Possible to restrict access to individual items to those logged in to library's proxy server?

38 views
Skip to first unread message

leanne...@gmail.com

unread,
Aug 7, 2018, 12:26:06 PM8/7/18
to AtoM Users
Hello all,

Total newbie question here: We're looking at moving to AtoM and I'm wondering if it might have a solution to something I'm working on.

We have a few digital objects (PDFs, videos) that are only licensed for our users.  So, we'd need to restrict access to people on campus or who are off-campus and logged in to our proxy server.

Is that something that we can do with the rights options in AtoM?  I'm looking here and I'm not quite sure:

Thanks very much, 

Leanne Olson

 

Digitization and Digital Preservation Librarian

Western Libraries, Western University

London, Ontario, Canada

 

519-661-2111 x 88066

lol...@uwo.ca

Dan Gillean

unread,
Aug 7, 2018, 1:35:03 PM8/7/18
to ICA-AtoM Users
Hi Leanne, 

It depends on what level of granular access controls you need. 

The Rights module can use PREMIS Rights statements to restrict access to the digital object master and any of its derivatives (thumbnail in search/browse results; reference display copy on the description view page), but it is designed to only work for non-authenticated users - that is, users who are not logged into AtoM. If all the users you are referring to are public (i.e. not logged in) users, then this solution could work very well - though it also does not allow per-account exceptions. 

You could create a new user group for people who need to log in, and restrict all but the View permissions (so they can't edit or delete content, etc.) but there are several other permissions that this affects. For example, publication status works the same way - so anyone who can log into the application will be able to view draft records. You can use the permissions module to Deny permission to view drafts, but they will still be visible in search and browse results, in the treeview of hierarchical descriptions, etc - your logged in users just won't be able to click on them for further information. 

If you are using the Visible elements module, this also operates in the same way: once a user is logged in, they will be able to see any fields that were hidden from public users using this module. 

I'm still not 100% clear on your use case, so let me know if this answers your question, and if not, perhaps provide a bit more detail on what the current access arrangement looks like, and what your desired use case / outcome would be? Thanks! 

Regards, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056
@accesstomemory

--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-users+unsubscribe@googlegroups.com.
To post to this group, send email to ica-atom-users@googlegroups.com.
Visit this group at https://groups.google.com/group/ica-atom-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/7697f037-bd48-4ea8-9aac-6854cdd62259%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Leanne Olson

unread,
Aug 7, 2018, 1:58:58 PM8/7/18
to AtoM Users
Thanks so much, Dan.  Let me see if I can figure out how to explain this.  

We have some resources whose license only allows us to provide them to users who are on campus or accessing them from off-campus and logged into their library account (so, accessing them through our proxy server).  So, a PDF or a streaming video object that we'd like to provide access to via Atom but restrict access to those who have the correct IP address (on-campus, or via the proxy server).

So yes, these would all be public users -- not users logged into AtoM.  All of our students, faculty members, etc.

Can we set up Digital Object X to only be viewable if users are accessing AtoM from a specific IP range?  I think that's what I'm really asking.  And then Digital Objects Y & Z would be public access (open access items that anyone can view).

Apologies for the awkward wording and explanation.  I'm new to dealing with proxies and such so I'm still figuring out what exactly I'm trying to do :-)

Thanks,
Leanne

To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To post to this group, send email to ica-ato...@googlegroups.com.

Dan Gillean

unread,
Aug 8, 2018, 12:06:12 PM8/8/18
to ICA-AtoM Users
Hi Leanne, 

It's possible there is a way to do this via webserver configurations, but you would have to dig into the Nginx (or whatever web server you are using) documentation, and look into proxies themselves, to figure that out. Unfortunately, there's no way to do this directly in AtoM at this time. 

Best of luck!

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056
@accesstomemory

To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-users+unsubscribe@googlegroups.com.
To post to this group, send email to ica-atom-users@googlegroups.com.

Leanne Olson

unread,
Aug 8, 2018, 12:09:10 PM8/8/18
to AtoM Users
Thanks Dan!  That makes sense.  

Leanne
Reply all
Reply to author
Forward
0 new messages