Granular permissions for working with datastreams

[Bridger Dyson-Smith]

Hi all, 

I was hoping to get some community feedback on a datastreams issue. I would like to be able to provide the ability for an $authenticated_user to replace/download a datastream, but not add a new datastream. 

If I remove the 'Add datastreams to repository objects' permission from my $authenticated_user, when said user goes to an object they've submitted, then they don't have access to anything under the Manage tab for that object.

I'm curious if this is something that others have dealt with, and if so, how did you handle it? Some combination of XACML and Drupal permissions? Something else?

Thank you in advance.

Best,

Bridger

[Bridger Dyson-Smith]

Hello again

So after some reading and exploration (and lots of confusion), I'm still at a point where the intersection of Drupal's permissions and XACML policies isn't making much sense. In the context of unmediated IR submissions, how are people handling permissions at the item level? The example from the Islandora wiki for collection-level restrictions is great, but quite a few of the scenarios we're considering for submissions seem to involve item-level restrictions for the owner and other users. Most of my testing with XACML policies (that were not generated with the XACML editor) has been fruitless, but maybe I've been going about it wrong. :)

Does anyone have any tips for testing policies, or tips for managing permissions+policies at the item level, that don't strictly relate to data streams and mime types?

[Mark Jordan]

Bridger,

I don't have any advice, but I'll mention that there is a JIRA ticket (https://jira.duraspace.org/browse/ISLANDORA-1014) that sounds like it is reporting a related issue. If there is no resolution to this in the 7.x line, the granularity you are describing would make an excellent use case for CLAW. I think in general, more granular object/datastream management permissions would be a great feature.

Mark

---

--
For more information about using this group, please read our Listserv Guidelines: http://islandora.ca/content/welcome-islandora-listserv
---
You received this message because you are subscribed to the Google Groups "islandora" group.
To unsubscribe from this group and stop receiving emails from it, send an email to islandora+...@googlegroups.com.
Visit this group at https://groups.google.com/group/islandora.
To view this discussion on the web visit https://groups.google.com/d/msgid/islandora/CAD-FYmQK4TE8tfRWTAcaqJ-VcvODiFs%2B7SB2r59Tc7VmKJyy5g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.