Explanation of roles and permissions
Library staff, like customers, are actors within the Wise system. The difference is that employees have a specific role assigned to their accounts. Associated with those roles are certain functionalities and permissions. The account used determines which roles (system roles and user roles) and authorizations an actor has. For library staff, these are different than those for a customer.
Username
Each user of the Wise system has a username that allows them to log into the Wise Client or the the Wise Manager. Each staff account is assigned role functions (permissions) that determine what this employee can or can't do.
A username for an account may consist of up to 80 positions. Account usernames can be set in the Manager via: SystemWise > Access codes and authorizations > Access authorizations.
Note: It is not possible to use multiple sessions in the Wise Manager side by side in the same browser.
System roles
When Wise is implemented, a number of system roles are present. These roles are based on functionality, and are fixed. If necessary, a system role can be added upon request. To request that a system role be added, please contact OCLC Support.
For each system role, a set of functions (also known as "role functions") is defined, with each function appropriate to that system role. For example, the system role WERKPLEKBEHEER has the functions Configuration and Profile management and the system role EXEMPLAARBEHEER has (among others) the functions Items action list , Shelf management, and Item statistics .
The following is an overview of all system roles in Wise, along with a brief description of the role and the component to which the system role relates:
| System role code | Description | Component |
|---|---|---|
| ACCOUNT_MANAGER | Account manager | Wise Client |
| API_MANAGEMENT | Manage REST API | |
| AUTOMAAT | Terminal | Access to external applications/terminals |
| BAHBEH | Library-at-home Branch Manager | Library at home functions in the Wise Client |
| BALIE | Service Desk - Branch Management | Wise Client |
| BESTANDSBEHEER | File management | Wise Client |
| BESTELLEN | Order | Wise Client |
| CONNEXION | Manage Connexion | |
| EXEMPLAARBEHEER | Item management | Wise Client |
| KSM | Customer service | Wise Client |
| MARKETING | Marketing module | Wise Client |
| RAPPORTAGES | Reports | Wise Client |
|
STAFF_MANAGEMENT
|
Front office management Note: This functionality will be added in a future release |
Wise Client |
| WISEBRH00 | System Administrator | Wise Client and Wise Manager |
| TITELBEHEER | Title management | Wise Client |
| TW_BEHEER | theaterWise management | Wise Client |
| WERKPLEKBEHEER | Workplace management | Wise Client (Argos) |
| WISE_BEHEERDER | Wise Application Administrator | Manager |
For a comprehensive list of functions by system role, see Wise role functions.
User Roles
A user role indicates what the user is authorized to do and which login code is used. A user role is composed of one or more system roles. The functions of these system roles become available with the user role. The scope of each function can be specified (per Branch, Authority, System) and at what level (nothing, read, edit, add, delete).
For example: the user role TW MANAGER will be linked to the system role TW_ MANAGER. A user role is assigned per user login.
Role functions
One or more role functions are associated with each system role. This provides only the structure for controlling access. For each function, you can define which authority applies to the following three areas:
- Branch
- Institution
- System
There are five levels of authority that can be applied to each of the above authorities:
- 0= Null
- 1 = Read
- 3 = Edit
- 7 = Add
- 15 = Delete
Client and Manager access
Most user roles are created for the purpose of Client access. But there is a special role function SYSTEEMBEHEER that is intended to provide access to all parts of the Manager. The prerequisite is that within the user role for this role function at the System level, at least read permissions must be given (0-0-1).
Full access is granted even by providing even the lowest level of permission for SYSTEEMBEHEER.
Limit access to the Manager
There may be times when access to the Manager is required for a staff user but it is not desired that all functions in the Manager be accessible to this them. An example of this could be a user that only needs to be able to create reports and will need access to systemWise > Report Management but will not need access to other areas of the Manager.
In cases such as these, user roles can be created with access to only a specific function in the Manager. These functions allow rights to be granted in the Manager without having to provide the SYSTEEMBEHEER function. If any of the role functions are given level 1 (read only) access or above the user will be given full access to the functionality for that role.
There are six groups for these specific functions:
| Function code | Description |
|---|---|
| MANAGER_BEHEER_BERICHTEN | Provides access to systemWise > Messages |
| MANAGER_BEHEER_DASHBOARD | Provides access to systemWise > Dashboard |
| MANAGER_BEHEER_FINANCIEN | Provides access to Wise > Finance > Invoice and Debit |
| MANAGER_BEHEER_RAPPORTEN | Provides access to systemWise > Reports > Report processor / Report manager / Reports (organized by function) |
| MANAGER_BEHEER_TOEGANGSCODES_BEVOEGDHEDEN | Provides access to systemWise > Access codes and authorizations > Access authorizations |
Tables
To get an idea of how the permissions are defined, it is helpful to know in which tables the settings related to each are located:
| Wise_rollen | System roles in Wise are predefined by OCLC. These system roles have code 'J' (yes) in column 'fixed'. User roles are self-defined by the library (what roles do individuals have within the organization: order taker, desk clerk, etc.). User roles have in column 'fixed' code 'N' (no). |
| Wise_rol_functie | Powers by Wise user role - functions can be selected from the system roles and transferred into a user role. |
| Wise_rol | Link between Wise User Role and the actor_id of an actor (ex. a staff user). |
| actor_auth_middel |
In wise_role there are no login codes but instead there are actor_ids. In order to provide each login with the correct code, which login belongs to which actor must be known. In actor_auth_means, all actors have an auth_type field. This type determines what you are, GNM for login. |