How to hide authority records, subjects, and places from public view

[Daniela Moneta]

Dear Dan and others,

We are five archives, in five different parts of the world that use AtoM as a common database. We want our archives to be available to members of our organization only so keep all of our records private by leaving them in Draft form. However, we noticed that four categories are out there on the Internet for others to see even it they are not logged in. Is there any way that we can block out authority records, subjects, and places categories from showing up on the Internet?

 

We are not ready to open the database to “members only” but we wanted to give a small group of people who support our project a preview of the database by allowing them to view and search the database. We have one administrator with four archivists that have authenticated and editor privileges. How do we open access to a select group of members and eventually to all members and keep the database private? Am I doing something wrong because when I, as administrator, try to create a “view only” group it doesn’t work. Is that because all records are in Draft format?

 

Do we have to keep the entire database in Draft form always if we want to keep the database private? How do I create a view only user group that is private and password protected?

Many thanks,

Daniela Moneta

[David at Artefactual]

Hi Daniela,

There are several options for restricting access to AtoM.

Firstly, you are correct that there is currently no way in the AtoM application to hide authority records, subjects, or places via the application permissions as you can with archival descriptions.  When we added a "Draft" status for archival descriptions the feature was designed to allow expanding the Draft functionality to other resources, but to date only archival descriptions have a "draft" status.  Artefactual, as the primary developers of AtoM, currently add new features to AtoM using the Bounty model of open source development.  Adding a "Draft" status for other resources would require an organization to fund development or submit a code contribution.

Although you can't restrict access to all AtoM resources via the built in authentication methods, you can restrict access to AtoM via web server or a firewall configuration.   

At the webserver level you can implement Basic authentication on the virtual host used by AtoM.  Basic authentication will prompt anyone visiting the site for a username and password before they view the AtoM website. This prevents public users from seeing any data in your AtoM site, but does require privileged AtoM users (e.g. administrators, contributors) to log in twice: Once for basic authentication, and once for AtoM's own authentication system.

At the firewall level you can restrict access to the website port (usually port 80 for HTTP access and/or port 443 for HTTPS access) to prevent public access to the website.   You can then allow remote access for selected users by IP address, or by setting up a Virtual Private Network (VPN).   Firewall configuration is generally more complex then configuring basic authentication, but it doesn't necessitate authenticating twice for privileged users (though the VPN scenario still requires two authentications).   Please note that in all cases we recommend using a firewall to secure any AtoM installation.

Lastly, in AtoM you can grant permissions to "view draft" descriptions to a user or group.  As an example, you could add a new AtoM user, assign them to the "researcher" group (see step #5 of adding a new user), and grant "view draft" permissions to the researcher group.

Best regards,

David

On Tuesday, December 6, 2016 at 11:12:46 AM UTC-8, Daniela Moneta wrote:

Dear Dan and others,

require