Skip to main content
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Roles and Registration Configuration

    Translatable
    For more information about roles, see Managing User Roles.
    The base unit of permission for viewing an item (page, option, link) or performing an action is a privilege; privileges are internally used and configured by Ex Libris. Privileges are grouped by roles. Roles are grouped by role profiles.

    Configuring Role Profiles

    To configure role profiles, you must have one of the following roles:
    • User Administrator
    • General System Administrator
    A role profile is a collection of roles, grouped according to job function, that can be assigned to a user in a single action. Role profiles make it easy to add a common list of roles to a user automatically when adding a new user (by assigning the user a job category or user group for which a role-assignment rule exists; see Configuring Role Assignment Rules below) or when managing a user's roles manually (by assigning a role profile to them; see Adding Roles to Users). 
    A role profile is not linked directly to the users to whom it is assigned. Rather, it is a vehicle used to assign a predefined list of individual roles to a user. Thus, if you update a role profile, this does not affect any users you have already applied it to.
    You can configure role-assignment rules that automatically assign role profiles to new users (see Configuring Role Assignment Rules below).
    You configure role profiles on the Profiles List page (Configuration Menu > User Management > Roles and Registration > Profiles). Existing role profiles are listed in this page under Name, with the roles associated with them listed under Included Roles. The scope of each role appears in parentheses after the role. 
    Role Profile List New UI.png
    Profiles List Page
    If the selected role profile does not have roles assigned to it, you can add roles as described under Adding a Role Profile.
    You can perform the following actions with regard to role profiles:

    Adding a Role Profile

    You add a role profile to your system by specifying a name for it and then adding all of the appropriate roles to it.
    To add a role profile:
    1. On the Profiles List page (Configuration Menu > User Management > Roles and Registration > Profiles), select Add Profile. The Profile page appears. This is the first page of a two-page wizard.
      add_profile_ux.png
      Profile Page
    2. Enter a name for the role profile (required), and select Save and Continue. The Profile Roles area appears..
      add_profile_roles_ux.png
      Profile Page – Updated
    3. To add roles, select Add Role. The Add New Roles page appears. Follow the instructions in Adding Roles to Users for adding roles manually. After adding roles, they are listed in the Profile Roles area.
      Only roles that are activated in a role profile when that role profile is applied to a user are added to that user's account. Roles for which a scope setting is not required (i.e., the scope is always the institution) are activated as soon as they are added. Roles for which a scope is required but has not yet been set in the role profile are deactivated and cannot be activated until they are edited and a scope is selected. Once a scope is set for a role as required, you can activate or deactivate the role manually, under Active, by selecting the button in the role's row.
    4. Select Save to save the profile.

    Modifying a Role Profile

    Once a role profile has been created, its name can be changed, and roles can be added and removed from it, as required. These modifications only directly affect user accounts to which the role profile is applied after it is modified. In order to implement them in user accounts to which they were previously applied, you must modify those user accounts, either manually, by running a job, or through the API (see Updating User Accounts to Which a Role Profile Has Already Been Applied below). 

    You can modify the user account manually in one of two ways:

    • Manually adding and removing roles
    • Assigning the role profile to the account again. Bear in mind, though, that if you do this, any roles that were added to the role profile after it was previously applied to the user will be added, but roles that were removed from the role profile will not be removed from the user.
    To modify a role profile:
    1. On the Profiles List page (Configuration Menu > User Management > Roles and Registration > Profiles), in the row actions list of the role profile, select Edit. The Profile page opens, and displays the name and ID number of the profile, as well as the list of roles included in it.
    2. To add additional roles to the profile, select Add Role, and follow the instructions above for adding roles.
    3. To remove a role, in the row actions list, select Remove
      To remove multiple roles, you can also select the checkboxes of the roles you want to remove, and then select Remove Selected.
    4. To edit the settings of a role, in the row actions list, select Edit. Follow the instructions in Editing Roles Assigned to Users.
    5. When you have finished modifying the role profile, select Save.

    Updating User Accounts to Which a Role Profile Has Already Been Applied

    Whenever a role profile is applied to a user account, an internal general note is added to the account. The note includes the name and ID number of the role profile. You can find all user accounts to which a particular role profile was applied in the past (from May 2023, when this feature was introduced, onwards) by searching the user records for the name or the ID number of the role profile. You can also save the search parameters as a logical set, so that you can easily locate these user accounts in the future. The logical set can also be input to the Update/Notify Users job in order to update these users' roles in accordance with the changes you have made to the role profile.

    Role Profile - User Notes.png

    Notes in a User Account Providing Information About Role Profiles that Have Been Applied to It in the Past

    Finding User Accounts to Which a Role Profile Was Applied

    You can use Alma's search mechanism to find the user accounts to which a role profile was applied in the past. If you wish, you can also save the search query as a logical set to use as input for a job that can update the roles of these users.

    To find the user accounts to which a role profile has previously been applied:
    1. On the Profiles List page (Configuration Menu > User Management > Roles and Registration > Profiles), in the row actions list of the role profile, select Edit. The Profile page opens, and displays the name and ID number of the profile, as well as the list of roles currently included in it.
    2. Copy the ID number or the name of the profile.
    3. Select Back to leave the Configuration menu and return to the main menu. 
    4. In the Persistent Search box, select Users > All, enter the ID number or the name of the role profile in the text field , and press Enter. The Find and Manage Users page opens and displays a list of user accounts to which the role profile was assigned in the past.

      Role Profile - Find Users.png
    5. If you want to save the search criteria as a logical set, select Save Query. In the Set Details page, enter a name for the set, modify the other fields as required, and then select Save. For additional information about sets, see Managing Search Queries and Sets.

      Role Profile - Set Details.png

    Running a Job to Update Users' Roles

    For each role you want to add to or remove from the user accounts in the logical set, you can run the Update/Notify Users job. (You can actually add one role and remove one role in the same run, but to add or remove multiple roles, you must run the job multiple times.) For additional information about logical sets and running a manual job, see Managing Search Queries and Sets and Manual Jobs.

    To update the roles of the user accounts in the logical set:
    1. In the Run a Job - Select Job to Run page (Admin > Manage Jobs and Sets > Run a Job), select the Update/Notify Users job, and then select Next
    2. In the Run a Job - Select Set page, select the logical set you saved as a query (above), and then select Next.
    3.  In the Run a Job - Enter Task parameters page, select Add role, and/or Remove role, and then select the role to add and/or the role to remove, and the scope for each role you selected. Then select Next.

      Role Profile - Add-Remove Roles Job.png
       
    4. In the Run a Job - Review and Confirm page, select Submit. The job runs and the roles are updated in the user accounts.

    Configuring Role Assignment Rules

    To configure role assignment rules, you must have one of the following roles:
    • User Administrator
    • General System Administrator
    After you define role profiles (see Adding a Role Profile), you can create rules that automatically assign role profiles to a newly added user. When a user is added (see Adding Users), if the user's information matches one of the enabled role assignment rules, the user is assigned the role profiles associated with the rule. If several enabled rules apply, they all are applied to the new user. If no enabled rules apply, the default rule is applied to the user (all users match this rule automatically if they did not match any other rule).
    For an example of role assignment rules, watch Assign User Roles Automatically (3:05).
    You configure role assignment rules on the Automatic Role Assignment rules table (Configuration Menu > User Management > Roles and Registration > Role Assignment Rules). For more information about rules tables, see Rules Tables.
    Role profiles are used to assign roles to users, but they are not themselves attached to the users. Thus, existing users are unaffected by newly configured rules. Nonetheless, whenever a role profile is applied to a user, a note is added to the user's Notes tab. This enables you to search for the users to which it was applied (using the profile name or ID), in order to implement any required changes to their roles.  The automatic adding of a note can be deactivated by using the User Management menu (Configuration > User Management > Other Settings) to set the show_profile_in_user_notes parameter to false.
     
    Automatic Role Assignment Rules.png
    Automatic Role Assignment Rules Page
    The input parameters are:
    • Birth Date - Match users born before, on, or after a specific date.
    • Job Category - Match users assigned any of the selected job categories.
    • Record Type - Match users of any of the selected record types (Contact, Public, or Staff).
    • Status - Match active or inactive users.
    • User Group - Match users assigned any of the selected user groups.
    For output parameters, select the role profiles to assign to the users whose account properties match the input parameters.

    Configuring User Registration Rules

    To configure user registration rules, you must have one of the following roles:
    • User Administrator
    • General System Administrator
    The rules are applied when users are added using the Register New User option in the Manage Patron Services page. See Registering Patrons.
    After you define user registration terms of use sets (see Configuring Terms of Use), you can create rules that automatically assign a user registration terms of use to a newly added user. When a user is added (see Adding Users), if the user's group matches one of the enabled user registration rules, the user is assigned the terms of use associated with the rule. Only the first matching enabled rule is applied to the new user. If no enabled rules apply, the default rule is applied to the user (all users match this rule automatically if they did not match any other rule).
    Existing users are unaffected by newly configured rules.
    You configure user registration rules on the User Registration rules table (Configuration Menu > User Management > Roles and Registration > User Registration Rules). For more information about rules tables, see Rules Tables.
    user_registration_rules_ux.png
    User Registration Rules Page
    The input parameters for rules are:
    • User Group - Match users assigned any of the selected user groups.
    • Library - The 'currently at' library if user is being registered at the circulation desk, or the owning library of the item if the patron role is being  renewed at the circulation desk following a loan block.
    For output parameters, select the terms of use to assign to the users that match the input parameters.

    Configuring Users' Ability to View Operator Details

    By default, an Operator column appears in the History tab (and some other tabs) on many Alma pages. All users with manager and/or administrator roles can view this column (assuming that they can view the page); users with only operator roles cannot view this column.

    On the Manage Operator Details Visibility page (Configuration Menu > User Management > General > Manage Operator Details Visibility), you can configure that only the managers and administrators relevant to specific areas can view the Operator column in the pages in these areas.

    manage_operator_details_visibility.png

    Manage Operator Details Visibility
    To restrict users' ability to view operator details:

    On the Manage Operator Details Visibility page, select Hide and select Save and Execute. When Hide is selected, the following roles can view the Operator column in the History tab on the following pages:

    Users Who Can View Operator Column
    Roles History Tabs (unless otherwise noted)
    • Acquisitions Administrator
    • Fiscal Period Manager
    • Fund Manager
    • Invoice Manager
    • Ledger Manager
    • License Manager
    • Purchase Request Manager
    • Purchasing Manager
    • Trial Manager
    • Vendor Account Manager
    • Vendor Manager
    • Purchase order line
    • Invoice
    • License
    • User Administrator
    • User Manager
    • User
    • Find/Fees (Loan Audit Trail: edit user > Fine/Fees > View Loan)
    • ALL
    • Jobs (Events Report: History > Events, Creator column)
    • Circulation Desk Manager
    • Course Reserves Manager
    • Fulfillment Administrator
    • Fulfillment Services Manager
    • Resource Sharing Partners Manager
    • Lending or borrowing requests
    • Manage patron services (Loan Audit Trail: display all loans > Loan History)
    • Catalog Administrator
    • Catalog Manager
    • Deposit Manager
    • Repository Administrator
    • Repository Manager
    • Collections
    • Bibliographic or authority records
    • Holdings
    • Physical items
    • Electronic collection, portfolio, or service
    • Digital representation

    physical_item_history_tab_operator_highlighted.png

    Physical Item Editor - Operator Column Visible

    physical_item_history_tab_no_operator.png

    Physical Item Editor - No Operator Column

    Roles Report

    The Roles Report provides a detailed list of what a user with a particular role can do in the system, such as the menu items that are shown for a user with a specific role or the pages that the user can access and whether they can add, view, or edit information on that page. Contact Ex Libris for assistance with this page.
    For a description of the various user roles and the Alma components that each user can access, see User Roles – Descriptions and Accessible Components.
    View the Roles Report at Configuration Menu > User Management > Roles and Registration > Roles Report. Enter the required role from the Roles drop-down list.
    Some of the roles, such as Exlibris (all), SAAS Operator, and Technical Analyst, are internal and cannot be assigned to users.
    roles_report_ux.png
    Roles Report

    Privileges Report

    The Privileges Report (Configuration Menu > User Management > Role and Registration > Privileges Report) provides a list of the privileges associated with each role. This information may be helpful in understanding the functionality of certain pages and links; unfortunately, it is not possible to provide a complete description of how each privilege works, in detail. For a description of the various user roles and the Alma components that each user can access, see User Roles – Descriptions and Accessible Components. For a list of the privileges available for each role see Role Privileges.
    You can filter the report by role or privilege.
    • Some roles, such as Exlibris (all), SAAS Operator, and Technical Analyst, are internal and cannot be assigned to users.
    • Some roles are related to other URM-related products, such as Leganto or Esploro. If you have any questions, contact Ex Libris customer support.
    privileges_report_ux.png
    Privileges Report

    Restricting Users for Editing

    The following user roles in Alma can make changes to Alma user accounts: 

    • General System Administrator
    • User Administrator
    • User Manager
    • Circulation Desk Manager
    • Circulation Desk Operator
    • Circulation Desk Operator - Limited
    • Repository Manager

    However, you can prevent these user roles from making changes to specific user accounts (for example, editing contact info). This is a two-step process:

    • You define accounts as 'restricted for editing' in the Users Restricted for Editing table (Configuration Menu > User Management > Roles and Registration > Users Restricted for Editing). If a user account has any of the roles defined in this table, or is assigned any of the user groups listed in this table, then this account is considered 'restricted for editing'.
    • For the user roles that can make changes to Alma user records (the above-listed roles), you can activate the "Can't edit restricted users" parameter. This prevents these users from making any changes to the ‘restricted for editing’ accounts. See Managing User Roles.  

    For example: PAT_A  is an account assigned a Licenses Manager role. The Licenses Manager has been defined in this Users Restricted for Editing table as ‘restricted for editing’. User USER_B has a User Manager role. Therefore, this user can update user accounts. But the User Manager role is marked as "Can't edit restricted users". This user therefore cannot update PAT_A’s account, but will be able to update other accounts that are not assigned the License Manager role.

    Users restricted for editing.png

    Users Restricted for Editing Page

    Select Add User Group or Add Role and select the user group or user role that you wish to restrict.