Include security logging for role changes
Because roles cover a range of permissions, there is a necessity to give users a role for one need even though it gives them permission to do other things that are not wanted. One of those things can be assigning other roles.
Role assignment is the most security-sensitive function of Alma and should absolutely be tracked and the log of who made an assignment and when should be accessible to administrators. Even better would be the ability to add an email warning mechanism for particularly sensitive roles.
(Related to this but in documentation, there needs to be a table of Roles and all the actions each role can do. Currently, you can search for an action/permission and the role/roles that have the permission are given, but that is backwards. We desperately need the reverse for properly secure assignments. How else can we know everything we are allowing a user to do when we want to give them one particular permission?)
Erich
shared this idea
Hello All,
This idea has been closed as part of a cleanup process for ideas older than two years with fewer than 20 votes.
This cleanup process is necessary to streamline our idea management process and ensure that the most relevant and impactful ideas receive the attention they deserve. If you still feel strongly about this idea, you may submit it via the NERS process.
We value your feedback and encourage you to continue submitting and voting for ideas that you believe will enhance Alma.
Alma Product Team
-
Manu Schwendener commented
You might also want to vote for this https://ideas.exlibrisgroup.com/forums/308173-alma/suggestions/13069281-split-role-user-manager-in-2-the-user-manager-and