Single or Many? Managing Accounts for Database Subscriptions

Over the last five years, electronic resources have become an increasingly more important part of the services provided by law libraries. Administering electronic database subscriptions can be a time-consuming process; managing an electronic subscription includes, but is not limited to, evaluating the resource, negotiating a contract, training users, dealing with passwords, and billing back costs (if necessary). This column discusses a specific aspect of managing database subscriptions: the advantages and disadvantages of using individual user IDs rather than organization-wide passwords.

One problem with the growing number of online database subscriptions is the associated increase in the number of passwords that librarians have to administer. It can be frustrating for lawyers and other end users of these products to have to remember a large number of user IDs and passwords; it may even act as a barrier to use of these expensive products. Therefore one of the goals of librarians should be to make it as easy as possible for the end user to access these products.

Obviously, how the resource is licenced is the most important factor. Some products require that each potential user be given a unique ID and password; other products only allow one organization-wide password. In some situations there may be a choice; for example, you may be able to choose between getting an enterprise-wide licence for a product or getting licences for a specific number of named users. You may not always be told there are options beyond what is initially offered, so always check with your vendor. Most vendors are willing to work with you to find the best solution to your needs.

There are several advantages to using individual user IDs and passwords. Individual user IDs mean that you can immediately cut off access when the user leaves. If the resource allows you track usage by user, having individual IDs allows you to see who is using a product and how much they are using it; you can see if a resource is being underutilized by a specific practice group. Being able to track usage may also give you a clue that someone is not using a resource properly. It makes it much easier to bill costs back to clients.

On the other hand, having only one organization-wide (or office-wide) password can make life a lot simpler for an administrator. The password can be easier to find (e.g. it may be published on the organization’s intranet) meaning that users are much less likely to lose access to the resource. Contrast that to the situation in which a lawyer goes to use a resource late at night only to discover he has misplaced his password and has no way of finding it.

A third possibility offered by some vendors is using IP authentication instead of requiring an ID/password for users to log in. Databases that use IP authentication make the login process even easier, as the only thing users have to remember is the database’s URL. In order to use IP authentication, your institution needs to have a fixed IP address or range of IP addresses. The downside is that users may not be able to access the database from home.

Assuming you have options, there are several things to consider when choosing between one password for all users versus individual passwords:

Are you charging back for this product? Generally a good rule is: if you are not charging back for the resource, you should have one general password. If you are charging back, have individual passwords. File numbers get entered incorrectly; it’s much easier to figure out what the real file numbers should be if you know who did the searches in the first place. Some products force users to use approved file numbers. While these products can be useful, they may also act as deterrents to database use.

Are you paying a flat fee for this product or are you paying by usage? If you are paying by usage you want to have an idea of who is using the resource. Every librarian has a horror story involving an articling student and several thousand dollars of database costs. If you do not know who ran up significant costs, you will not be able to tell whether these are legitimate search costs or the result of an articling student who needs some remedial database training.
How much personalization does an individual password allow? A number of databases allow personalization, e.g. the default email address for results to be sent to, preferred format of search results or having favourite databases appear on the front page.

Can the organization’s database administrator or user reset the password if they forget it? User IDs and passwords are easily lost, usually at the most inopportune time. If possible, it is important for someone at your organization to be given the ability to reset passwords rather than the vendor’s technical support being the ones to do it. With one general password, users are less likely to lose access to a product as multiple people will know what the password is.

What are the cost implications? Licencing a product that can be used by all members of an organization is generally more expensive than one is licenced to a specific number of people. (Note that this is not always the case.)

If you are using individual user IDs and passwords, you will want to try to minimize the chances that this information will be forgotten/lost by the user. It helps to have a consistent format for your user IDs; email addresses are ideal as they are easy for users to remember and should be unique. However, the vendor may restrict the length of user IDs resulting in an inability to use email addresses. My firm is a good example since the length of our domain name – – can push email addresses past the 25 character limit imposed by some vendors. Furthermore, not all vendors give you the option of choosing what ID is assigned to each of your users; they choose the user ID for you.

One final note: if going the individual password route, make sure that the vendor sends the IDs and passwords to you so that you have a record of them.


  1. The only point to add to the database subscription issues is that some vendors give the initial individual sign on to the accounts manager (usually the librarian) but then require the user to change the password to a personal one. The user often forgets the personalized password and calls the library but now we have no way of knowing what it is. Yes, they can send a “forgot your password” email to the vendor but then they have to remember the answer to the security question which they also sometimes forget…

    I find that having an IP address and an icon to the service, so that users connect without passwords increases the popularity of the products significantly, although the usage is harder to monitor and often difficult to charge back to the clients.