[Archivesspace_Users_Group] Questions about user accounts & permissions

Fri Aug 3 11:41:27 EDT 2018

I agree: the best thing in to change password and remove permissions. Although, I think it would be safe to delete a user who was not an editor/creator of any resources. The last time I tested it, deleting the user unlinked the agent records that would identify who made edits or changes. ( And if that person left UVA, they would also be removed from our LDAP/whois database, which would make connecting a userid to an actual name impossible outside of ArchivesSpace. ) 

I don’t know if this is already on the list of Staff interface enhancements, but perhaps an active/inactive flag that disabled that users login and access, but kept the entry for tracking would be a good addition. 

— Steve. 

> On Aug 1, 2018, at 6:39 PM, Custer, Mark <mark.custer at yale.edu> wrote:
> 
> All,
>  
> It sounds like Noah’s suggestion is a really great one! 
>  
> I’d also heed Miloche’s advice about not deleting user records!!!
>  
> Another wrinkle is that whenever you create a user record in ArchivesSpace, a corresponding agent record is created at the same time (those records are also linked, but invisibly essentially, since they’re only linked in the database, and editing one doesn’t change the contents of the other record, of course).  Here’s the kicker:  let’s say you later update that agent record with an LCCN authority ID, link it up to some descriptive records, etc., then if you delete that user record in the staff interface, then the agent record is also deleted silently, which includes all links to any other records!  That’s definitely not what someone would expected (and I just tested to confirm that it’s still true in version 2.4.1).  The reverse, thankfully, is not true.  If you try to link an agent record that was created because it’s linked to a user record, then you will get an error in the staff interface telling you that you cannot delete that agent record. Although if the interface allowed you to do that, it would be potentially less disastrous than losing an agent record and all of its links.
>  
> Anyhow, the takeaway, in my opinion, is to never stray from Miloche’s advice 😊
>  
> Mark
>  
>  
>  
> From: archivesspace_users_group-bounces at lyralists.lyrasis.org [mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org] On Behalf Of Kottman, Miloche
> Sent: Wednesday, 01 August, 2018 12:34 PM
> To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org>
> Subject: Re: [Archivesspace_Users_Group] Questions about user accounts & permissions
>  
> Christie,
>  
> This behavior may have changed in subsequent releases so you may want to experiment …  Ages ago (somewhere in the version 1.2 – 1.3 range) we switched to a Shibboleth sign in system which caused pseudo duplicate users when the Shib username was not the same as the one manually created in ASpace.  So to fix this I naively deleted the username that was created manually in ASpace.  Everything worked fine and dandy until we upgraded to a newer version of ASpace.  My IT folks said that this generated a lot of errors and prevented the upgrade until they went in and cleaned up the affected records.  ASpace was trying to link information in fields to users who no longer existed, my guess would be the create/modify information.  Fortunately for us it was early days of our installation so it was only a handful of records.
>  
> So my advice, don’t delete your user records.
>  
> --Miloche
>  
> From: archivesspace_users_group-bounces at lyralists.lyrasis.org <mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org> <archivesspace_users_group-bounces at lyralists.lyrasis.org <mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org>> On Behalf Of Noah Huffman
> Sent: Wednesday, August 1, 2018 10:29 AM
> To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org <mailto:archivesspace_users_group at lyralists.lyrasis.org>>
> Subject: Re: [Archivesspace_Users_Group] Questions about user accounts & permissions
>  
> Hi Christie,
>  
> I created a new permissions group called “Expired Users” (morbid, I know). That group has no permissions in the system.
>  
> When students/interns/staff leave our employ, I assign their user account to that group. This way I can keep a record of their username and other user details.
>  
> To answer your first question, I believe the “created_by” and “last_modified_by” fields will still retain usernames even if those users are deleted from the system.
>  
> -Noah
>  
> ================
> Noah Huffman
> Archivist for Metadata, Systems, and Digital Records
> David M. Rubenstein Rare Book & Manuscript Library
> Duke University | 919-660-5982
> http://library.duke.edu/rubenstein/ <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flibrary.duke.edu%2Frubenstein%2F&data=02%7C01%7Cmark.custer%40yale.edu%7Ca29cb0b6289b4436ec5008d5f7cc8e26%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636687380299910514&sdata=qxX0ZtSQBeDo%2FXq7Pq3gRFVTSefO7%2BSDVoGHoRUWnO4%3D&reserved=0>
>  
>  
> From: archivesspace_users_group-bounces at lyralists.lyrasis.org <mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org> <archivesspace_users_group-bounces at lyralists.lyrasis.org <mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org>> On Behalf Of Michelson, Daniel
> Sent: Wednesday, August 1, 2018 11:14 AM
> To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org <mailto:archivesspace_users_group at lyralists.lyrasis.org>>
> Subject: Re: [Archivesspace_Users_Group] Questions about user accounts & permissions
>  
> Hi Christie,
>  
> To answer your second question, any system administrators should have the "Edit Groups" button grayed out in the Manage User Access list.
>  
> Dan Michelson
>  
> On Wed, Aug 1, 2018 at 10:55 AM, Larry Weimer <larry.weimer at nyhistory.org <mailto:larry.weimer at nyhistory.org>> wrote:
> Christie,
>  
> When users no longer need access, I've taken two steps: 1) delete their ID from the user group they're in and 2) change the password. That would seem to eliminate their ability to access and act in the system, while retaining a record of them. 
>  
> Larry
>  
> Larry Weimer
> Head of Archival Processing
> New-York Historical Society
>  
> On Wed, Aug 1, 2018 at 10:46 AM, Christie Peterson <cpeterson at smith.edu <mailto:cpeterson at smith.edu>> wrote:
> Hello,
>  
> Is there more detailed documentation somewhere about managing user accounts and permissions? (beyond what is in the user manual)
>  
> Specifically, I need to know:
> What happens when a user account is deleted? Does it delete all references to them in the database (that is, every action they've taken)? If so, what is a better alternative to deletion to use when a staff member leaves an organization?
> Is there an easy way through the interface to see who currently has system administrator priviledges?
> Thanks,
>  
> CP
> Christie S. Peterson
> Manager of Technical Services for Special Collections
> Smith College
> cpeterson at smith.edu <mailto:cpeterson at smith.edu>
> she/her/hers
>  
>  
> 
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org <mailto:Archivesspace_Users_Group at lyralists.lyrasis.org>
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__lyralists.lyrasis.org_mailman_listinfo_archivesspace-5Fusers-5Fgroup%26d%3DDwMFaQ%26c%3DimBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc%26r%3DF0JE8U9-xhxe_nE7d7aEUi-uqfKqvYJ222bS0oz9mko%26m%3DaKEddLEPAlr5eh5MCXZmGqOS73Z1XLPRaD_g_iwCANA%26s%3DVGIWICV3PVAMHbvHXqf-YSlkDqmttbFvrIsvaVYsgPU%26e%3D&data=02%7C01%7Cmark.custer%40yale.edu%7Ca29cb0b6289b4436ec5008d5f7cc8e26%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636687380299920523&sdata=2vy93kVq5am8U9iXQyRRH0%2FZzJS4JuKPnvQXx%2F3fPy0%3D&reserved=0>
>  
> 
> <image001.jpg> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.nyhistory.org_exhibitions_walk-2Dway-2Dfootwear-2Dstuart-2Dweitzman%26d%3DDwMFaQ%26c%3DimBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc%26r%3DF0JE8U9-xhxe_nE7d7aEUi-uqfKqvYJ222bS0oz9mko%26m%3DaKEddLEPAlr5eh5MCXZmGqOS73Z1XLPRaD_g_iwCANA%26s%3DG60v2DmB0YGONvUnbGgKpXvgNgdKe9OR2Yfox1GRa4c%26e%3D&data=02%7C01%7Cmark.custer%40yale.edu%7Ca29cb0b6289b4436ec5008d5f7cc8e26%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636687380299920523&sdata=SuakdNBULnz0vkqYc0%2F9JnRnrbzxQeMGmb1BYscVaGM%3D&reserved=0>
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org <mailto:Archivesspace_Users_Group at lyralists.lyrasis.org>
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__lyralists.lyrasis.org_mailman_listinfo_archivesspace-5Fusers-5Fgroup%26d%3DDwMFaQ%26c%3DimBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc%26r%3DF0JE8U9-xhxe_nE7d7aEUi-uqfKqvYJ222bS0oz9mko%26m%3DaKEddLEPAlr5eh5MCXZmGqOS73Z1XLPRaD_g_iwCANA%26s%3DVGIWICV3PVAMHbvHXqf-YSlkDqmttbFvrIsvaVYsgPU%26e%3D&data=02%7C01%7Cmark.custer%40yale.edu%7Ca29cb0b6289b4436ec5008d5f7cc8e26%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636687380299930528&sdata=qPorBusSkRCUv3ZO%2BhzypAfbS9eKbc64p01cHlEZMBw%3D&reserved=0>
>  
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20180803/6740f888/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6091 bytes
Desc: not available
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20180803/6740f888/attachment.bin>