Why are some users blocked from accessing the databases and how do we troubleshoot access problems?
Access to the databases—by this we mean the remote resources that we link to from the databases page—is controlled by Active Directory groups, which are set by the district office. To get into one of the Active Directory groups that provides access to the databases, users need to be current. That means:
- Students who are enrolled in at least one class during the current semester
- Employees who currently have a contract/TCS.
There may be some exceptions to the above. For instance
- employees may not get dropped from access for some time after their employment ends;
- students who withdraw are not dropped from database access until the end of the term;
- some employees are not placed in the correct Active Directory group (one of the "Everyone on Exchange" groups)
- some resources are not available at all four colleges, and a student may be primarily associated with a college that doesn't have access, even though they are also taking a class at a college that does have access
- in some cases, LDAP (Windows authentication) may not communicate correctly with Shibboleth (single sign-on)
If the user is current but they are getting the Access Denied page, how do we troubleshoot?
The Access Denied page contains the following troubleshooting tips. Please be sure that the student has tried them before creating a ticket. They are:
- Log out of EZproxy by visiting the following URL: https://ezproxy.losrios.edu/logout
- Log back in to EZproxy while bypassing SSO by going to the following URL: https://ezproxy.losrios.edu/login?auth=custom
If you guide the user in doing this, please copy and paste the URLs above rather than going to them yourself and copying the URLs from the browser.
Quitting the browser entirely, using a different browser, clearing cookies or using an incognito window would accomplish the same goals as the above steps, but it is difficult to know if the user has really done these things. For instance, in Mac OS, you can close all browser windows without ending the browser session.
Can we associate a student with a different college?
We have a few options for working around this:
- we can create an exception in the EZproxy configuration file (shibuser.txt) to slot the student into the needed campus
- we can create a custom login for the user to log into EZproxy with (for this they would need to bypass Single Sign-On)
- for some resources, we can create a custom login allowing the user to access the platform outside the proxy.
Please forward the ticket to the Problem Reports queue or bring it to the ERM librarian at your college.
Does Alma help?
Note that a user's Alma record does not control their database access*. However, looking at the user's Alma record might give you some info about their current status. If a user has an expiration date in the future, then normally (unless the semester is still a ways from beginning) they should have database access. If they're not in Alma or have an expiration date in the past, then they most likely aren't current, so should not have database access.
If a user appears to be current but still can't access, please transfer the ticket to the Problem Reports queue.
Troubleshooting employee access
If a current employee reports problems accessing the databases, please feel free to transfer the ticket to the Problem Reports queue. However, if you want to try checking their Active Directory groups yourself:
- Open the desktop version of Outlook (web access won't work)
- Type their name into Outlook so it comes up in the "To" field.
- Right-click on their name and click Open Contact Card
- Click Membership and look at their Active Directory groups. If you don't see one of the Everyone on Exchange groups listed, prefixed by either ARC, CRC, FLC, SCC, or DO, this would explain why they don't have access.
But can we fix that?
The best way to fix it is for them to work with their supervisor or college IT to get put into the correct Active Directory group. If there is an urgent need for access, the ERM librarians can temporarily put an exception in one of the EZproxy configuration files. This is a bit laborious to do so we would rather avoid this workaround if it's not urgent.
*Ok there is one exception: our digital books or other digital objects that we provide via Alma-D. In this case, access depends upon the Alma user account.