Why are some users blocked from accessing the databases and how do we troubleshoot access problems?
Answer
Access to the databases—by this we mean the remote resources that we link to from the databases page, as well as various licensed e-resources (such as journals) that show up in OneSearch—is controlled by Active Directory groups, which are set by the district office. To get into one of the Active Directory groups that provides access to the databases, users need to be current. That means:
- Students who are enrolled in at least one class during the current semester
- Employees who currently have a contract/TCS.
There may be some exceptions to the above. For instance:
- employees may not get dropped from access for some time after their employment ends;
- students who withdraw are not dropped from database access until the end of the term;
- some employees are not placed in the correct Active Directory group (one of the "Everyone on Exchange" groups)
- in some cases, LDAP (Windows authentication) may not communicate correctly with Shibboleth (single sign-on)
If the user is current but they are getting the Access Denied page, how do we troubleshoot?
If the user is getting sent to Access Denied because of an SSO problem, and not because they are non-current with the college whose EZproxy they’re using, they should try quitting the browser entirely, using a different browser, clearing cookies or using an incognito window. The cookies set by both SSO and EZproxy are session-specific, so closing out entirely would force a new session, and SSO and EZproxy should communicate correctly. But it is difficult to know if the user has really done these things. For instance, in Mac OS, you can close all browser windows without ending the browser session, since the browser application is still open.
If this fails, send details, including the user ID and college whose EZproxy they were trying to access, to the Problem Report queue.
Does Alma help?
Note that a user's Alma record does not control their database access [see exception]. However, looking at the user's Alma record might give you some info about their current status. If a user has an expiration date in the future, or doesn’t have an expiration date, then normally (unless the semester is still a ways from beginning) they should have database access. If they're not in Alma or have an expiration date in the past, then they most likely aren't current, so should not have database access.
If a user appears to be current but still can't access, please report it to the Problem Reports queue, or if it is in an existing ticket, transfer that ticket to Problem Reports.
Troubleshooting employee access
If a current employee reports problems accessing the databases, please feel free to transfer the ticket to the Problem Reports queue. However, if you want to try checking their Active Directory groups yourself:
- Open the desktop version of Outlook (web access won't work)
- Type their name into Outlook so it comes up in the "To" field.
- Right-click on their name and click Open Contact Card
- Click Membership and look at their Active Directory groups. If you don't see one of the Everyone on Exchange groups listed, prefixed by either ARC, CRC, FLC, SCC, or DO, this would explain why they don't have access.
But can we fix that?
The best way to fix it is for them to work with their supervisor or college IT to get put into the correct Active Directory group. If there is an urgent need for access, the ERM librarians can temporarily put an exception in one of the EZproxy configuration files. This is a bit laborious to do so we would rather avoid this workaround if it's not urgent.