Access Permissions define which records can be accessed, whereas Roles define what can be done with those records. Only library staff are assigned a role - all other users do not have one and are therefore OPAC users.
Five security levels are defined in the application and cannot be edited:
This is the highest level and has access to every part and function of the application. Typically it will be only assigned to one or two users and they will be people who administer the running and setup of the application. This role cannot be deleted.
This role is assigned to users who are responsible for the overall administration of catalogue, user and loans data for the offices that they administer. For example, a user can be assigned this role as well as one or more offices. The offices may just be in their country or other countries as well. Typically this role is assigned to users who need to delete records from offices other than their own.
Note that although this role allows you to manage user accounts, it does not allow you to change the User ID. If you need to be able to do this, assign the Librarian role instead.
This role is the most common role assigned to library staff. It provides access to most functions related to their local office, including cataloguing, loans and user management. For example, it allows the user to delete catalogue records (if other conditions allow) for their office only.
This role has access to the same records in the application as higher-level users, but they will not have any create or edit access. It is strictly a read only version of both the catalogue and the thesaurus.
Access permissions not working as expected? See the Troubleshooting Guide.