Multiple Admins for an Organization

If I'm reading correctly, there is one and only one administrator for a Library.

What are your suggestions for an organization to manage the account? I've looked at TinyCat and that seems fine for circulation, but maintaining the core library seems to be more of a problem. For example, I'll need to have many people adjusting tags, adding books, etc.

Sharing an account, even among a small group of trusted admins, seems like it'll be a logistical nightmare and a massive security hole.

How do other organizations approach this?

>1 UUCFLibrary: That is correct. For LibraryThing and TinyCat, there's only one set of admin credentials per account. Multiple admin support is something we're looking into potentially adding the future, but it will be some time coming—it's no small feat to alter the structure of account management in that way.

I can't speak to how other organizations work with this, other than to say that I know that they do! My colleague Kristi, who works more closely with TinyCat, might be able to speak more to this point when she returns on Monday.

It *is* called TinyCat. If you have many people working in your library maybe it isn't so tiny after all.

Everybody knows somebody who has a story about how they trusted somebody with their password and things went badly. It's a very bad security practice.

What's your definition of how many admins are too many to be "tiny"?

Maybe I should expand on that, maybe someone has a better suggestion...

The organization is a church -- I'm not a member, I'm just doing the techie stuff as a favor for a friend.

Volunteers from the membership will be doing regular inventory checks and updates to the collection. As near as I can tell, they'll have to use the Library Thing admin interface to make changes, even for simple things like correcting spelling errors or adjusting tags. Each volunteer is only expected to work a small amount of time -- they're not really admins, just helpers. Yet I have to give them full access to everything.

The library is small and the number of people who will be actively working --regularly-- with the data is small, perhaps even tiny... but the congregation is healthy enough and I could have a dozen or more part-times helping out; each of which will need update access to the data.

I can manage the risk by changing the password frequently, but that's all I got so far.

You could leave the browser logged in.
Or be present when they want to log in.
Or setup a remote login (rdp, logmein, etc) so they call you when they want to start and you log them in remotely.

I don't understand why having a single log in is more of a risk than multiple would be. Anyone who is signed in has access to all the data.

You could have more or less rights with multiple logins.

>8 JerryMmm:

In LT/TinyCat? Because we are not talking about passwords in general here. The worst that can happen in this case is one user changing the password and locking everyone else.

The risk comes from not knowing -who- changed data. With a single admin account, *all* changes are tagged as having been made by that account. No audit trail, no accountability.

Maybe I've just worked on corporate accounts too long and maybe with small, volunteer organizations everyone can be trusted all the time, but what about more benign reasons? Like keeping track of which volunteers are doing okay and which might need some extra help or training?

I think a better worst case scenario is someone deleting all the data. Pretty easy to do and no way to know who -- either accidentally or as a prank or disgruntlement.

If I understand correctly, a changed password can be recovered via the registered e-mail account. Haven't tried that yet, I'd assume it's straightforward, but yeah... assumptions....

(note to self - look into if there is a backup feature or if I should make regular exports).

No proper export import loop unfortunately.

Yes, I noticed the mismatch between columns supported by the import and those delivered via export. It would be a simple scripting problem to parse the necessary import columns from the export file -- the downside is that any custom content you've added would be lost. Not ideal, but good enough. I plan to investigate the API further, maybe it'd be possible to repopulate the custom content using the API.

>12 UUCFLibrary:

maybe it'd be possible to repopulate the custom content using the API.

It is not possible. To my mind that is not even remotely close to "good enough" - we do not have anything that passes as a backup - which is why I've been complaining about it for well over two years now:

https://www.librarything.com/topic/219575

I think the staff agrees with you, though, or maybe feels that all the money is from TinyCat and their other library-oriented products so they just don't care about individual members anymore.

In response to >2 lorannen:, there isn't much new advice I can offer here. There's just one admin login for all of LT and TC. The suggestions in >6 JerryMmm: are good ones, if you're worried about sharing your password with more than a few admins/volunteers, @GilesCorey. And, as you've already figured out, regular exports will at least help you keep a thumb on your library data at any given time—and yes, we certainly need to overhaul and close the import-export loop on LT.

I'm finding that most of the audit trail I'd like to have can be accomplished via the e-mails that are sent to the e-mail account linked to the admin. It tells me when things are added and when things are checked-out. Would be real nice if deleting items also triggered an e-mail; deletions are more of a concern than additions.

e-Mail alerts are probably an adequate audit system, but the catch is that anyone who logs on as admin can go to settings and turn-off the alerts.

I can understand the complexity of trying to adjust what was created as a single-admin framework to multi-admin. Functionally, it's a lot of work when, realistically, there are only a few settings that need to be restricted to one person, say the Head Librarian.

What if certain key config settings were moved to their own page? Say I was running an LT/TC called HappyBooks;

Volunteers would continue to logon to www.LibraryThing.com/catalog/HappyBooks and www.librarycat.org/lib/HappyBooks

but for more sensitive settings, could they be partitioned into www.LibraryThing.com/admin/HappyBooks ?

If the admin page had a separate password, it could be used exclusively by the Head Librarian, making sure a rogue volunteer couldn't turn off the audit trail. or change the admin password. What other functions might go there, don't really know at this point, but maybe this would be simpler to implement?

Regarding deleted books, if you do come across books that were mistakenly deleted and you need to recover those books, please let me know. I may be able to restore them for you, particularly for books deleted within a specific timeframe.

I'm sure the developers already have an idea of how they would implement a multiple-admin system for LibraryThing/TinyCat, if it ever comes to that, but there are no immediate plans for doing this. I'm sorry for the inconvenience. In the meantime, I suggest sharing your admin login with trusted individuals only, and perhaps change your password whenever a volunteer leaves (within reason).

>16 kristilabrie:

I'm sure the developers already have an idea of how they would implement a multiple-admin system for LibraryThing/TinyCat

Really? It would be a huge undertaking, since it would involve a fundamental change to the "one account, one catalog" rule that underpins all of LT. I'd be surprised if they've spent a lot of time sketching out implementation details for something so massive that may never happen.

You could put the url for deleting a book in a blacklist.

>17 lorax: You're speaking more to what I was getting at, here. I should have emphasized more on the fact that "this probably isn't going to happen, certainly not for a long time if so", and wanted to say that if we were to implement this, the developers would want to determine how to do it, with the option of asking members for certain preferences if needed.