We’re not technically using TMS yet but at the moment I imagine we’ll be applying the same policy we use now which is a hybrid between individual sign-ons and generic sign-ons.
Each department has an intern login that is pre-fixed by the department name (i.e. COLLMGMTINTERN). Depending on how each department is working with their interns we have given them view-only rights or limited access for their specific responsibilities. Using this method helps us identify who was making the error easier because we can see in the record whether it was an intern or not. Since each department tracks their own interns we can cross reference the dates with them if we ever had to identify a specific person, though this has never come up. Generally just knowing it was an intern has been enough to tell us whether to trust the update or not if we see something a-miss. The only exception to this is the Registrar’s office interns who do get individual log-ins due to the complexity of the work they do in the database.
We know individual log-ins is the ideal but we decided that we would not be able to keep up with the large amount of user logins that would be required (activating AND deactivating). We also found that we were not necessarily notified every time new interns started and/or left so sometimes an intern would start and could not get into the database right away (an issue since database training is often the first thing staff put on an intern’s schedule) so staff would let them use their log ins which of course has its own issues.
For us, giving the staff a ready-to-use intern login that is customized to their needs seems to have alleviated most of our past issues and still gives us some control over system use.
Robyn Sanford
Head of Collection Information
LOS ANGELES COUNTY MUSEUM OF ART
5905 WILSHIRE BOULEVARD
LOS ANGELES CALIFORNIA 90036
T 323 857 4769
F 323 857 6213
From: The Museum System (TMS) Users [mailto:[log in to unmask]] On Behalf Of Morgan, Amber
Sent: Tuesday, May 01, 2012 12:24 PM
To: [log in to unmask]
Subject: Re: user login creation [heur]
I’ll be the one who’s different here and say that we do have a generic “intern” login, but it has NO edit or write permissions – it is strictly read-only, and it can only view information that would normally be public anyway. Researchers sometimes use it as well. It comes in handy when someone shows up at my desk because they have an intern who needs to look something up “right now.” I know I have a safe account that is already set up with all the restrictions I’d want. Anyone who can edit or add new data has their own login with their username.
the warhol:
Amber E. Morgan
Associate Registrar
117 Sandusky Street
Pittsburgh, PA 15212
T 412.237.8306
F 412.237.8340
E [log in to unmask]
W www.warhol.org
From: The Museum System (TMS) Users [mailto:[log in to unmask]] On Behalf Of Brenda Podemski
Sent: Tuesday, May 01, 2012 1:40 PM
To: [log in to unmask]
Subject: Re: user login creation
As a rule, we create individual accounts for anyone who has access to TMS, also based on their network login ID. I would say it is even more relevant when assigning accounts to temporary staff like interns because a) they tend to be very active users and updaters of information in TMS (for which we are extremely grateful, BTW); and b) there is a greater chance for discrepancies in style and syntax because of their relatively short tenure at the Museum. Identifying issues that might be unique to a given individual are more easily accomplished when you can clearly identify their system activity.
The only exceptions to this rule are users we create for very specific functions (e.g. generic training logins; tech. services app install testing; Crystal Reports automated job scheduling; automated data update/transfer processes). Unique accounts are created for each function so that we may track access by the type of usage, but only when it is not relevant to tie the usage to a specific individual.
We occasionally get requests for a generic account, but typically deny such requests for the reasons already presented: login access and audit trail accuracy.
b
>>> "Moxley, Jeri" <[log in to unmask]> 5/1/2012 8:35 AM >>>
Our intern network accounts are named as described below, thus why their TMS logins are not named accounts. In TMS, they are given restricted and read-only access to everything other than records for incoming loan exhibitions.
From: Garton, Susan [mailto:[log in to unmask]]
Sent: Tuesday, May 01, 2012 11:08 AM
To: [log in to unmask] <[log in to unmask]>
Subject: Re: user login creation
The Smithsonian discourages the use of shared accounts. Everyone here at the National Portrait Gallery has to have their own network account in order to get a TMS account. We used to have shared accounts, and I now regret it when I see “Intern” in the audit trail.
Sue Garton
Data Administrator
National Portrait Gallery
(202) 633-8554
From: The Museum System (TMS) Users [mailto:[log in to unmask]] On Behalf Of Moxley, Jeri
Sent: Monday, April 30, 2012 6:10 PM
To: [log in to unmask]
Subject: Re: user login creation
We have a slew of intern accounts, prefaced by the department the intern works with and a number at the end of the login name since a single department may have several interns at any one point in time. We keep records of each intern class and are able to recognize by loginID and date which intern made any given entry that appears in the audit trail.
Jeri
Jeri Moxley
Manager, Collection and Exhibition Technologies
The Museum of Modern Art
11 West 53 Street, New York, NY 10019-5497
Tel. (212) 708-9599 Fax. (212) 333-1102
On Mon, Apr 30, 2012 at 5:56 PM, Chad Petrovay <[log in to unmask]> wrote:
I agree with Rick. A single login is more convenient, but the downside is that when you look at record creation or audit trail entries, the only value you will see is "Intern" - which is not helpful. ~Chad
On Mon, Apr 30, 2012 at 3:38 PM, Lathrop, Richard (Contractor) <[log in to unmask]> wrote:
From an security/audit perspective having individual username\passwords are always the preferred method.
Rick
From: The Museum System (TMS) Users [mailto:[log in to unmask]] On Behalf Of Diane Lee
Sent: Monday, April 30, 2012 3:27 PM
To: [log in to unmask]
Subject: user login creation
Hello all,
I am working on tweaking our security levels due to a change in departmental structure and need, and also due to an impending upgrade to 2010, and was curious about something when I was reviewing our current user list: does anyone create new user logins for individual interns/volunteers? Or do you use an overall “Intern” login for everyone to use as they come and go? And pro/cons to doing either? (We’ve currently just got a generic “Intern” login at the moment.)
I’d be interested in input – thanks!
Diane.
============================================================
Diane Lee Collections Manager The Connecticut Historical Society One Elizabeth Street Hartford, CT 06105 Fax: (860) 236-2664 | |
Join us for one of our coming events!
Visit http://www.chs.org/calendar for a complete listing.
To unsubscribe, send an email to [log in to unmask] with the following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
To unsubscribe, send an email to [log in to unmask] with the following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
The information contained in this message and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. Any views expressed in this message are those of the individual sender.
To unsubscribe, send an email to [log in to unmask] with the following commands in the body of the email:
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.
signoff TMSUSERS
// eoj
You will receive a confirmation that your subscription has been removed.