Ability to aggregate groups for access control

[Joerg Messer]

Greetings,

Does anyone know if it's possible to aggregate groups in Dataverse?  We're supporting access to our licensed data sets from a variety of affiliated institutions.  It would simplify our access control configuration if each of these affiliate groups could be included in a parent consortia group which can then be used to control access to the shared data sets.  Is there any chance that this is, or will be, supported?  Alternately, would it be possible to allow users coming from a given IP address to belong to more than one group?

//Joerg Messer - UBC Library

[Condon, Kevin]

Jeorg,

We do not currently support aggregating group permissions. We manage our own affiliates with individual ip address groups. This is an area that could use some updating and I will submit a feature request to add this functionality. I can't give a timeframe at the moment.  I did notice it was possible to add the same username to more than one username group but that doesn't seem like it would help here.

Kevin

[Joerg Messer]

Kevin,

Adding user names to a group doesn't work for us since we need to identify users by IP and that feature only appears to work for groups.  Anyways, good to hear that the "group of groups" feature might be added down the road.  Thanks.

//Joerg

[Joerg Messer]

Greetings,

I'm trying to work around the issue of not being able to aggregate groups and use this aggregated group to set permissions.  The question I have is would it be possible to set the default access to an entire dataverse?  Right now I only seem to be able to control access by modifying the permissions on each individual file.  This doesn't scale very well.  It would be nice to specify that all studies in a dataverse have unrestricted access by x_group, y_group and z_group only unless they are explicitly tagged as public (in the case of the doc files). 

From what I can tell, my only option is to explicitly set these permissions on each file (and there could be hundreds!)  Being able to specify the default access at the dataverse, or even the study level, would be very useful.  Any thoughts?  Am I missing something (entirely possible given my newbie status)?

//Joerg Messer - UBC Library

On Thursday, 24 January 2013 08:56:30 UTC-8, Kevin Condon wrote:

[Condon, Kevin]

From: Joerg Messer <joerg....@gmail.com>
Reply-To: "dataverse...@googlegroups.com" <dataverse...@googlegroups.com>
Date: Thu, 24 Jan 2013 19:55:52 -0500
To: "dataverse...@googlegroups.com" <dataverse...@googlegroups.com>
Subject: Re: Ability to aggregate groups for access control

Greetings,

I'm trying to work around the issue of not being able to aggregate groups and use this aggregated group to set permissions.  The question I have is would it be possible to set the default access to an entire dataverse?  Right now I only seem to be able to control access by modifying the permissions on each individual file.  This doesn't scale very well.  It would be nice to specify that all studies in a dataverse have unrestricted access by x_group, y_group and z_group only unless they are explicitly tagged as public (in the case of the doc files). 

From what I can tell, my only option is to explicitly set these permissions on each file (and there could be hundreds!)  Being able to specify the default access at the dataverse, or even the study level, would be very useful.  Any thoughts?  Am I missing something (entirely possible given my newbie status)?

//Joerg Messer - UBC Library

Joerg,

Yes, you can set access to all files in a dataverse at once. Go to dataverse options->Permissions. Under the File Restrictions Settings section at the bottom of the page, choose yes for Restrict ALL files in this Dataverse.

Hope this helps.

Kevin

[Gustavo Durand]

The only thing about this way, is that you cannot give access to individual files afterwards.

Think of this as a one lock, and the individual file access as another lock. 

If you give someone the "key" to the individual file access lock, they would still not have the "key" to the all dataverse-wide file lock. They would need to have that key, as well, but then of course, they'd have access to all dataverse files that do not have individual locks.

I hope this is not too confusing; basically the two locking systems were designed to work independently - either you lock all files OR you lock individual files. We have yet to include a way to lock all files, and then give individual access to some of those locked files.

Clearly, this would be useful and something we need to consider for a future release.

Gustavo

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group, send email to dataverse-commu...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Joerg Messer]

Gustavo,

Thanks for the clarification.  Unfortunately we have a consortia setup where all users in the consortia get access to the licensed material but we still want to keep as much public as possible.  It means that each file will need to be tagged with the name of the consortia member group that has access.  At the moment there are 4 member groups.  This is a little awkward but doable given the small number of groups.  In DSpace they allow membership in multiple access control groups based on the IP address so that simplifies the situation quite a bit.  Is there any chance that this feature could be added to Dataverse? 

BTW, I really like the way you folks have done your EZproxy integration.  It should work well for us.

//Joerg

To unsubscribe from this group, send email to dataverse-community+unsub...@googlegroups.com.