Tue Jan 20 16:07:10 ICT 2015

Setting access policy on new collections in DSpace

I could not find any setting that would create the proper default policy on new collections added to DSpace.

The policy should be that the item is readable by anonymous, but the bitstream can only be accessed inside AIT (the web browser connected from CS or AIT IP address, or maybe authenticated through LDAP).

Once one (or several) new collection(s) has been created, do the following:

  1. connect to postgress server on database.cs.ait.ac.th:
    psql -h database dspace dspace
    Use DSpace admin password for the database.
  2. update the default_bitstream_read policy to allow read by the group AIT:
    update public.resourcepolicy set epersongroup_id=5 where action_id=9 and resource_type_id=3 \
    and epersongroup_id=0 and policy_id=x;
    Be careful, this upgrade all the default_bitstream_read across DSpace; it may be a problem if we host other collections; in that case, we may limit the update to the newly created collections, for example limiting on the resource_id (editing a collection policies display the collection resource_id and the policy_id of each policy).
  3. Update discovery SOLR search index:
    sudo -u httpd /web/dspace-install/bin/dspace index-discovery -f
  4. In DSpace, edit the collection to change the assigned roles. The role submitters should be assigned to the group CSIM_LDAP and the role Accept/Reject/Edit Metadata Step assigned to the group Office. This step implement DSpace workflow, where by any user in the group CSIM_LDAP can submit a new item, but the item will remain unpublished until a member of the group Office has reviewed, corrected and approved it.

For reference, the IDs in the database are the following:

0 bitstream
1 bundle
2 item
3 collection
4 community
0 read
1 write
3 add
4 remove
9 default_bitstream_read
10 default_item_read
11 admin

Posted by Olivier | Permanent link | File under: administration