SUNScholar/Resource Permissions

BACK TO ACCESS CONTROL

Introduction
Since version 1.7.2, DSpace has enabled, by default, permissions on resources. The control of resource permissions is called policy management in DSpace terminology.

*** You can only define resource policies when logged in as the super-administrator ***

It is possible to delegate the administration of Communities and Collections.

This functionality eliminates the need for an Administrator Superuser account for these purposes. An EPerson that will be attributed Delegate Admin rights for a certain community or collection will also "inherit" the rights for underlying collections and items. As a result, a community admin will also be collection admin for all underlying collections. Likewise, a collection admin will also gain admin rights for all the items owned by the collection.

Authorization to execute the functions that are allowed to a user with WRITE permission on an object will be attributed to be the ADMIN of the object (e.g. community/collection/admin will be always allowed to edit metadata of the object). The default will be "true" for all the configurations.

Default config

 * 1) Authorization system configuration - Delegate ADMIN #####


 * 1) COMMUNITY ADMIN configuration
 * 2) subcommunities and collections
 * 3) core.authorization.community-admin.create-subelement = true
 * 4) core.authorization.community-admin.delete-subelement = true
 * 5) his community
 * 6) core.authorization.community-admin.policies = true
 * 7) core.authorization.community-admin.admin-group = true
 * 8) collections in his community
 * 9) core.authorization.community-admin.collection.policies = true
 * 10) core.authorization.community-admin.collection.template-item = true
 * 11) core.authorization.community-admin.collection.submitters = true
 * 12) core.authorization.community-admin.collection.workflows = true
 * 13) core.authorization.community-admin.collection.admin-group = true
 * 14) item owned by collections in his community
 * 15) core.authorization.community-admin.item.delete = true
 * 16) core.authorization.community-admin.item.withdraw = true
 * 17) core.authorization.community-admin.item.reinstatiate = true
 * 18) core.authorization.community-admin.item.policies = true
 * 19) also bundle...
 * 20) core.authorization.community-admin.item.create-bitstream = true
 * 21) core.authorization.community-admin.item.delete-bitstream = true
 * 22) core.authorization.community-admin.item-admin.cc-license = true


 * 1) COLLECTION ADMIN
 * 2) core.authorization.collection-admin.policies = true
 * 3) core.authorization.collection-admin.template-item = true
 * 4) core.authorization.collection-admin.submitters = true
 * 5) core.authorization.collection-admin.workflows = true
 * 6) core.authorization.collection-admin.admin-group = true
 * 7) item owned by his collection
 * 8) core.authorization.collection-admin.item.delete = true
 * 9) core.authorization.collection-admin.item.withdraw = true
 * 10) core.authorization.collection-admin.item.reinstatiate = true
 * 11) core.authorization.collection-admin.item.policies = true
 * 12) also bundle...
 * 13) core.authorization.collection-admin.item.create-bitstream = true
 * 14) core.authorization.collection-admin.item.delete-bitstream = true
 * 15) core.authorization.collection-admin.item-admin.cc-license = true


 * 1) ITEM ADMIN
 * 2) core.authorization.item-admin.policies = true
 * 3) also bundle...
 * 4) core.authorization.item-admin.create-bitstream = true
 * 5) core.authorization.item-admin.delete-bitstream = true
 * 6) core.authorization.item-admin.cc-license = true