Thank you, Peter. Paul Go
Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997 p...@iit.edu *Driving Innovation through Knowledge and Scholarship* On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz <pe...@longsight.com> wrote: > Hi Paul, > > There are a lot of relationships in the authorization policies, to handle > all of that complexity, I think you could build some custom java code to > walk through all of them, and join all of the resources, and all of the > epersons and epersongroups. > > Here's an inaccurate query that would give you some of the information: > SELECT > * > FROM > public.handle, > public.resourcepolicy, > public.epersongroup > WHERE > resourcepolicy.resource_type_id = handle.resource_type_id AND > resourcepolicy.resource_id = handle.resource_id AND > resourcepolicy.epersongroup_id = epersongroup.eperson_group_id; > > > This would show you what objects with handles (community, collection, > item), have an authorization policy to an eperson-group. You would have to > make other queries to find policies that map to an eperson (as opposed to > eperson group). And also, this only connects to things with handles, which > misses bundles and bitstreams. > > Since this is for an audit, your probably more concerned with finding > users with irregular permissions, so maybe you could work backwords. Start > with all the eperson, and see which one's are members of groups or > resourcepolicy's. Because it's likely that you'll find that 99% of users > have essentially nothing interesting in terms of policies/memberships, and > then just investigate the dozen or so users with permissions. > > Good luck! If you end up creating any interesting java code (such as a > query tool to look at all of this information), or just a series of SQL > queries it might be helpful to share back your eventual findings. > > ________________ > Peter Dietz > Longsight > www.longsight.com > pe...@longsight.com > p: 740-599-5005 x809 > > On Mon, Nov 10, 2014 at 12:44 PM, Paul Go <p...@iit.edu> wrote: > >> Is there a way to export the entirety of the authorization policies so >> that we can audit them in bulk rather than one by one? >> >> >> Paul Go >> >> Systems Librarian / >> Library Technology Manager / >> CS and ITM Liaison >> Paul V. Galvin Library >> Illinois Institute of Technology >> 35 West 33rd Street >> Chicago, IL 60616 >> 312.567.7997 >> p...@iit.edu >> >> *Driving Innovation through Knowledge and Scholarship* >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> DSpace-tech mailing list >> DSpace-tech@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/dspace-tech >> List Etiquette: >> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette >> > >
------------------------------------------------------------------------------
_______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
