AtoM is a web-based application, and most of the functionality needed should be available by logging int. The majority of the site's administration can be completed via the user interface, which should be accessible via a web browser and an administrator account once the site is successfully deployed.
Information on users and groups (including the Administrator group, which gives an authenticated user access to the settings pages in AtoM):
As an administrator logged into the user interface, your customer can:
- Create and manage all main entity types in AtoM
- Create and modify static pages, including the home page
- Customize menus
- Change application settings
- Run imports and exports
- And more
There are a few things that require command-line access, but unless your customer has familiarity with working in unix/linux CLI environments, you may want to run these yourself on demand, rather than providing access.
For example, the import and export options available via the command-line are more robust than in the interface:
Additionally some bulk operations can be performed using AtoM's many command-line tasks:
Artefactual's hosting plans include one plan (Premium+) on a dedicated private server, and with this plan we provide our clients with CLI access. This includes SSH access to the command-line, and an SFTP account so users can add digital objects to the root AtoM directory (for bulk uploads/imports, or for use in static pages, etc). However, a few of the things we do to limit access and prevent unintended use:
- We generally ensure that the MySQL user credentials are not provided
- More importantly, for these plans we typically deploy the MySQL database and the Elasticsearch index on separate VMs, and provide access only to the Nginx server
- Overall, we ensure that filesystem permissions are as limited to the root AtoM directory and its descendants as possible.
- We restrict access to specific IP addresses
We also make geo-redundant nightly backups - for all our hosting plans of course, but especially for this plan, in case the user somehow breaks something and we need to rollback and resolve the issue.
If you intend to provide customers with CLI access to AtoM, you might consider similar measures.