I’ve started using JRuby for administrative/backend stuff like this to work
with the DSpace API, and I’ve found it to be very convenient and more flexible
than using straight SQL for most things.
Here is an example script for doing something along the lines you mention:
https://gist.github.com/kardeiz/c8ab990614dbbcb31213.
This certainly isn’t as fast/efficient as a SQL script, but I’ve found it’s
really nice to have a DSpace scripting language. For this example, I
“monkeypatched” the ResourcePolicy class since it doesn’t have a `findAll`
method, but this usually isn’t necessary. This is just a first quick
iteration—there are lots of things that could be improved in this script. Use
at your own risk (though I don’t think there is anything breakable here).
Jacob Brown
Digital Services Librarian
j.h.br...@tcu.edu
817-257-5339
From: Paul Go [mailto:p...@iit.edu]
Sent: Monday, November 10, 2014 12:36 PM
To: Peter Dietz
Cc: Dspace Tech list; DSpace General Mailing List
Subject: Re: [Dspace-tech] DSpace authorization policies
Thank you, Peter.
Paul Go
Systems Librarian /
Library Technology Manager /
CS and ITM Liaison
Paul V. Galvin Library
Illinois Institute of Technology
35 West 33rd Street
Chicago, IL 60616
312.567.7997
p...@iit.edu<mailto:p...@iit.edu>
Driving Innovation through Knowledge and Scholarship
On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz
<pe...@longsight.com<mailto:pe...@longsight.com>> wrote:
Hi Paul,
There are a lot of relationships in the authorization policies, to handle all
of that complexity, I think you could build some custom java code to walk
through all of them, and join all of the resources, and all of the epersons and
epersongroups.
Here's an inaccurate query that would give you some of the information:
SELECT
*
FROM
public.handle,
public.resourcepolicy,
public.epersongroup
WHERE
resourcepolicy.resource_type_id = handle.resource_type_id AND
resourcepolicy.resource_id = handle.resource_id AND
resourcepolicy.epersongroup_id = epersongroup.eperson_group_id;
This would show you what objects with handles (community, collection, item),
have an authorization policy to an eperson-group. You would have to make other
queries to find policies that map to an eperson (as opposed to eperson group).
And also, this only connects to things with handles, which misses bundles and
bitstreams.
Since this is for an audit, your probably more concerned with finding users
with irregular permissions, so maybe you could work backwords. Start with all
the eperson, and see which one's are members of groups or resourcepolicy's.
Because it's likely that you'll find that 99% of users have essentially nothing
interesting in terms of policies/memberships, and then just investigate the
dozen or so users with permissions.
Good luck! If you end up creating any interesting java code (such as a query
tool to look at all of this information), or just a series of SQL queries it
might be helpful to share back your eventual findings.
________________
Peter Dietz
Longsight
www.longsight.com<http://www.longsight.com>
pe...@longsight.com<mailto:pe...@longsight.com>
p: 740-599-5005 x809<tel:740-599-5005%20x809>
On Mon, Nov 10, 2014 at 12:44 PM, Paul Go <p...@iit.edu<mailto:p...@iit.edu>>
wrote:
Is there a way to export the entirety of the authorization policies so that we
can audit them in bulk rather than one by one?
Paul Go
Systems Librarian /
Library Technology Manager /
CS and ITM Liaison
Paul V. Galvin Library
Illinois Institute of Technology
35 West 33rd Street
Chicago, IL 60616
312.567.7997<tel:312.567.7997>
p...@iit.edu<mailto:p...@iit.edu>
Driving Innovation through Knowledge and Scholarship
------------------------------------------------------------------------------
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net<mailto:DSpace-tech@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
