Q. Why are some users blocked from accessing the databases and how do we troubleshoot access problems?
Access to the databases is controlled by Active Directory groups, which are set by the district office. To get into one of the Active Directory groups that provides access to the databases, users need to be current. That means:
- Students who are enrolled in at least one class during the current semester
- Employees who currently have a contract/TCS.
There may be some exceptions to the above. For instance
- employees may not get dropped from access for some time after their employment ends;
- students who withdraw are not dropped from database access until the end of the term;
- some employees are not placed in the correct Active Directory group (one of the "Everyone on Exchange" groups)
- some resources are not available at all four colleges, and a student may be primarily associated with a college that doesn't have access, even though they are also taking a class at a college that does have access
- in rare cases, LDAP (Windows authentication) may not communicate correctly with Shibboleth (single sign-on)
Can we associate a student with a different college?
We have a few options for working around this:
- we can create an exception in the EZproxy configuration file (shibuser.txt) to slot the student into the needed campus
- we can create a custom login for the user to log into EZproxy with (for this they would need to bypass Single Sign-On)
- for some resources, we can create a custom login allowing the user to access the platform outside the proxy.
Please forward the ticket to the Problem Reports queue or bring it to the ERM librarian at your college.
Does Alma help?
Note that a user's Alma record does not control their database access. However, looking at the user's Alma record might give you some info about their current status. If a user has an expiration date in the future, then normally (unless the semester is still a ways from beginning) they should have database access. If they're not in Alma or have an expiration date in the past, then they most likely aren't current, so should not have database access.
If a user appears to be current but still can't access, please transfer the ticket to the Problem Reports queue.
Troubleshooting employee access
If a current employee reports problems accessing the databases, please feel free to transfer the ticket to the Problem Reports queue. However, if you want to try checking their Active Directory groups yourself:
- Open the desktop version of Outlook (web access won't work)
- Type their name into Outlook so it comes up in the "To" field.
- Right-click on their name and click Open Contact Card
- Click Membership and look at their Active Directory groups. If you don't see one of the Everyone on Exchange groups listed, this would explain why they don't have access.
But can we fix that?
The best way to fix it is for them to work with their supervisor or college IT to get put into the correct Active Directory group. If there is an urgent need for access, the ERM librarians can temporarily put an exception in one of the EZproxy configuration files. This is a bit laborious to do so we would rather avoid this workaround if it's not urgent.