Permission Strategies

You can manage permissions in Polaris using any of the following methods, according to your needs:

Set security for an organization’s records - Identify who is allowed to view and use an organization’s records. Expand the Security folder for the organization in the Administration Explorer, select a permission, then find and select the staff members, workstations, and permission groups that should have the permission. All the permissions that can be set at an organization level are listed under Security for the organization in the Administration Explorer. See Managing Organization Security.

Tip:
If you are implementing Polaris permissions for the first time, the group method is a convenient strategy. See Using Groups to Set Initial Permissions.

Set up permission groups - Set up permission groups with multiple permissions and add multiple staff members, workstations, and/or organizations to the group. You can add permissions to the group to give them to all group members, and add group members. For example, a Cataloging permission group might have most cataloging permissions except deleting records. If a new cataloger is joining the library, you can add her to the group to give her all the appropriate permissions in one step. See Managing Permissions with Permission Groups.
Set permissions for an individual staff member or workstation - For example, a staff member who works in acquisitions needs permission to import brief bibliographic records using the Express Import option. See Managing Permissions for Staff, Workstations, Groups.

Important:
The PolarisSuperuser “staff member” and the Administrator permission groups have all permissions. The Superuser ensures there is always at least one person able to work in Polaris administration. Only one or two individuals should have access to this logon. The Administrator group simplifies giving Polaris administration permissions to backup administrators. Permissions cannot be taken away from the Superuser or Administrator permission groups, and these two records cannot be deleted.

Permission Availability and Record Ownership

A specific set of permissions is available at the system, library, and branch level. While many permissions are set at the branch level, some permissions are available at all levels, and some are available only at the system level, only at the library level, or only at the branch level.

The permissions that control access and modifications to Polaris records can only be set at the organization level to which the record belongs. Some types of records can be owned at multiple organization administration levels. Other records can only be owned at a specific level. For example, item records can be owned at the system, library, and branch levels, but patron records can only be owned by a branch. Permissions to use item records are available and set independently at each level and for each organization. You set permissions for every organization that uses the associated records. Permissions to use patron records are available only at the branch level.

Important:
Bibliographic and item records can be maintained at the system, library, or branch level. Cataloging record permissions must be set for at least one organization. Typically, if the catalog is maintained by a central cataloging department for all organizations, the system level permissions are used. If each branch maintains its own cataloging records, assign the catalog record permissions for each branch.

Note:
See Polaris Permission Groups - Default Permissions Reference for a list of the record fields that indicate ownership for each type of Polaris record.

Several levels of permissions control access to and operations on an organization’s records. For example, you need the appropriate Access permission to view an organization’s bibliographic records, or even see those records in lists such as Find Tool results. Separate Create, Modify, and Delete permissions control the ability to do these operations on the organization’s bibliographic records.

Important:
If you have the permission Use ‘own’ cataloging record sets: Allow, you can create record sets that no other users can access, including your system administrator. When you create a new cataloging record set, your user name is in the Owner box by default if you have this permission. To allow other users to access the record set, first select a different owner before saving the record set.

Some permissions are not organization-specific. These permissions are set at the system level and define access to options on the Polaris Shortcut Bar, access to specific tables in Polaris administration, or the ability to do certain tasks regardless of record ownership.

Permissions for Tasks

Most workflows in the Polaris staff client require multiple task permissions. You do not need to set all permissions for all organizations. If an organization does not do particular tasks, the permissions for that workflow do not need to be set for the organization. For example, if a branch does not use Polaris Acquisitions because selection, ordering, receiving, and invoicing are done at the main library, then the branch does not need acquisitions permissions.

Assigning Permissions to Workstations

The ability to do a task in Polaris depends on the permissions set for both the staff member and the workstation. For security, libraries may want to restrict the tasks that can be done on a particular computer, even if the person logged on has permission to do the tasks.

Example:
A computer monitor at a reference desk is visible to the public in that area. The library is concerned about patron privacy, and wants to prevent patron account information from appearing on that computer, so that workstation does not have permission to view the library's patron records.

You can set permissions for individual workstations, or you can use the following options:

Create permission groups specifically for workstations and assign permissions based on the security or privacy requirements of the workstations in the group.

Note:
Do not put restricted workstations in permission groups with access to system security or patron information. To view a workstation’s permissions, go the Permissions view of the Workstation workform. See Managing Permissions for Staff, Workstations, Groups.

To give workstations and staff members the same permissions, make the workstations members of the same permissions groups to which the staff members belong. This method ensures a staff member can always do their tasks. However, do not use this method for computers where privacy and system security are issues.
To give all workstations in an organization the permissions of a group, make the organization a member of the permission group.

Important:
The Polaris Superuser logon overrides any permission restrictions of a workstation. The Polaris Superuser can do any task on any workstation except access record sets owned by an individual staff member.

Permission Assignments at Upgrade

When you upgrade to a new version of Polaris, new permissions may or may not be granted to existing staff members by default. (New permissions are always granted to members of the Administrator permission group.) If you prefer not to accept any Polaris default settings that grant new permissions to existing staff members, set the system-level Staff Client profile Permissions: Use Polaris-defined new permission defaults to No. This setting causes all new permissions to be set to No (not granted) at upgrade, but does not affect existing permission assignments or the Administrator permission group. The default setting is Yes.

Important:
If you want to set the Staff Client profile Permissions: Use Polaris-defined new permission defaults to No, you must set the profile before you upgrade to the new version of Polaris.

Special Permissions for Rotating Staff

If the library rotates staff among branches, you can allow the rotating staff members to select a session branch at log-on. When a branch is selected, settings for that branch are in effect for the session (not the branch with which the staff member’s user name is associated). For example, when a circulation staff member logs on to the current branch instead of the staff member’s “home” branch, the system can route an item that fills a hold request correctly. The item is not routed to the staff member’s “home” branch when it should be picked up at the current branch.

To enable staff members to select a branch at log-on, give both the staff member and the workstation these permissions:

Access logon branch: Allow - Specifies who can log on to branches other than their own. The staff member can select a branch from a dialog box when logging on. This permission is set at the System level.
Logon branch: Access - Specifies who can log on to a specific branch even though the staff member is not registered with the branch. The staff member can select a specific branch when logging in. This permission is set at the branch level.

The workstation’s parent branch is the default selection in the Polaris Log On Branch dialog box. If the staff member does not have the Logon branch: Access permission for the workstation’s branch, the default selection is the staff member’s home branch. (If the staff member does not have the Logon branch: Access permission for the home branch, the first branch in the list of permissioned branches is the default selection.)

Note:
The user and logged-on branch for a Polaris staff client session are displayed at the top of the Polaris Shortcut bar and on the About Polaris dialog box (select Help, About Polaris on the Polaris Shortcut bar).

Special Permissions for SQL Searches in the Find Tool

Three system-level permissions control the ability to use the Polaris Find Tool to do SQL searches. These permissions affect only the ability to do SQL queries in the Find Tool. No modifications to the database are possible from the Polaris Find Tool.

Find Tool: Access SQL mode - Allow - The SQL option is available for selection on the Polaris Find Tool. The staff member can search in SQL mode.
Find Tool: Create or modify named SQL searches - Allow - The Save and Save As options are available when the Find Tool is in SQL search mode. The staff member can save an SQL search and edit a saved search and save it.

Note:
If the staff member does not have this permission and selects Save or Save As, a permission block message appears. You can allow specific staff members to override the block. See Set the Find Tool SQL permission blocks override.

Find Tool: Delete named SQL searches - Allow - The Delete option is available when the Find Tool is in SQL search mode. The staff member can delete a saved SQL search.

Note:
If the staff member does not have this permission and selects Delete, a permission block message appears. You can allow specific staff members to override the block. See Set the Find Tool SQL permission blocks override.