Thanks yet again, José! After much testing, I was able to modify the rights to all items in the repository. I would not have been able to get this right without your assistance.
On Wed, 3 Feb 2021 at 17:58, José Geraldo <josg...@gmail.com> wrote: > Use the database to change or add permission. > > The table used is resourcepolicy. > > Updating the epersongroup_id to id of the special group created e o filtro > por action_id. > > action_id: > > 0 read > 1 write > 3 add > 4 remove > 9 default_bitstream_read > 10 default_item_read > 11 admin > > Em qua., 3 de fev. de 2021 às 11:52, Sean Carte <sean.ca...@gmail.com> > escreveu: > >> I was hoping for some guidance on that. I did look at the tables, but >> wasn't able to find anything obviously related to access rights. >> >> Or did you mean that I should use the database to move items from the >> collection? That might work. >> >> On Wed, 3 Feb 2021 at 15:11, José Geraldo <josg...@gmail.com> wrote: >> >>> Another option would be to backup your database and make changes to the >>> database. >>> >>> Em qua., 3 de fev. de 2021 às 04:13, Sean Carte <sean.ca...@gmail.com> >>> escreveu: >>> >>>> For most collections, using the wildcard policy admin tool has worked >>>> very well, and I have been able to restrict their bitstreams to logged-in >>>> users. However, I have two collections with over 1000 items. For one of >>>> these, with 1688 items, I was not able to remove the anonymous read access; >>>> the browser reports an internal error, but there's nothing in the tomcat or >>>> dspace logs. Another collection, of 1012 items, allowed me to remove >>>> anonymous read access, but I have not been able to add READ access for the >>>> logged-in group. >>>> >>>> Apart from moving hundreds of items out of those collections, to reduce >>>> their size, does anybody have any suggestions on how I should proceed? >>>> >>>> DSpace version: 6.3 >>>> XMLUI >>>> Mirage2 theme >>>> >>>> On Fri, 29 Jan 2021 at 20:48, Sean Carte <sean.ca...@gmail.com> wrote: >>>> >>>>> Thanks again, José; you've been extremely helpful. >>>>> >>>>> On Fri, 29 Jan 2021 at 15:43, José Geraldo <josg...@gmail.com> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Items accepted in a collection inherit the associated authorization >>>>>> policies DEFAULT_ITEM_READ and DEFAULT_BITSTREAM_READ, which become READ >>>>>> policies for the item and its attachments. >>>>>> >>>>>> However, when changing the default policies for a collection, once >>>>>> items are accepted, the policies for existing items will not be changed >>>>>> automatically. >>>>>> >>>>>> Soon, a user, without logging in and in possession of the link to one >>>>>> of the items in the collection, will have access to the item and its >>>>>> contents. >>>>>> >>>>>> To get around this point, you will need to change the permissions of >>>>>> the items in the collection using the Policy Administration Tool to make >>>>>> them accessible only to logged-in users. >>>>>> >>>>>> For each item in a collection, there is only one READ policy >>>>>> configured for the Anonymous group. >>>>>> >>>>>> However, the tool does not have the option to edit policies, having >>>>>> only the options to add and delete policies. >>>>>> >>>>>> Therefore, it will be necessary to first delete the policies for >>>>>> items and binary files (attachments) and then create new READ policies >>>>>> linked to the special group for them. >>>>>> >>>>>> This process is done one collection at a time, if you need to apply >>>>>> to all collections, a suggestion would be to apply it to the database. >>>>>> >>>>>> Em sex., 29 de jan. de 2021 às 04:09, Sean Carte < >>>>>> sean.ca...@gmail.com> escreveu: >>>>>> >>>>>>> Using the login.specialgroup, along with removing default read >>>>>>> access to the collections, does restrict access to collections listed on >>>>>>> the home page. However, anonymous access is still available to items >>>>>>> made >>>>>>> available by Discovery. That is, in the 'Recently Added' section, or via >>>>>>> search, or the browse lists. >>>>>>> >>>>>>> Removing anonymous read access from items' bitstreams and replacing >>>>>>> it with read access for the authenticated special group does work, but >>>>>>> I'm >>>>>>> going to have to repeat this process every time a new item is added. >>>>>>> Also, >>>>>>> the wildcard policy admin tool seems to time out when used on multiple >>>>>>> collections, or even large collections (> ~1000), in which case the >>>>>>> items >>>>>>> are not modified. >>>>>>> >>>>>>> I suppose I could modify the UI to remove the ability to use >>>>>>> discovery, etc., but that rather defeats the purpose of using DSpace. >>>>>>> >>>>>>> Is there a better approach? >>>>>>> >>>>>>> My goal is to have all items available to logged-in users, but >>>>>>> nothing available to anonymous users. >>>>>>> >>>>>>> DSpace version: 6.3 >>>>>>> XMLUI >>>>>>> Mirage2 theme >>>>>>> >>>>>>> On Wed, 27 Jan 2021 at 15:28, Sean Carte <sean.ca...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Thanks, José! >>>>>>>> >>>>>>>> On Wed, 27 Jan 2021 at 14:54, José Geraldo <josg...@gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> You can use the "login.specialgroup" and change the READ policy >>>>>>>>> for this group. >>>>>>>>> >>>>>>>>> >>>>>>>>> https://wiki.lyrasis.org/display/DSDOC5x/Authentication+Plugins#AuthenticationPlugins-ConfiguringAuthenticationbyPassword >>>>>>>>> >>>>>>>>> Em qua., 27 de jan. de 2021 às 05:30, Sean Carte < >>>>>>>>> sean.ca...@gmail.com> escreveu: >>>>>>>>> >>>>>>>>>> Is there a way to restrict access to logged-in users only, so >>>>>>>>>> that anonymous access to collections requires a log-in? >>>>>>>>>> >>>>>>>>>> I understand that I can simply remove the anonymous READ >>>>>>>>>> authorization for a collection, but then I would need to create a >>>>>>>>>> READ >>>>>>>>>> authorization for a particular group, and there isn't a 'logged-in >>>>>>>>>> users' >>>>>>>>>> group. >>>>>>>>>> >>>>>>>>>> I'm sure I must be missing something very obvious here, please >>>>>>>>>> could someone enlighten me. >>>>>>>>>> >>>>>>>>>> DSpace version: 6.3 >>>>>>>>>> SCM revision: 813800ce1736ec503fdcfbee4d86de836788f87c >>>>>>>>>> SCM branch: UNKNOWN >>>>>>>>>> OS: Linux(amd64) version 4.15.0-130-generic >>>>>>>>>> Applications: >>>>>>>>>> Discovery: enabled. >>>>>>>>>> JRE: Private Build version 1.8.0_275 >>>>>>>>>> Ant version: Apache Ant(TM) version 1.10.5 compiled on March >>>>>>>>>> 28 2019 >>>>>>>>>> Maven version: 3.3.9 >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> All messages to this mailing list should adhere to the DuraSpace >>>>>>>>>> Code of Conduct: >>>>>>>>>> https://duraspace.org/about/policies/code-of-conduct/ >>>>>>>>>> --- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "DSpace Technical Support" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to dspace-tech+unsubscr...@googlegroups.com. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/d/msgid/dspace-tech/CA%2BxAuhNVyzuQTjSaQCEmVq2DS7PTh8Pf_XeoYPMa-cOUvGPybA%40mail.gmail.com >>>>>>>>>> <https://groups.google.com/d/msgid/dspace-tech/CA%2BxAuhNVyzuQTjSaQCEmVq2DS7PTh8Pf_XeoYPMa-cOUvGPybA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>>> . >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> At.te, >>>>>>>>> >>>>>>>>> José Geraldo >>>>>>>>> >>>>>>>>> -- >>>>>>> All messages to this mailing list should adhere to the DuraSpace >>>>>>> Code of Conduct: >>>>>>> https://duraspace.org/about/policies/code-of-conduct/ >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "DSpace Technical Support" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to dspace-tech+unsubscr...@googlegroups.com. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/dspace-tech/CA%2BxAuhOjVZegc7NWRkk8gCLL1S12TJ8huvQYykSBE6r0CJySJg%40mail.gmail.com >>>>>>> <https://groups.google.com/d/msgid/dspace-tech/CA%2BxAuhOjVZegc7NWRkk8gCLL1S12TJ8huvQYykSBE6r0CJySJg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> At.te, >>>>>> >>>>>> José Geraldo >>>>>> >>>>>> -- >>>> All messages to this mailing list should adhere to the DuraSpace Code >>>> of Conduct: https://duraspace.org/about/policies/code-of-conduct/ >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "DSpace Technical Support" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to dspace-tech+unsubscr...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/dspace-tech/CA%2BxAuhOnK9WrdL5Y%2BXpsK9cjnYdfjiRV_EzAo%2BrqRTqB0e93JA%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/dspace-tech/CA%2BxAuhOnK9WrdL5Y%2BXpsK9cjnYdfjiRV_EzAo%2BrqRTqB0e93JA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> At.te, >>> >>> José Geraldo >>> >>> > > -- > At.te, > > José Geraldo > > -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CA%2BxAuhNwpNjwjgdNYVxUhTFQ4mun7QpMWnJZkFHJ9WLh89PnfA%40mail.gmail.com.
