DSpace 7.x access control for collection and item

[K S]

Hi,

I am new to DSpace, and recently have installed DSpace locally to try out. I have followed directions at https://wiki.lyrasis.org/display/DSPACE/Try+out+DSpace+7. I am trying out this use case, but I am not successful. I am wondering if this scenario is possible or not - reading the documentation, it seems it is possible.

Use Case:

- Restrict access at Collection level and also at Item level. Meaning, if a collection has access control given to say group1, then anyone other than group1 cannot see Collection1. Same for Items within the Collection.

So, far I am just trying out access control at Collection item (not for Item yet).

1. Create Collection1. From Access Control, I have assigned all the Action to the group Col1-group (where I have a user1 added). Note: I was not sure what to pick for "type" - so, I have picked TYPE_INHERITED

2. I have also next added 2 Items in Collection1.

3. In another browser, I login as user2 (who is not added to the group Col1-group). When I search for collection, I expect to not see Collection1. But I am seeing Collection1 and both of the 2 items that were added to Collection1. Note: both of the items were added to Collection1 after the access control was added.

Is this correct expectation? Or that is not possible to do. Or I am doing something wrong while doing the access control.

best,

KS

[DSpace Technical Support]

Hi KS,

This should be possible in DSpace 7, and it's unclear to me from the steps you described what isn't working.  Simply put though the Collection permissions are only inherited at the *time the Item is submitted*.  So, this process only works for Items created/added *after* the Collection permissions have been saved.

Why it didn't work is unclear, but it almost sounds like either you created the Items *before* changing permissions, or somehow they received additional permissions which caused them to be findable.  You'd need to look at the Item permissions (Edit Item -> Status -> "Authorizations" button) to see what final permissions were added to them.

That said, it's also possible to bulk change permissions across an entire Collection of Items using the "Bulk Access Management" tool: https://wiki.lyrasis.org/display/DSDOC7x/Bulk+Access+Management   But, that should not be necessary if the Collection already has restrictive permissions prior to depositing Items.

Tim