which staff have specific permissions would be useful. It would be useful in that interface to be able to differentiate whether the permission was assigned by a primary or secondary group or if it was granted individually.

As a short term solution you can use reports for finding out who has which secondary permissions.

We have two report templates we use. One lets us pick the permission group and home library and lists the users with the selected secondary permission group. The other gives us a list of all users at the specified library that have a secondary permission group and shows what the group is (accounts with multiple secondary permission groups are listed for each secondary perm group). Happy to share our templates if anyone is interested.

Created a separate wishlist bug for the permissions interface: https://bugs.launchpad.net/evergreen/+bug/2031046