We're not technically using TMS yet but at the moment I imagine we'll be
applying the same policy we use now which is a hybrid between individual
sign-ons and generic sign-ons.
Each department has an intern login that is pre-fixed by the department
name (i.e. COLLMGMTINTERN). Depending on how each department is working
with their interns we have given them view-only rights or limited access
for their specific responsibilities. Using this method helps us identify
who was making the error easier because we can see in the record whether
it was an intern or not. Since each department tracks their own interns
we can cross reference the dates with them if we ever had to identify a
specific person, though this has never come up. Generally just knowing
it was an intern has been enough to tell us whether to trust the update
or not if we see something a-miss. The only exception to this is the
Registrar's office interns who do get individual log-ins due to the
complexity of the work they do in the database.
We know individual log-ins is the ideal but we decided that we would not
be able to keep up with the large amount of user logins that would be
required (activating AND deactivating). We also found that we were not
necessarily notified every time new interns started and/or left so
sometimes an intern would start and could not get into the database
right away (an issue since database training is often the first thing
staff put on an intern's schedule) so staff would let them use their log
ins which of course has its own issues.
For us, giving the staff a ready-to-use intern login that is customized
to their needs seems to have alleviated most of our past issues and
still gives us some control over system use.
Robyn Sanford
Head of Collection Information
LOS ANGELES COUNTY MUSEUM OF ART
5905 WILSHIRE BOULEVARD
LOS ANGELES CALIFORNIA 90036
T 323 857 4769
F 323 857 6213
E [log in to unmask] <mailto:[log in to unmask]>
From: The Museum System (TMS) Users [mailto:[log in to unmask]]
On Behalf Of Morgan, Amber
Sent: Tuesday, May 01, 2012 12:24 PM
To: [log in to unmask]
Subject: Re: user login creation [heur]
I'll be the one who's different here and say that we do have a generic
"intern" login, but it has NO edit or write permissions - it is strictly
read-only, and it can only view information that would normally be
public anyway. Researchers sometimes use it as well. It comes in handy
when someone shows up at my desk because they have an intern who needs
to look something up "right now." I know I have a safe account that is
already set up with all the restrictions I'd want. Anyone who can edit
or add new data has their own login with their username.
the warhol:
Amber E. Morgan
Associate Registrar
117 Sandusky Street
Pittsburgh, PA 15212
T 412.237.8306
F 412.237.8340
E [log in to unmask]
W www.warhol.org <http://www.warhol.org/>
________________________________
From: The Museum System (TMS) Users [mailto:[log in to unmask]]
On Behalf Of Brenda Podemski
Sent: Tuesday, May 01, 2012 1:40 PM
To: [log in to unmask]
Subject: Re: user login creation
As a rule, we create individual accounts for anyone who has access to
TMS, also based on their network login ID. I would say it is even more
relevant when assigning accounts to temporary staff like interns because
a) they tend to be very active users and updaters of information in TMS
(for which we are extremely grateful, BTW); and b) there is a greater
chance for discrepancies in style and syntax because of their relatively
short tenure at the Museum. Identifying issues that might be unique to
a given individual are more easily accomplished when you can clearly
identify their system activity.
The only exceptions to this rule are users we create for very specific
functions (e.g. generic training logins; tech. services app install
testing; Crystal Reports automated job scheduling; automated data
update/transfer processes). Unique accounts are created for each
function so that we may track access by the type of usage, but only when
it is not relevant to tie the usage to a specific individual.
We occasionally get requests for a generic account, but typically deny
such requests for the reasons already presented: login access and audit
trail accuracy.
b
>>> "Moxley, Jeri" <[log in to unmask]> 5/1/2012 8:35 AM >>>
Our intern network accounts are named as described below, thus why their
TMS logins are not named accounts. In TMS, they are given restricted and
read-only access to everything other than records for incoming loan
exhibitions.
From: Garton, Susan [mailto:[log in to unmask]]
Sent: Tuesday, May 01, 2012 11:08 AM
To: [log in to unmask] <[log in to unmask]>
Subject: Re: user login creation
The Smithsonian discourages the use of shared accounts. Everyone here at
the National Portrait Gallery has to have their own network account in
order to get a TMS account. We used to have shared accounts, and I now
regret it when I see "Intern" in the audit trail.
Sue Garton
Data Administrator
National Portrait Gallery
(202) 633-8554
[log in to unmask]
From: The Museum System (TMS) Users [mailto:[log in to unmask]]
On Behalf Of Moxley, Jeri
Sent: Monday, April 30, 2012 6:10 PM
To: [log in to unmask]
Subject: Re: user login creation
We have a slew of intern accounts, prefaced by the department the intern
works with and a number at the end of the login name since a single
department may have several interns at any one point in time. We keep
records of each intern class and are able to recognize by loginID and
date which intern made any given entry that appears in the audit trail.
Jeri
Jeri Moxley
Manager, Collection and Exhibition Technologies
The Museum of Modern Art
11 West 53 Street, New York, NY 10019-5497
Tel. (212) 708-9599 Fax. (212) 333-1102
On Mon, Apr 30, 2012 at 5:56 PM, Chad Petrovay <[log in to unmask]>
wrote:
I agree with Rick. A single login is more convenient, but the downside
is that when you look at record creation or audit trail entries, the
only value you will see is "Intern" - which is not helpful. ~Chad
On Mon, Apr 30, 2012 at 3:38 PM, Lathrop, Richard (Contractor)
<[log in to unmask]> wrote:
From an security/audit perspective having individual username\passwords
are always the preferred method.
Rick
From: The Museum System (TMS) Users [mailto:[log in to unmask]]
On Behalf Of Diane Lee
Sent: Monday, April 30, 2012 3:27 PM
To: [log in to unmask]
Subject: user login creation
Hello all,
I am working on tweaking our security levels due to a change in
departmental structure and need, and also due to an impending upgrade to
2010, and was curious about something when I was reviewing our current
user list: does anyone create new user logins for individual
interns/volunteers? Or do you use an overall "Intern" login for everyone
to use as they come and go? And pro/cons to doing either? (We've
currently just got a generic "Intern" login at the moment.)
I'd be interested in input - thanks!
Diane.
============================================================
Diane Lee
Collections Manager
The Connecticut Historical Society
One Elizabeth Street
Hartford, CT 06105
(860) 236-5621, ext. 242 <tel:%28860%29%20236-5621%2C%20ext.%20242>
Fax: (860) 236-2664 <tel:%28860%29%20236-2664>
www.chs.org <http://www.chs.org/>
Join us for one of our coming events!
Visit http://www.chs.org/calendar for a complete listing.
To unsubscribe, send an email to [log in to unmask] with the
following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the
following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the
following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the
following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the
following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the
following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the
following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
The information contained in this message and/or attachments is intended
only for the person or entity to which it is addressed and may contain
confidential and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended
recipient is prohibited. If you received this in error, please contact
the sender and delete the material from any system and destroy any
copies. Any views expressed in this message are those of the individual
sender. --
To unsubscribe, send an email to [log in to unmask] with the
following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
|
