Difference between revisions of "SUNScholar/Resource Permissions"

Latest revision as of 10:09, 20 June 2016

BACK TO ACCESS CONTROL

Introduction

Since version 1.7.2 , DSpace has enabled, by default, permissions on resources. The control of resource permissions is called policy management in DSpace terminology.

*** You can only define resource policies when logged in as the super-administrator ***

It is possible to delegate the administration of Communities and Collections.

This functionality eliminates the need for an Administrator Superuser account for these purposes. An EPerson that will be attributed Delegate Admin rights for a certain community or collection will also "inherit" the rights for underlying collections and items. As a result, a community admin will also be collection admin for all underlying collections. Likewise, a collection admin will also gain admin rights for all the items owned by the collection.

Authorization to execute the functions that are allowed to a user with WRITE permission on an object will be attributed to be the ADMIN of the object (e.g. community/collection/admin will be always allowed to edit metadata of the object). The default will be "true" for all the configurations.

Default config

##### Authorization system configuration - Delegate ADMIN #####

# COMMUNITY ADMIN configuration
# subcommunities and collections
#core.authorization.community-admin.create-subelement = true
#core.authorization.community-admin.delete-subelement = true
# his community
#core.authorization.community-admin.policies = true
#core.authorization.community-admin.admin-group = true
# collections in his community
#core.authorization.community-admin.collection.policies = true
#core.authorization.community-admin.collection.template-item = true
#core.authorization.community-admin.collection.submitters = true
#core.authorization.community-admin.collection.workflows = true
#core.authorization.community-admin.collection.admin-group = true
# item owned by collections in his community
#core.authorization.community-admin.item.delete = true
#core.authorization.community-admin.item.withdraw = true
#core.authorization.community-admin.item.reinstatiate = true
#core.authorization.community-admin.item.policies = true
# also bundle...
#core.authorization.community-admin.item.create-bitstream = true
#core.authorization.community-admin.item.delete-bitstream = true
#core.authorization.community-admin.item-admin.cc-license = true

# COLLECTION ADMIN
#core.authorization.collection-admin.policies = true
#core.authorization.collection-admin.template-item = true
#core.authorization.collection-admin.submitters = true
#core.authorization.collection-admin.workflows = true
#core.authorization.collection-admin.admin-group = true
# item owned by his collection
#core.authorization.collection-admin.item.delete = true
#core.authorization.collection-admin.item.withdraw = true
#core.authorization.collection-admin.item.reinstatiate = true
#core.authorization.collection-admin.item.policies = true
# also bundle...
#core.authorization.collection-admin.item.create-bitstream = true
#core.authorization.collection-admin.item.delete-bitstream = true
#core.authorization.collection-admin.item-admin.cc-license = true

# ITEM ADMIN
#core.authorization.item-admin.policies = true
# also bundle...
#core.authorization.item-admin.create-bitstream = true
#core.authorization.item-admin.delete-bitstream = true
#core.authorization.item-admin.cc-license = true

References

@@ Line 1: / Line 1: @@
 <center>
-  '''[[SUNScholar/Customisation|Back to Customisation]]'''
+  '''[[SUNScholar/Access_Control|BACK TO ACCESS CONTROL]]'''
 </center>
 ==Introduction==
-Since version 1.7.2 , DSpace has <font color="red">'''very fine-gained control'''</font> for permissions on communities, collections and items. One can control access to whole communities or collections or one can control access to an individual bitstream only. The level of access you grant is up to you as the administrator.
+Since version 1.7.2 , DSpace has enabled, by default, permissions on resources. The control of resource permissions is called policy management in DSpace terminology.
-The control of permissions is called policy management in DSpace terminology.
+ <font color="red">'''*** You can only define resource policies when logged in as the [[SUNScholar/Install_DSpace/S07|super-administrator]]''' ***</font>
-==Basic Permissions==
+''It is possible to delegate the administration of Communities and Collections.''
-Using the XMLUI interface, policies are managed by clicking on "Click here to add a new policy" when logged in as an Administrator and have selected to edit a community, collection or item.
-See screenshot below.
+This functionality eliminates the need for an Administrator Superuser account for these purposes. An EPerson that will be attributed Delegate Admin rights for a certain community or collection will also "inherit" the rights for underlying collections and items. As a result, a community admin will also be collection admin for all underlying collections. Likewise, a collection admin will also gain admin rights for all the items owned by the collection.
-[[File:Collection-policy-management.png|border]]
-==Advanced Resources Policies==
-In addition you can use the wildcard policy tool to implement policies that are inherited by descendant communities/collections/items in order to delegate administrative tasks.
-See screenshots below.
-===Step 1 - Click on: "Authorizations"===
-[[File:Ap.png|border]]
-===Step 2 - Click on: "Advanced authorizations tool"===
-[[File:Ap-1.png|border]]
-===Step 3 - Setup and apply advanced authorization===
-[[File:Advanced-policies.png|border]]
-==References==
-*https://wiki.duraspace.org/display/DSDOC4x/Functional+Overview#FunctionalOverview-Authorization
-*https://wiki.duraspace.org/display/DSDOC4x/Configuration+Reference#ConfigurationReference-DelegationAdministration:AuthorizationSystemConfiguration
-*https://wiki.duraspace.org/display/DSDOC3x/Configuration#Configuration-DelegationAdministration:AuthorizationSystemConfiguration
-*https://wiki.duraspace.org/display/DSDOC18/Configuration#Configuration-DelegationAdministration:AuthorizationSystemConfiguration
-*https://wiki.duraspace.org/display/DSDOC17/Configuration#Configuration-DelegationAdministration:AuthorizationSystemConfiguration
-*http://dspace.org/sites/dspace.org/files/archive/1_6_2Documentation/ch02.html#N102CE
-*http://dspace.org/sites/dspace.org/files/archive/1_5_2Documentation/ch02.html#N10291
+Authorization to execute the functions that are allowed to a user with WRITE permission on an object will be attributed to be the ADMIN of the object (e.g. community/collection/admin will be always allowed to edit metadata of the object). The default will be "true" for all the configurations.
 ==Default config==
 <pre>
@@ Line 90: / Line 62: @@
 #core.authorization.item-admin.cc-license = true
 </pre>
+==References==
+*https://github.com/DSpace/DSpace/blob/master/dspace/config/dspace.cfg#L253-L292
+*https://wiki.duraspace.org/display/DSDOC5x/Configuration+Reference#ConfigurationReference-DelegationAdministration:AuthorizationSystemConfiguration
+*https://wiki.duraspace.org/display/DSDOC4x/Configuration+Reference#ConfigurationReference-DelegationAdministration:AuthorizationSystemConfiguration
+*https://wiki.duraspace.org/display/DSDOC3x/Configuration#Configuration-DelegationAdministration:AuthorizationSystemConfiguration
+[[Category:Operations]]

Difference between revisions of "SUNScholar/Resource Permissions"

Latest revision as of 10:09, 20 June 2016

Introduction

Default config

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools