Fields: Add/Edit Role
Roles give you the means to create customized administration profiles that you can assign to users. To define a role, you select the privileges that you want the users of that role to be able to perform.
Security > Roles > Add Role
Security > Roles > Edit Role
Code
Specifies a unique code for the role (up to 30 characters). This code is used to identify the role on the Roles list.
Codes are displayed in all upper case letters. If you enter lower case alphanumeric characters for the code, the software automatically converts them to upper case when the code is displayed.
Note: This value must be unique. If you enter a code that is already being used elsewhere on the system and try to save the role, the software displays an error message indicating that the value must be unique, and informing you that the value you entered is already being used for another role.
Name
Specifies the system name of the role (up to 80 characters) for the specified language. This name is used to identify the role on the Roles page and in the Add/Edit Account page. For more information, see Fields: Add Account and Fields: Edit Account.
For this field, you can also specify an alternate name for a specific language. Choose the language from the drop-down list of supported languages, then enter the localized name in the field.
Note: If your web browser is configured to use a display language that is not supported by Portfolio and you have chosen to display the Admin console in a language other than the default language (en_US), the language that displays in the drop-down list of supported languages defaults to US English.
If a localized name already exists for a specific language, the software displays that language name differently in the drop-down list. When you enter a localized name for a specific language, the language name appears with a “++” suffix. If you clear the localized name for a specific language, the software displays the language name without the different formatting.
User Security Policy
Specifies the security policies such as password requirements and login rules for the account. Select an option from the drop-down list. For more information on user security policies, see Managing user security policies.
Select the privileges to assign to the role
Specifies the privileges that the user of the role has access to.
| |
You must select at least one privilege for the role. If you don’t select a privilege, Portfolio directs you to select a privilege when you save the role. |
Available
Displays a list of all the available privileges on the system.
Important: The available privileges are limited to those that have been assigned to you. You cannot add a privilege to a role that is not present in the role assigned to you.
You can select or multi-select one or more privileges and then click Select, or you can double-click individual privileges to move them to the Selected.
Selected
Displays a list of privileges selected for the role.
You can select or multi-select one or more privileges and then click Remove, or you can double-click individual privileges to move them to the Available list. Select a single privilege and use the arrow buttons to move it to or from the Selected list.
To add or remove privileges in the list, choose the privilege, and then use these buttons:
| Option | Description |
|---|---|
|
Select
|
Moves the selected privilege from the Available list to the Selected list. |
|
Remove
|
Removes the selected privilege from the Selected list and returns it to the Available list. |
Note: These buttons are context-sensitive based on which list a privilege is selected in. For example, the Remove option is disabled when you select privileges in the Available list, but it is enabled when you select items in the selected list.
Privileges
Privileges indicate components or functions in Portfolio. Assigning a privilege to a role gives the user of the role the ability of accessing that function to make changes to the settings in your system. The privileges you see depend on the role assigned to you. You cannot add or remove privileges that are not assigned to you. In fact, you will not see any privileges in the list that you do not have rights to.
General privileges
This following table lists all of the privileges available in Portfolio.
| Privilege | Description |
|---|---|
|
PRIV_ACCOUNT |
Users with this privilege can create and delete accounts in the Accounts page. |
|
PRIV_ACCOUNT_LOCKS |
Users with this privilege can toggle locking out or unlocking specific accounts. |
|
PRIV_ACCOUNT_SELF |
Users with this privilege can make edits to their own account but to no other account. |
|
PRIV_ADMIN |
Users with this privilege can log in to the Admin Console. This is a basic privilege that should be given to all roles. |
|
PRIV_ASSET_ADMIN |
User with this privilege can open the Assets page. Digital Assets. |
|
PRIV_ASSET_CREATE |
Users with this privilege can add assets to the system. For more information, see Adding a digital asset. |
|
PRIV_ASSET_DELETE |
Users with this privilege can move assets to the trash. For more information, see Deleting a digital asset. |
|
PRIV_ASSET_EXTRACT |
Users with this privilege can view, trigger, and schedule the SD_ASSET_EXTRACTOR task in System Tasks. Note: In order to access tasks, the user must have PRIV_TASK_VIEW. |
|
PRIV_ASSET_MODIFY |
Users with this privilege can edit the properties of an asset. For more information, see Modifying the details of a digital asset |
|
PRIV_ASSET_PURGE |
Users with this privilege can empty assets from the trash folder (permanently deleting them from the system). For more information, see Permanently removing deleted assets and directory nodes. |
|
PRIV_ASSIGN_ASSET_TO_ROOM |
Users with this privilege can attach an asset folder to a specific room in a profile. For more information, see Adding assets to a room. Note: To perform this task, the user must also have PRIV_ROOMS_CONFIG to configure the room and either PRIV_PROFILE or PRIV_PROFILE_ALL to manage the profile. |
|
PRIV_BCCONNECTIONS |
Users with this privilege can add, edit, and delete BLUEcloud connections. |
|
PRIV_ERESOURCE_CENTRAL |
This privilege has been deprecated. |
|
PRIV_LIBRARY_FAVORITES |
Users with this privilege can add, edit, and delete library favorite definitions. For more information, see Managing library favorites |
|
PRIV_LISTS |
Users with this privilege can activate, and deactivate all book lists and can add, edit, and delete custom book lists. For more information, see Managing book lists. |
|
PRIV_MEDIA_TYPE |
Users with this privilege can add, edit, and delete media type definitions that are assigned to assets. For more information, see Managing media types. |
|
PRIV_METADATA_FIELDS |
Users with this privilege can add, edit, and delete metadata fields mapped to search fields. For more information, see Managing metadata fields. Note: To fully use this privilege, the user must also have PRIV_SEARCH_FIELDS so that the user can assign metadata fields to search fields. |
|
PRIV_METADATA_TEMPLATE |
Users with this privilege can open the Metadata Templates page to add, edit, and delete metadata templates for asset management. For more information, see Managing metadata templates. |
|
PRIV_MFA_KEYFOB |
Users with this privilege can configure key fob-based multifactor authentication. |
|
PRIV_MFA_RESET |
Users with this privilege can reset existing multifactor authentication settings. |
|
PRIV_MOBILE_PHONE_ADMIN |
Users with this privilege can manage phone carriers in the Mobile Phone Carriers page. For more information, see Managing mobile phone carriers. |
|
PRIV_OAIPMH_HARVEST |
Users with this privilege can add, edit, and delete OAI-PMH harvest sites and launch harvest tasks. For more information, see Managing OAI-PMH settings. |
|
PRIV_PAYMENT_ACCOUNT |
Users with this privilege can add, edit, and delete the settings that allow a patron to make a payment through Symphony or Horizon Web Services. Form more information, see Managing payment accounts. |
|
PRIV_PROFILE |
Users with this privilege can edit and delete profiles and can add and delete search suggestions. For more information, see Search Profiles. |
|
PRIV_PROFILE_ALL |
Users with this privilege have access to manage all profiles. Otherwise, users are restricted to the profiles assigned by the system administrator. For more information, see Search Profiles. |
|
PRIV_PROFILE_CREATE |
Users with this privilege can add profiles. Roles that include this privilege should also include PRIV_PROFILE. For more information, see Creating a new search profile. |
|
PRIV_RESULTS_CONFIG |
Users with this privilege can configure search result displays, detail displays, HTML widgets, and language files in Displays. For more information, see Display Configuration. |
|
PRIV_ROOMS_CONFIG |
Users with this privilege can manage these basic tasks in Rooms: add, copy, re-order, edit properties, edit content, hide, display, and delete. For more information, see Rooms. |
|
PRIV_ROOMS_SEARCH |
Users with this privilege can manage these search configurations in Rooms: Search Limits, Search Targets, and Assign Room to Profiles. For more information, see Setting up search limits for a room, Configuring the search box for a room, and Assigning room availability to multiple profiles. |
|
PRIV_ROOMS_SYSTEM |
Users with this privilege can delete, detach, and reattach rooms. For more information, see Deleting a room, Detaching a branch, and Attaching detached rooms. |
|
PRIV_SEARCH_FIELDS |
Users with this privilege can edit certain options within default search fields. Other users do not have access to edit default search fields. For more information, see Adding or editing a search field |
|
PRIV_SEARCH_LIMITS |
Users with this privilege can create, edit, and delete search limits and assign search limits to profiles. For more information, see Search Limits. |
|
PRIV_SEARCH_SUGGESTIONS |
Users with this privilege can blacklist search suggestions for a profile. For more information, see Search Suggestions. |
|
PRIV_SEARCH_TARGETS |
Users with this privilege can manage both Discovery and federated search targets, sources, qualifier sets, search fields, and display codes (all of the functions within Search Configuration and Federated Configuration). For more information, see Discovery Search Configuration and Federated Search Configuration. When combined with both PRIV_TASK_MANAGE and PRIV_TASK_VIEW, users can also view and manage Scheduled Search Source Tasks. |
|
PRIV_SOLR |
Users with this privilege can access the Solr Instance page in Search Configuration. |
|
PRIV_SOLR_CONFIG |
Users with this privilege can upload, download, and delete synonyms and stop words. For more information, see Managing special words. Note: In order to view Solr configuration, the user also needs PRIV_SOLR. |
|
PRIV_TASK_MANAGE |
Users with this privilege can interrupt, suspend, resume, and edit the schedule of scheduled tasks. Role that include this privilege should also include PRIV_TASK_VIEW. For more information, see Scheduled Tasks. Note: In order to manage Search Source Tasks, the user also needs PRIV_SEARCH_TARGETS. |
|
PRIV_TASK_VIEW |
Users with this privilege can view the scheduled tasks list and history of individual tasks. For more information, see Scheduled Tasks. Note: In order to view Search Source Tasks, the user also needs PRIV_SEARCH_TARGETS. |
|
PRIV_THEMES |
Users with this privilege can add, edit, and delete theme definitions. For more information, see Themes. |
|
PRIV_USP_APPLY |
Users with this privilege can apply a password configuration to a role or account. Note: In order to view Password Configurations, the user also needs PRIV_USP_VIEW. |
|
PRIV_USP_CREATE |
Users with this privilege can create new password configurations. Note: In order to view Password Configurations, the user also needs PRIV_USP_VIEW. |
|
PRIV_USP_DELETE |
Users with this privilege can delete password configurations. Note: In order to view Password Configurations, the user also needs PRIV_USP_VIEW. |
|
PRIV_USP_EDIT |
Users with this privilege can edit existing password configurations. Note: In order to view Password Configurations, the user also needs PRIV_USP_VIEW. |
|
PRIV_USP_VIEW |
Users with this privilege can see the password configuration menu option. Additionally, users can navigate to the manage page for the configurations. |
|
PRIV_VIEW_RESTRICTED_CONTENT |
Users with this privilege can view SirsiDynix published, protected rooms content. |
|
PRIV_WEB_SERVICE |
Users with this privilege can add, edit, or delete the connection to Symphony Web Services or Horizon Web Services. For more information, see Managing web services |
System Defined Roles
Portfolio includes two system-defined roles that you can use immediately: System Administrator and Profile Administrator. The following chart lists the privileges assigned to each role.
| Privilege | System Administrator | Profile Administrator |
|---|---|---|
|
PRIV_ACCOUNT |
Yes |
No |
|
PRIV_ACCOUNT_LOCKS |
Yes |
No |
|
PRIV_ACCOUNT_SELF |
No |
Yes |
|
PRIV_ADMIN |
Yes |
Yes |
|
PRIV_ASSET_ADMIN |
Yes |
No |
|
PRIV_ASSET_CREATE |
Yes |
No |
|
PRIV_ASSET_DELETE |
Yes |
No |
|
PRIV_ASSET_EXTRACT |
Yes |
No |
|
PRIV_ASSET_MODIFY |
Yes |
No |
|
PRIV_ASSET_PURGE |
Yes |
No |
|
PRIV_ASSIGN_ASSET_TO_ROOM |
Yes |
No |
|
PRIV_BCCONNECTIONS |
Yes |
No |
|
PRIV_ERESOURCE_CENTRAL |
Yes |
No |
|
PRIV_LIBRARY_FAVORITES |
Yes |
No |
|
PRIV_LISTS |
Yes |
Yes |
|
PRIV_MEDIA_TYPE |
Yes |
No |
|
PRIV_METADATA_FIELDS |
Yes |
No |
|
PRIV_METADATA_TEMPLATE |
Yes |
No |
|
PRIV_MFA_KEYFOB |
Yes |
No |
|
PRIV_MFA_RESET |
Yes |
No |
|
PRIV_MOBILE_PHONE_ADMIN |
Yes |
No |
|
PRIV_OAIPMH_HARVEST |
Yes |
No |
|
PRIV_PAYMENT_ACCOUNT |
Yes |
No |
|
PRIV_PROFILE |
Yes |
Yes |
|
PRIV_PROFILE_ALL |
Yes |
No |
|
PRIV_PROFILE_CREATE |
Yes |
No |
|
PRIV_RESULTS_CONFIG |
Yes |
No |
|
PRIV_ROOMS_CONFIG |
Yes |
Yes |
|
PRIV_ROOMS_SEARCH |
Yes |
Yes |
|
PRIV_ROOMS_SYSTEM |
Yes |
No |
|
PRIV_SEARCH_FIELDS |
Yes |
No |
|
PRIV_SEARCH_LIMITS |
Yes |
No |
|
PRIV_SEARCH_SUGGESTIONS |
Yes |
Yes |
|
PRIV_SEARCH_TARGETS |
Yes |
No |
|
PRIV_SOLR |
Yes |
No |
|
PRIV_SOLR_CONFIG |
Yes |
No |
|
PRIV_TASK_MANAGE |
Yes |
No |
|
PRIV_TASK_VIEW |
Yes |
Yes |
|
PRIV_THEMES |
Yes |
No |
|
PRIV_USP_APPLY |
Yes |
No |
|
PRIV_USP_CREATE |
Yes |
No |
|
PRIV_USP_DELETE |
Yes |
No |
|
PRIV_USP_EDIT |
Yes |
No |
|
PRIV_VIEW_RESTRICTED_CONTENT |
Yes |
Yes |
|
PRIV_WEB_SERVICE |
Yes |
No |