I could not find any setting that would create the proper default policy on new collections added to DSpace.
The policy should be that the item is readable by anonymous, but the bitstream can only be accessed inside AIT (the web browser connected from CS or AIT IP address, or maybe authenticated through LDAP).
Once one (or several) new collection(s) has been created, do the following:
psql -h database dspace dspaceUse DSpace admin password for the database.
update public.resourcepolicy set epersongroup_id=5 where action_id=9 and resource_type_id=3 \ and epersongroup_id=0 and policy_id=x;Be careful, this upgrade all the default_bitstream_read across DSpace; it may be a problem if we host other collections; in that case, we may limit the update to the newly created collections, for example limiting on the resource_id (editing a collection policies display the collection resource_id and the policy_id of each policy).
sudo -u httpd /web/dspace-install/bin/dspace index-discovery -f
For reference, the IDs in the database are the following:
resource_type_id | |
0 | bitstream |
1 | bundle |
2 | item |
3 | collection |
4 | community |
action_id | |
0 | read |
1 | write |
3 | add |
4 | remove |
9 | default_bitstream_read |
10 | default_item_read |
11 | admin |