Add "Can't edit restricted users" and "Disable all login restrictions" field options to user analytics or staff login report
In order to improve security of our Alma institutions, and better manage named users or staff users, we need to be able to generate a user report that displays permissions related to security such as "Can't edit restricted users" on relevant roles, and "Disable all login restrictions."
Being able to identify which named users have IP restricted login disabled, and which named users have access to editing restricted user groups helps us to be sure that only designated named users have broad access to Alma--we shouldn't have to check this manually, user by user. We should be able to run a report on demand showing named/staff user's status as it relates to security settings, much as we do with the staff login report.
This information could be added as fields to the staff login report or as criteria in Analytics for user details.
For reference (see attachments):
"Disable all login restrictions" appears on the General Information tab of a user's detail page. When checked, and IP login restrictions are configured, the user can sign in to Alma from any IP address, even those outside the IP group.
"Can't edit restricted users" appears on the User Role Details page for select roles as follows: General System Administrator; User Administrator; User Manager; Circulation Desk Manager; Circulation Desk Operator; Circulation Desk Operator - Limited; and Repository Manager. When restricted user groups are configured, users with the box checked for all relevant roles will not be able to edit users who are members of restricted user group(s).
The following fields were added to Users > User Details:
Can’t edit restricted users – indicates if the user can edit restricted user groups
Disable All Login Restrictions – indicates if the user has IP login restrictions disabled