Re: [Dspace-tech] DSpace authorization policies

Tue, 11 Nov 2014 12:48:26 -0800 

Fantastic!  Will investigate

Paul Go

Systems Librarian /
Library Technology Manager /
CS and ITM Liaison
Paul V. Galvin Library
Illinois Institute of Technology
35 West 33rd Street
Chicago, IL  60616
312.567.7997
p...@iit.edu

*Driving Innovation through Knowledge and Scholarship*

On Tue, Nov 11, 2014 at 10:45 AM, Brown, Jacob <j.h.br...@tcu.edu> wrote:

> I’ve started using JRuby for administrative/backend stuff like this to
> work with the DSpace API, and I’ve found it to be very convenient and more
> flexible than using straight SQL for most things.
>
>
>
> Here is an example script for doing something along the lines you mention:
> https://gist.github.com/kardeiz/c8ab990614dbbcb31213.
>
>
>
> This certainly isn’t as fast/efficient as a SQL script, but I’ve found
> it’s really nice to have a DSpace scripting language. For this example, I
> “monkeypatched” the ResourcePolicy class since it doesn’t have a `findAll`
> method, but this usually isn’t necessary. This is just a first quick
> iteration—there are lots of things that could be improved in this script.
> Use at your own risk (though I don’t think there is anything breakable
> here).
>
>
>
> Jacob Brown
>
> Digital Services Librarian
>
> j.h.br...@tcu.edu
>
> 817-257-5339
>
>
>
> *From:* Paul Go [mailto:p...@iit.edu]
> *Sent:* Monday, November 10, 2014 12:36 PM
> *To:* Peter Dietz
> *Cc:* Dspace Tech list; DSpace General Mailing List
> *Subject:* Re: [Dspace-tech] DSpace authorization policies
>
>
>
> Thank you, Peter.
>
>
> Paul Go
>
>
> Systems Librarian /
> Library Technology Manager /
>
> CS and ITM Liaison
> Paul V. Galvin Library
>
> Illinois Institute of Technology
> 35 West 33rd Street
> Chicago, IL  60616
> 312.567.7997
> p...@iit.edu
>
>
>
> *Driving Innovation through Knowledge and Scholarship*
>
>
>
> On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz <pe...@longsight.com> wrote:
>
> Hi Paul,
>
>
>
> There are a lot of relationships in the authorization policies, to handle
> all of that complexity, I think you could build some custom java code to
> walk through all of them, and join all of the resources, and all of the
> epersons and epersongroups.
>
>
>
> Here's an inaccurate query that would give you some of the information:
>
> SELECT
>
>   *
>
> FROM
>
>   public.handle,
>
>   public.resourcepolicy,
>
>   public.epersongroup
>
> WHERE
>
>   resourcepolicy.resource_type_id = handle.resource_type_id AND
>
>   resourcepolicy.resource_id = handle.resource_id AND
>
>   resourcepolicy.epersongroup_id = epersongroup.eperson_group_id;
>
>
>
>
>
> This would show you what objects with handles (community, collection,
> item), have an authorization policy to an eperson-group. You would have to
> make other queries to find policies that map to an eperson (as opposed to
> eperson group). And also, this only connects to things with handles, which
> misses bundles and bitstreams.
>
>
>
> Since this is for an audit, your probably more concerned with finding
> users with irregular permissions, so maybe you could work backwords. Start
> with all the eperson, and see which one's are members of groups or
> resourcepolicy's. Because it's likely that you'll find that 99% of users
> have essentially nothing interesting in terms of policies/memberships, and
> then just investigate the dozen or so users with permissions.
>
>
>
> Good luck! If you end up creating any interesting java code (such as a
> query tool to look at all of this information), or just a series of SQL
> queries it might be helpful to share back your eventual findings.
>
>
> ________________
> Peter Dietz
> Longsight
> www.longsight.com
> pe...@longsight.com
> p: 740-599-5005 x809
>
>
>
> On Mon, Nov 10, 2014 at 12:44 PM, Paul Go <p...@iit.edu> wrote:
>
> Is there a way to export the entirety of the authorization policies so
> that we can audit them in bulk rather than one by one?
>
>
>
>
>
> Paul Go
>
>
> Systems Librarian /
> Library Technology Manager /
>
> CS and ITM Liaison
> Paul V. Galvin Library
>
> Illinois Institute of Technology
> 35 West 33rd Street
> Chicago, IL  60616
> 312.567.7997
> p...@iit.edu
>
>
>
> *Driving Innovation through Knowledge and Scholarship*
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
>
>
>
>

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Reply via email to