Re: [Dspace-tech] restrict access to tiff bitstreams only
151 views
Skip to first unread message
Blanco, Jose
Aug 25, 2015, 5:12:50 PM8/25/15
to Gloria Sena, dspac...@lists.sourceforge.net
Gloria,
Take a look at
http://www.dspace.org/1_6_0Documentation/ch08.html
Section 8.6.2 . It may have what you need.
-Jose
-----Original Message-----
From: Gloria Sena [mailto:se...@wrlc.org]
Sent: Tuesday, October 25, 2011 1:16 PM
To: dspac...@lists.sourceforge.net
Subject: Re: [Dspace-tech] restrict access to tiff bitstreams only
how do you restrict access to bitstreams without having to go modify authorization item by item.
I am importing an entire collection of 4000+ items to another dspace instance. each item can potentially include master files in tif format, thumbnails in jpeg format, and text format. When I perform itemimport via command line, the resource policies created by default allows anonymous users read permissions for all bitstreams.
I do not want read permission for master files in tif format for anonymous users , only for the collection admin group.
thanks!
Gloria
------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities.
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
DSpace-tech mailing list
DSpac...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
Take a look at
http://www.dspace.org/1_6_0Documentation/ch08.html
Section 8.6.2 . It may have what you need.
-Jose
-----Original Message-----
From: Gloria Sena [mailto:se...@wrlc.org]
Sent: Tuesday, October 25, 2011 1:16 PM
To: dspac...@lists.sourceforge.net
Subject: Re: [Dspace-tech] restrict access to tiff bitstreams only
how do you restrict access to bitstreams without having to go modify authorization item by item.
I am importing an entire collection of 4000+ items to another dspace instance. each item can potentially include master files in tif format, thumbnails in jpeg format, and text format. When I perform itemimport via command line, the resource policies created by default allows anonymous users read permissions for all bitstreams.
I do not want read permission for master files in tif format for anonymous users , only for the collection admin group.
thanks!
Gloria
------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities.
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
DSpace-tech mailing list
DSpac...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
Peter Dietz
Aug 25, 2015, 5:12:50 PM8/25/15
to Blanco, Jose, dspac...@lists.sourceforge.net
Hi Gloria,
Peter Dietz
Your situation as I understand it is that you want to be able to keep a copy of these TIFF's in your DSpace, but not to provide access to them for the public. You would however, like a lower resolution copy of the image to be available to the public.
There's a couple of ways of achieving this. Some more complicated, others feel more like hacking DSpace.
So, DSpace will present all bitstreams in the ORIGINAL bundle, and you might have to alter all components of DSpace (oai, xmlui, jspui, ...) to intentionally limit .tiff's from being shown in that bundle. I'm thinking that if you have removed anonymous read from a file, that it will still be listed in the file-section, but, nobody will be able to view it (they will still be prompted to log in).
Something that I think would be better would be to put the bitstreams that you want to restrict access to, into a bundle that is never used. For instance, why not have the TIFF's uploaded to a new bundle called PRESERVATION? All of the DSpace webapps, only present materials stored in the ORIGINAL bundle. The exceptions to this are that the bundles: CC-LICENSE, LICENSE, and THUMBNAIL are still presented in some form.
Also, you could have a curation-task / media-filter run over your tiffs and generate thumbnails for you, instead of having to import those too.
Your options that I can think of.
1) Ingest the TIFF's directly into a PRESERVATION bundle.
If you are using [dspace]/bin/dspace import, you will need to package your contents into Simple Archive Format (SAF). In there, there is a "contents" file, that lists each bitstream to add to the item. You can give the contents file special instructions for each entry.
\tbundle:BUNDLENAME
Where '\t' is the tab character.
'BUNDLENAME' is the name of the bundle to which the bitstream should be added. Without specifying the bundle, items will go into the default bundle, ORIGINAL.
'BUNDLENAME' is the name of the bundle to which the bitstream should be added. Without specifying the bundle, items will go into the default bundle, ORIGINAL.
So your contents file would have:
image.tiff\tbundle:PRESERVATION
image.png
something.txt
The tiff goes to preservation, and the .png, and .txt go to ORIGINAL.
Additionally, I've created an application to facilitate making Simple Archive Format packages. See: https://github.com/peterdietz/SAFBuilder/wiki
In my SAFBuilder, you would have columns with dublin-core metadata fields, then have a column filename for the png, and another column filename__bundle:PRESERVATION for the tiff.
2) Make a curation task to move the TIFF's from ORIGINAL to PRESERVATION
You could have a site-wide curation task, that moves any .tiff's in ORIGINAL to PRESERVATION. You could either run it one-time, after you import everything, or as a crontask each night.
The curation system is actually really easy to work with. Assuming you already know how to program Java in DSpace.
Overview of Curation System: https://wiki.duraspace.org/display/DSDOC/Curation+System
For example, you just fill in the perform section of a curation task, and it will do it when the curation task is called.
3) Make a curation task to remove anonymous read, and perhaps replace it with collection-admin read for the TIFF's.
4) SQL Query to remove anonymous read
You could write a SQL query to change the eperson_group with access from 0 to 1. (From anonymous to administrator group).
The SELECT query to see what data your looking at:
SELECT
bitstream.bitstream_id,
bitstream."name",
bitstreamformatregistry.short_description,
resourcepolicy.policy_id,
resourcepolicy.action_id,
resourcepolicy.eperson_id,
resourcepolicy.epersongroup_id
FROM
public.bitstreamformatregistry,
public.bitstream,
public.resourcepolicy
WHERE
bitstream.bitstream_format_id = bitstreamformatregistry.bitstream_format_id AND
resourcepolicy.resource_id = bitstream.bitstream_id AND
bitstreamformatregistry.short_description = 'TIFF';
And the update query, that will actually change things.
UPDATE
resourcepolicy
SET
epersongroup_id=1
WHERE
(policy_id IN(
SELECT
resourcepolicy.policy_id
FROM
public.bitstreamformatregistry,
public.bitstream,
public.resourcepolicy
WHERE
bitstream.bitstream_format_id = bitstreamformatregistry.bitstream_format_id AND
resourcepolicy.resource_id = bitstream.bitstream_id AND
bitstreamformatregistry.short_description = 'TIFF'
));
I'm not particularly fond of a SQL query to just remove access. Something like this has worked for us in the past to remove all access entirely to licenses, but the super-administrators will still have access. I haven't tested this to see if changing the epersongroup to 1, will still allow your collection admins to access the TIFF's. It will atleast restrict them to just your super admins.
Peter Dietz
Blanco, Jose
Aug 25, 2015, 5:12:50 PM8/25/15
to Gloria Sena, dspac...@lists.sourceforge.net
Gloria,
This is a tricky one. If you change the default setting for the collection be read for admin, then all the bitstreams loaded into that collection will get that permission, not just the tif files, and I don't think this is what you want, right?
Do some of your items contain all 3 kinds of files ( tif, jpeg, and text)?
If the case is that you have :
Items with just text
Items with just jpeg
Items with just tif
Then you could do two loads, one with the tif files and the default setting set to Read for admins,
And another load with rights set for default read for anonymous for the rest of the items.
This is a tricky one. If you change the default setting for the collection be read for admin, then all the bitstreams loaded into that collection will get that permission, not just the tif files, and I don't think this is what you want, right?
Do some of your items contain all 3 kinds of files ( tif, jpeg, and text)?
If the case is that you have :
Items with just text
Items with just jpeg
Items with just tif
Then you could do two loads, one with the tif files and the default setting set to Read for admins,
And another load with rights set for default read for anonymous for the rest of the items.
Gloria Sena
Aug 25, 2015, 5:12:50 PM8/25/15
to dspac...@lists.sourceforge.net
Reply all
Reply to author
Forward
0 new messages