There are a couple ways you can limit access to digital objects for public users. Note that every digital object in AtoM has 3 parts after it is uploaded:
- The master digital object: your original upload. From this, 2 derivative copies are made:
- The reference display copy: a derivative created to be displayed on the archival description view page
- The thumbnail: a small version of the digital object used in search/browse results, and in the digital object carousel
You can restrict access to some or all of these, depending on your settings. Note that if you restrict access to all of them
It is also important to note that if public users can see a digital object or one of the derivatives in their browser, you have no way of prevent users from right-clicking and saving the image, or taking a screenshot. However, you can create low-resolution reference display copies (i.e. small derivatives) so they cannot be used commercially.
Using the permissions module
The first method is to use the Permissions object module. By default this is set not to give access to the master digital object (aka your original upload) to public users, but you can also restrict access to the reference display copy and/or the thumbnail by changing the Archival description permissions for the anonymous group. To do so:
- Navigate to Admin > Groups
- Select the "anonymous" group - this represents your public (i.e. not logged in) users
- Click on the "Archival description permissions" tab, and then press edit
- Change the Access master, Access reference, and/or Access thumbnail permissions from Inherit to Deny as desired. Save.
Once this is done, public users will be able to see that there IS a digital object, but they will not be able to view the digital object itself:
For example, here is what the Browse digital objects page looks like if you restrict access to the thumbnails:
And here is what an archival description view page looks like when you limit access to the reference display copy:
For more information, see:
Using the PREMIS Rights module
You can also use the PREMIS rights module to add actionable rights to digital objects - this is useful if you just want to restrict access to some of the digital objects, or have different restrictions based on the rights Basis you use and where you add them. There is also a way to inherit rights, so if you have a collection with 100 item-level children that include digital objects, you can add the rights once at the top, and then inherit them to lower levels - either all levels, or just those with digital objects.
Setting this up takes a bit more time, so I won't explain every step in detail here, since it is outlined in our documentation - see:
Here is a quick summary:
This module works by adding a Rights statement to an archival description, and then configuring the types of Rights statements that will restrict access to the digital objects in Admin > Settings > Permissions. Each rights statement can have an Act (what type of act are we describing? the act of deleting the digital object? The act of displaying it? etc), a Basis (where does the authority of this right come from? Copyright law? A donor agreement? An internal policy? etc), and a permission (is the Act allowed? Disallowed? or dependent on certain factors - i.e. conditional?). Read more here:
The Rights statements are repeatable - you can add as many as you want. However, only one type of PREMIS Act can be made "actionable." By this I mean: you can add any type of Rights statement to any description, but only the ones that use the PREMIS Act you set in Admin > Settings > Permissions will restrict access to digital objects, based on the settings.
You will then want to configure what rights Act you wish to make actionable. The Rights module has 7 different acts by default:
Let's say we choose to make "Display" actionable. Now, you configure the permissions matrix below: For each permission included in your rights statement (Allow, Disallow, or Conditional), you can configure whether the master, reference, and/or thumbnail is restricted. Green / checked means users will be allowed to view the related digital object; red / unchecked means when those conditions are met then access will be denied. An example:
In this configuration, when I:
- Add a rights statement to an archival description with a digital object attached, AND
- The rights statement I add uses "Display" as the PREMIS act, THEN for each possible basis (Copyright, License, Statute, Policy, Donor):
- When the Permission is "Allow" users can see all
- When the Permission is "Conditional" users cannot access the master digital object, but they can access the reference display copy and the thumbnail
- When the Permission is "Disallow" users cannot access the master, reference, or thumbnail for that description.
A couple of notes:
- The PREMIS rights settings will NOT override restrictions added in the Permissions module. That means, if you allow access to the Master digital object in the PREMIS rights, but your public users have "Access master" permissions set to Deny, they will still not be able to access the master until you change the permissions
- The PREMIS rights restrictions ONLY affect public users. Logged in users can see the digital objects you have hidden via the Rights module.