Problem retrieving records with "Draft" publication status

22 views
Skip to first unread message

Catula Pérez

unread,
Oct 23, 2023, 7:09:46 AM10/23/23
to AtoM Users
Good morning, I have a question regarding how AtoM searches work. I made an example in the AtoM demo: https://demo.accesstomemory.org/ If I search for “lady” I get 10 results: image 1.JPG (image 1) If I change in two records "Publication Status" from "PUBLISHED" to “DRAFT”: 8 results appear: image2.JPG (image 2) I want to create a user, and I give access and read permissions to one of the two records in “DRAFT” image3.JPG
(image 3) But when searching, 8 records appear, instead of 9 (8 published and 1 with “View draft” permission) Does anyone know what I'm doing wrong? Thank you very much to all. Greetings!

Catu

Dan Gillean

unread,
Oct 24, 2023, 9:16:00 AM10/24/23
to ica-ato...@googlegroups.com
Hi Catu, 

Unless you change the "Anonymous" user group permissions. Draft records are always hidden from public users. Was the Catu test user logged in when the search was conducted? If no, then changing the permissions to grant View Draft will have no effect, because they must still be logged in for them to be visible. 

AtoM works on an inheritance model for permissions, so one alternative you could try: 

Instead of customizing the permissions for the Catu test user directly, try adding that user to one of the existing User Groups that can view drafts. For example, if you are trying to grant ALL permissions to this user, then add them to the "Administrators" group. If you just want them to be able to log in and see Drafts, but not really edit or make administrative changes, try adding them just to the Authenticated group, and double-check that the Authenticated group permissions are set to Grant View Draft permissions. 

Hope this helps! 

Cheers, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056
@accesstomemory
he / him


--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/62203ae3-a58b-4e86-8d3b-b26e8f7e914bn%40googlegroups.com.

Catula Pérez

unread,
Oct 24, 2023, 1:13:42 PM10/24/23
to ica-ato...@googlegroups.com
Thank you for your kind response Dan,
In the example of my previous email yes, my user was logged in. I can
read that record in Draft, but it doesn't appear in searches.
At my institution we have several funds, all them with Draft
publication status (Fond A, Fond B, Fond C and Fond D), with an
archivist working on each of them. For example, Archivist A have all
permissions (read, view draft, update, etc... ) only for Fond A.
The problem here is when Archivist A searchs something: the results is always 0.
We'd like know configure "information object permissions" so that an
archivist can only search by their fond, not items for the other
fonds.

Thank you very much again. Greetings!



Catu




El mar, 24 oct 2023 a las 15:16, Dan Gillean (<d...@artefactual.com>) escribió:
>
> Hi Catu,
>
> Unless you change the "Anonymous" user group permissions. Draft records are always hidden from public users. Was the Catu test user logged in when the search was conducted? If no, then changing the permissions to grant View Draft will have no effect, because they must still be logged in for them to be visible.
>
> AtoM works on an inheritance model for permissions, so one alternative you could try:
>
> Instead of customizing the permissions for the Catu test user directly, try adding that user to one of the existing User Groups that can view drafts. For example, if you are trying to grant ALL permissions to this user, then add them to the "Administrators" group. If you just want them to be able to log in and see Drafts, but not really edit or make administrative changes, try adding them just to the Authenticated group, and double-check that the Authenticated group permissions are set to Grant View Draft permissions.
>
> Hope this helps!
>
> Cheers,
>
> Dan Gillean, MAS, MLIS
> AtoM Program Manager
> Artefactual Systems, Inc.
> 604-527-2056
> @accesstomemory
> he / him
>
>
> On Mon, Oct 23, 2023 at 7:09 AM Catula Pérez <catu.p...@gmail.com> wrote:
>>
>> Good morning, I have a question regarding how AtoM searches work. I made an example in the AtoM demo: https://demo.accesstomemory.org/ If I search for “lady” I get 10 results: (image 1) If I change in two records "Publication Status" from "PUBLISHED" to “DRAFT”: 8 results appear: (image 2) I want to create a user, and I give access and read permissions to one of the two records in “DRAFT”
>> (image 3) But when searching, 8 records appear, instead of 9 (8 published and 1 with “View draft” permission) Does anyone know what I'm doing wrong? Thank you very much to all. Greetings!
>>
>> Catu
>>
>> --
>> You received this message because you are subscribed to the Google Groups "AtoM Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/62203ae3-a58b-4e86-8d3b-b26e8f7e914bn%40googlegroups.com.
>
> --
> You received this message because you are subscribed to the Google Groups "AtoM Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/CAC1FhZ%2Bbf0HZgrs%3D6O_jaUdgcXG%3DmLMungo6y5WJa31KHD-WDA%40mail.gmail.com.

Dan Gillean

unread,
Oct 25, 2023, 9:04:11 AM10/25/23
to ica-ato...@googlegroups.com
Hi again Catu, 

Without seeing exactly how you have configured the permissions it is difficult to offer suggestions, but Draft records should be showing up in search results for logged in users who have View Draft Permissions. That said, I strongly suspect that this is a result of trying to over-configure the permissions to be very restrictive. 

Unfortunately you may be encountering some known limitations and bugs of AtoM, and may not be able to implement exactly what you are hoping to achieve with AtoM's existing permissions module. The short version is: AtoM's permissions module has some known issues when attempting to manage very granular permissions, and it does not scale well. It has required an overhaul for years, but this will be an expensive process, and so far no one has funded the work. 

Also, the application was not designed with true multi-tenancy in mind (where user A can only see the records of Repository A, and user B can only see those of repository B, etc). Instead, its multi-repository functionality was focused on access -  it was intended to allow for a single administrator to manage contributions from multiple external institutions (each with their OWN SEPARATE archival management system) to create regional or national portals, union catalogs, and the like. More importantly, while AtoM does have the publication status / draft status for archival descriptions, other important modules (such as accession records, physical storage, donors, rights holders, terms, etc) do NOT have a way to associate them with only one repository. 

There's a lot more context that could be shared here, but much of it has been said before. The short version is: AtoM's permissions module was first added over a decade ago (when the application's primary use case was small to medium archives, with simpler permissions needs), and unfortunately, while AtoM's user base has grown exponentially and the ways in which the community attempts to use it have multiplied, the permissions module has not received any significant overhaul. Consequently, there are many known performance and scalability issues, as well as a number of bugs that are difficult to change without performing a full rewrite. We'd like to do this, but it's a major piece of work - meaning that for Artefactual to take it on, we'd need community support, either in the form of community code contributions or development sponsorship. So far no one has been willing to fund the level of work necessary to truly address these issues.

For a longer response with more details, history, and context on some of the known issues with the permissions module, see some of our previous responses on this topic in the forum, such as:
In the meantime: you will have the most success trying to keep the permissions as simple as possible. If the intent is to publish the archival descriptions when they are done, is it really so important that Archivist A not see the draft description of Archivist B? If you can establish some internal policies and rely on the trust and professionalism of your archival peers and colleagues rather than strictly enforcing separation via permissions, then easing the permissions implementation will likely lead to better results. This is clearly not ideal, but for the kind of separation you are looking for, the alternative is likely to give them separate installations. 

Regards, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056
@accesstomemory
he / him


Reply all
Reply to author
Forward
0 new messages