User access in Web Services follows the model in SirsiDynix Symphony. What a given user can see and do in the system depends on the user’s library (see Station library) and the user’s user profile. If the library has enabled Accountability in the ILS, this will also affect what users can see (see Accountability for details).
The ILS User Access policy defines a user’s privileges in three important ways: user level, access type, and commands list.
You can view these settings for a user using the lookupUserInfo operation of the Security service.
The user level (also called “privilege level” in Web Services) indicates, for example, if the user is a library patron or a library staff member. Based on user level, certain features may be restricted. For example, a PUBLIC user cannot see data for other users in the library.
When your client application needs to work with data for users, it will need to create a Web Services session for a user that has a privilege level of STAFF or higher or create separate sessions for each user (see Working with Web Services sessions).
Access type specifies if the user access policy is for an individual user (Personal) or shared by a group of users. Shared access places restrictions on what the user can do, for example, modifying account data. (You can use the lookupUserInfo operation in the Security service
The command list associated with a user access policy specifies exactly what a user can do in the system.
For example, if your client application creates a user session and uses that session for a lookupUserInfo request, the operation will fail if the user in the session token does not have the Display2 User command in the profile’s command list.
The lookupUserInfo operation requires specific commands.
Related topics
Understanding the Symphony ILS
© 2009-2012 SirsiDynix