Hello Marina, I tried your below suggestion on one item and inserted its corresponding entry into the resourcepolicy table. But when I open the item I am still getting an error: This item is restricted You do not have the credentials to access the restricted item hdl:10938/31966. I am sure I have an entry for resource_id 31966 of time 2 and with 0 read and 0 anonymous as you described below.
Do I have to do any build or anything after inserting the record? Or might it be reading from another table? Please advise, Thank you! Layale. From: Muilwijk, M. (Marina) [mailto:[email protected]] Sent: Thursday, April 16, 2015 11:53 AM To: Layale Bassil Cc: Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies Hello Layale, you need the resourcepolicy table. Here's what I use (in DSpace 3.2) to give Anonymous read access to an item: select nextval('resourcepolicy_seq'); (this gets the next resourcepolicy_id) insert into resourcepolicy (policy_id, resource_type_id, resource_id, action_id, epersongroup_id) values ([the resourcepolicy_id], 2, [the id of the item], 0, 0); In this SQL the "2" means "a resource of the type item", the first "0" is "read" and the second "0" is "Anonymous. Hope this helps, Marina Op 16 apr. 2015, om 10:18 heeft Layale Bassil <[email protected]<mailto:[email protected]>> het volgende geschreven: Hello Terry, Thank you so much for the below info. I checked the PHP code and the queries but still a little lost. What I need should be straighforward since you are familiar with the tables’ structure. I have a list of items and I need to write and SQL Statement in order to set the access to those items Anonymous. I need to know what tables should I edit and what is the ID of the Anonymous secutiry policy, etc… Your help is very much appreciated. Best Regards, Layale. From: Terry Brady [mailto:[email protected]] Sent: Monday, April 06, 2015 7:08 PM To: Layale Bassil; Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies We had a similar need, so we developed a set of PHP tools<https://github.com/Georgetown-University-Libraries/batch-tools/wiki/Quality-control-reports-tailored-to-your-metadata-standards> that iterate over every collection / community and report on interesting use cases such as restricted access/embargoed content in each collection. The following SQL fragments might help in your investigation. https://github.com/Georgetown-University-Libraries/batch-tools/blob/master/web/query/queriesEmbargo.php You can wrap these SQL fragments in the following manner select i.owning_collection,count(*) from item i where 1=1 *** insert query fragment *** group by i.owning_collection Terry On Thu, Apr 2, 2015 at 2:44 AM, Layale Bassil <[email protected]<mailto:[email protected]>> wrote: Dear All, Thank you so much for your valuable input! However, I would like to be able to do the same but using SQL queries. I don’t have access to run scripts on the server where Dspace is installed. Add to this, I don’t know how to write Ruby code. I need to make a batch change to the access policies of all items older than 50 years (having publication date older than year 1964). I want to make them public (ANONYMOUS). I tried to query the resourcepolicy table, but I didn’t know how can I set the right policy and how to link the item id with the resouce id. Your help is very much appreciated. Regards. From: Brown, Jacob [mailto:[email protected]<mailto:[email protected]>] Sent: Wednesday, November 12, 2014 9:18 PM To: Mark Diggory; Peter Dietz Cc: Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies I put together (very quickly!) a tiny gem as a wrapper/DSL for creating admin scripts: https://github.com/kardeiz/dscriptor. It basically wraps a set of commands in a block which loads the DSpace jars and configuration, starts the ServiceManager, and then closes the context on exit. The repo contains an example of altering a DSpace object (renaming a collection). There are a lot of convenience methods that could be added to the block context, and I’ll try to add more sample scripts. Currently you kind of have to have some familiarity with Ruby to use this tool (but it wouldn’t be that difficult to add another abstraction layer on top of this). Jacob From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Mark Diggory Sent: Tuesday, November 11, 2014 3:32 PM To: Peter Dietz Cc: Brown, Jacob; Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies Jacob / Peter, I agree, this is most excellent. The added benefit of not manipulating the database directly is that the Event System is properly activated if you do manipulations, do you have an example that alters DSpace objects? Other thoughts, The ServiceManager could stand to be activated to assure it can be leveraged. Example code: https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/app/launcher/ScriptLauncher.java Cheers, Mark On Tue, Nov 11, 2014 at 12:14 PM, Peter Dietz <[email protected]<mailto:[email protected]>> wrote: Jacob, That is REALLY cool! So, for quick one-off tasks, this jruby looks pretty handy. You have full access to the dspace-api, so you can access database, solr, dspace-objects, elasticsearch, everything I guess. And its really quick to get running. i.e. A development cycle (change code, re-run code) is just a few seconds, rather than 5+ minutes for a full DSpace rebuild. So for admin tasks, and especially reports, this is perfect. Thanks for sharing. ________________ Peter Dietz Longsight www.longsight.com<http://www.longsight.com/> [email protected]<mailto:[email protected]> p: 740-599-5005 x809<tel:740-599-5005%20x809> On Tue, Nov 11, 2014 at 11:45 AM, Brown, Jacob <[email protected]<mailto:[email protected]>> wrote: I’ve started using JRuby for administrative/backend stuff like this to work with the DSpace API, and I’ve found it to be very convenient and more flexible than using straight SQL for most things. Here is an example script for doing something along the lines you mention: https://gist.github.com/kardeiz/c8ab990614dbbcb31213. This certainly isn’t as fast/efficient as a SQL script, but I’ve found it’s really nice to have a DSpace scripting language. For this example, I “monkeypatched” the ResourcePolicy class since it doesn’t have a `findAll` method, but this usually isn’t necessary. This is just a first quick iteration—there are lots of things that could be improved in this script. Use at your own risk (though I don’t think there is anything breakable here). Jacob Brown Digital Services Librarian [email protected]<mailto:[email protected]> 817-257-5339<tel:817-257-5339> From: Paul Go [mailto:[email protected]<mailto:[email protected]>] Sent: Monday, November 10, 2014 12:36 PM To: Peter Dietz Cc: Dspace Tech list; DSpace General Mailing List Subject: Re: [Dspace-tech] DSpace authorization policies Thank you, Peter. Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997<tel:312.567.7997> [email protected]<mailto:[email protected]> Driving Innovation through Knowledge and Scholarship On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz <[email protected]<mailto:[email protected]>> wrote: Hi Paul, There are a lot of relationships in the authorization policies, to handle all of that complexity, I think you could build some custom java code to walk through all of them, and join all of the resources, and all of the epersons and epersongroups. Here's an inaccurate query that would give you some of the information: SELECT * FROM public.handle, public.resourcepolicy, public.epersongroup WHERE resourcepolicy.resource_type_id = handle.resource_type_id AND resourcepolicy.resource_id = handle.resource_id AND resourcepolicy.epersongroup_id = epersongroup.eperson_group_id; This would show you what objects with handles (community, collection, item), have an authorization policy to an eperson-group. You would have to make other queries to find policies that map to an eperson (as opposed to eperson group). And also, this only connects to things with handles, which misses bundles and bitstreams. Since this is for an audit, your probably more concerned with finding users with irregular permissions, so maybe you could work backwords. Start with all the eperson, and see which one's are members of groups or resourcepolicy's. Because it's likely that you'll find that 99% of users have essentially nothing interesting in terms of policies/memberships, and then just investigate the dozen or so users with permissions. Good luck! If you end up creating any interesting java code (such as a query tool to look at all of this information), or just a series of SQL queries it might be helpful to share back your eventual findings. ________________ Peter Dietz Longsight www.longsight.com<http://www.longsight.com/> [email protected]<mailto:[email protected]> p: 740-599-5005 x809<tel:740-599-5005%20x809> On Mon, Nov 10, 2014 at 12:44 PM, Paul Go <[email protected]<mailto:[email protected]>> wrote: Is there a way to export the entirety of the authorization policies so that we can audit them in bulk rather than one by one? Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997<tel:312.567.7997> [email protected]<mailto:[email protected]> Driving Innovation through Knowledge and Scholarship ------------------------------------------------------------------------------ _______________________________________________ DSpace-tech mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk _______________________________________________ DSpace-tech mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- <image001.jpg> Mark Diggory 2888 Loker Avenue East, Suite 315, Carlsbad, CA. 92010 Esperantolaan 4, Heverlee 3001, Belgium http://www.atmire.com<http://www.atmire.com/> ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ DSpace-tech mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Terry Brady Applications Programmer Analyst Georgetown University Library Information Technology https://www.library.georgetown.edu/lit/code 425-298-5498 (Seattle, WA) ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF_______________________________________________ DSpace-tech mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
------------------------------------------------------------------------------
_______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
