restrict access to collection

[Alex B]

Dear Colleagues,
Is it possible to restrict access to collection from unauthorized users?

(for example using Embargo)

Thank you.

---------------------

Dspace 7.4

[DSpace Technical Support]

Yes, if you want to restrict the entire Collection, you can change it's Authorization policies.  By default all Collections have "READ" set to "Anonymous".  But, you can replace/change that policy to a different group (e.g. Administrators or similar).

The docs are available here: https://wiki.lyrasis.org/display/DSDOC7x/Edit+Collection#EditCollection-Authorizations

Tim

[Alex B]

Thanks for your reply, I have another question related to this.

Is it possible to change the default group when registering an e-person ? Do not register e-person in anonymous, but in somewhere other group.

четверг, 15 июня 2023 г. в 18:33:39 UTC+3, DSpace Technical Support:

[DSpace Technical Support]

Hi, 

When you register or create a new EPerson, it does not belong to any group by default.   So, I'm uncertain what you are asking about.

That said, depending on which authentication plugin you are using (by default DSpace uses "Authentication by Password"), some authorization plugins provide a way to automatically add everyone who logs in to a specific group.  That might be what you need.  Here's the docs on all our authentication plugins: https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins

Tim

[Alex B]

Hi,

we don't use Authentication by Password.

Is it possible to add new EPerson to an existing group automatically via OIDC Authentication?

Best regards,

Alex

пятница, 21 июля 2023 г. в 22:37:19 UTC+3, DSpace Technical Support:

[DSpace Technical Support]

Hi Alex,

Unfortunately, the OIDC plugin does not yet support this feature.  I don't see a configuration for it in https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-OpenIDConnect(OIDC)Authentication

There is a ticket requesting that this feature be created, but it's still waiting on a volunteer: https://github.com/DSpace/DSpace/issues/8406

Tim

[Alex B]

Dear Tim,

sorry for persistence.

Is it possible to change the eperson_group_id for the eperson_id in the database, in the epersongroup2eperson table? Will the group change or need to make any more changes to the database?

вторник, 25 июля 2023 г. в 22:59:26 UTC+3, DSpace Technical Support:

[DSpace Technical Support]

Hi Alex, 

While that 'epersongroup2eperson' database table does manage group memberships, I would not recommend making direct changes to the database layer.  It's much safer to change group memberships via our REST API.  

For instance, here's the endpoint to add an EPerson to a Group:

https://github.com/DSpace/RestContract/blob/main/epersongroups.md#add-an-eperson-to-a-parent-group

(Additional options for working with groups can be found on that same page.)  If you ever want to know how to do something in the REST API, it's also possible to just perform that task in the User Interface and watch the requests sent by the UI to the REST API in your browser's DevTools "Network" tab.

The reason I recommend using the REST API is that it will also ensure that any necessary reindexing is completed in Solr to ensure that any new permissions appear in the User Interface.  If you make direct changes to the database layer, it's possible the UI will not recognize the new permissions entirely until you next reindex. 

Overall, we cannot recommend direct database changes unless absolutely necessary.  In any case, if you make direct database changes, you should fully test the impact of your changes, as it could result in some unexpected behavior in the UI....at least until you next reindex.

Tim

[Alex B]

Dear Tim,

thank you very much!
Everything worked out!

Alex

среда, 26 июля 2023 г. в 20:36:07 UTC+3, DSpace Technical Support: