SUNScholar/Resource Permissions
Jump to navigation
Jump to search
Back to Customisation
Contents
Introduction
Since version 1.7.2 , DSpace has very fine-gained control for permissions on communities, collections and items. One can control access to whole communities or collections or one can control access to an individual bitstream only. The level of access you grant is up to you as the administrator.
The control of permissions is called policy management in DSpace terminology.
Basic Permissions
Using the XMLUI interface, policies are managed by clicking on "Click here to add a new policy" when logged in as an Administrator and have selected to edit a community, collection or item.
See screenshot below.
Advanced Resources Policies
In addition you can use the wildcard policy tool to implement policies that are inherited by descendant communities/collections/items in order to delegate administrative tasks.
See screenshots below.
Step 1 - Click on: "Authorizations"
Step 2 - Click on: "Advanced authorizations tool"
Step 3 - Setup and apply advanced authorization
References
- https://wiki.duraspace.org/display/DSDOC4x/Functional+Overview#FunctionalOverview-Authorization
- https://wiki.duraspace.org/display/DSDOC4x/Configuration+Reference#ConfigurationReference-DelegationAdministration:AuthorizationSystemConfiguration
- https://wiki.duraspace.org/display/DSDOC3x/Configuration#Configuration-DelegationAdministration:AuthorizationSystemConfiguration
- https://wiki.duraspace.org/display/DSDOC18/Configuration#Configuration-DelegationAdministration:AuthorizationSystemConfiguration
- https://wiki.duraspace.org/display/DSDOC17/Configuration#Configuration-DelegationAdministration:AuthorizationSystemConfiguration
- http://dspace.org/sites/dspace.org/files/archive/1_6_2Documentation/ch02.html#N102CE
- http://dspace.org/sites/dspace.org/files/archive/1_5_2Documentation/ch02.html#N10291
Default config
##### Authorization system configuration - Delegate ADMIN ##### # COMMUNITY ADMIN configuration # subcommunities and collections #core.authorization.community-admin.create-subelement = true #core.authorization.community-admin.delete-subelement = true # his community #core.authorization.community-admin.policies = true #core.authorization.community-admin.admin-group = true # collections in his community #core.authorization.community-admin.collection.policies = true #core.authorization.community-admin.collection.template-item = true #core.authorization.community-admin.collection.submitters = true #core.authorization.community-admin.collection.workflows = true #core.authorization.community-admin.collection.admin-group = true # item owned by collections in his community #core.authorization.community-admin.item.delete = true #core.authorization.community-admin.item.withdraw = true #core.authorization.community-admin.item.reinstatiate = true #core.authorization.community-admin.item.policies = true # also bundle... #core.authorization.community-admin.item.create-bitstream = true #core.authorization.community-admin.item.delete-bitstream = true #core.authorization.community-admin.item-admin.cc-license = true # COLLECTION ADMIN #core.authorization.collection-admin.policies = true #core.authorization.collection-admin.template-item = true #core.authorization.collection-admin.submitters = true #core.authorization.collection-admin.workflows = true #core.authorization.collection-admin.admin-group = true # item owned by his collection #core.authorization.collection-admin.item.delete = true #core.authorization.collection-admin.item.withdraw = true #core.authorization.collection-admin.item.reinstatiate = true #core.authorization.collection-admin.item.policies = true # also bundle... #core.authorization.collection-admin.item.create-bitstream = true #core.authorization.collection-admin.item.delete-bitstream = true #core.authorization.collection-admin.item-admin.cc-license = true # ITEM ADMIN #core.authorization.item-admin.policies = true # also bundle... #core.authorization.item-admin.create-bitstream = true #core.authorization.item-admin.delete-bitstream = true #core.authorization.item-admin.cc-license = true
