Roles and permissions

  • users
  • admin
Last updated: 31-05-2024

Every user in the system has one or more roles which determine their permissions in the RERO ILS interface, depending on the type of resource. The permissions matrix displays these interactions in detail. Permissions can override each other.


  1. any user: Any user, logged in or not, gets this role.
  2. authenticated user: A user logged in to the system.
  3. admin, monitoring and superuser: Roles used for system administration.
  4. document importer: Allows an external system to use the API only to import documents (e.g. EZPump).
  5. patron: A patron registered in an organization.
  6. professional roles: Granular roles assigned to librarians.

Permissions on the public interface

Non-patron Patron
Search yes yes
Place requests on items no yes
Access patron account no yes

Permissions on the professional interface

The system provides a number of professional roles that can be combined to match each librarian's tasks.

  • pro: full permissions: for system librarians, grants all permissions in the organization
  • pro: library administrator: gives the same rights as full permissions except on organization-related resources (patron type, item type, etc.).
  • pro: read only: provides read access to resources through the API
  • pro: catalog manager: provides access to the cataloguing module and related resources (document editing, items, files, holdings, etc.)
  • pro: circulation: provides access to the circulation module and related resources
  • pro: user manager: allows users and patrons to be edited, but does not allow professional permissions to be assigned or withdrawn
  • pro: acquisition manager: gives access to the acquisitions module and related resources (vendors, orders, accounts, etc.)
  • pro: entity manager: allows management (creation, editing, deletion) of local entities (disabled in the RERO+ network)
    • pro: statistics: gives access to the library's basic statistics, as well as to statistical report configurations

Permissions matrix

The permissions matrix is accessible for users with the role pro: full permissions and details the permissions assigned according to user type (horizontal axis), and resource and permission type (vertical axis).

Each line of the table indicates a resource and an action on that resource, and each column indicates a user role. For example, acac-access means 'access for acquisition accounts'.

For details of resources, see the Shortcut column in the tables on the Data model page.

Access to several types of actions is managed by the permissions module:

  • access: Permission to display the pro interface menu related to the resource.
  • create: Permission to create the resource.
  • delete: Permission to delete the resource.
  • read: Permission to view the resource data through the API.
  • search: Permission to search and list resources.
  • update: Permission to edit the resource.
  • transfer: Permission to transfer the resource (e.g. acquisition account).

The boxes indicate which permission is defined for this combination:

  • = no permission specified (the action will be blocked unless another user role allows it)
  • = action allowed

The detailed view of a patron/user also allows you to see in detail which permissions are assigned to them according to their roles. Each line indicates whether the resource-action pairing is authorized () or prohibited () for that user. Extending the line shows which role causes this permission.

Register a patron/manage users | Cataloguing documents