Old Release
This documentation relates to an old version of DSpace, version 5.x. Looking for another version? See all documentation.
Support for DSpace 5 ended on January 1, 2023. See Support for DSpace 5 and 6 is ending in 2023
Authorization model
The DSpace authorization model is based on group level permissions. Memberships of different groups is not mutually exclusive. As a result, a users's permissions is the sum of all permissions granted through the memberships of each group.
All users are automatically member of the "Anonymous group", which is the group used to grant permissions to non-authorized users. The administrator group, is the one associated with administrator level privileges. These two groups are the only two mandatory ones, but an arbitrary number of additional groups can be used and configured.
Groups
...
Resource policies
...
User Accounts
When a user registers an account for the purpose of subscribing to change notices, submitting content, or the like, DSpace creates an EPerson record in the database. Administrators can manipulate these records in several ways.
Please note that when a user has submitted content, his EPerson record cannot be deleted because there are references to it from the submitted item(s). If it is necessary to prevent further use of such an account, it can be marked "cannot log in".
From the browser: XMLUI
TBS
From the browser: JSPUI
TBS
From the command line
The user
command
The dspace user
command adds, lists, modifies, and deletes EPerson records.
To create a new user account:
[dspace]/bin/dspace user --add --email jquser@example.com -g John -s User --password hiddensecret [dspace]/bin/dspace user --add --netid jquser --telephone 555-555-1234 --password hiddensecret
One of the options --email
is required to name the record. The complete options are: or --netid
-a | --add | required |
-m | email address | |
-n | --netid | "netid" (a username in an external system such as a directory – see Authentication Methods for details) |
-p | --password | a password for the account. Required. |
-g | --givenname | First or given name |
-s | --surname | Last or surname |
-t | --telephone | Telephone number |
-l | --language | Preferred language |
-c | --requireCertificate | Certificate required? See X.509 Authentication for details. |
To list accounts:
[dspace]/bin/dspace user --list
This simply lists some characteristics of each EPerson.
short | long | meaning |
---|---|---|
-L | --list | required |
To modify an account:
[dspace]/bin/dspace user --modify -m george@example.com
short | long | meaning |
---|---|---|
-M | --modify | required |
-m | identify the account by email address | |
-n | --netid | identify the account by netid |
-g | --givenname | First or given name |
-s | --surname | Last or surname |
-t | --telephone | telephone number |
-l | --language | preferred language |
-c | --requireCertificate | certificate required? |
-C | --canLogIn | is the account enabled or disabled? |
-i | --newEmail | set or change email address |
-I | --newNetid | set or change netid |
To delete an account:
[dspace]/bin/dspace user --delete -n martha
short | long | meaning |
---|---|---|
-d | --delete | required |
-m | identify the account by email address | |
-n | --netid | identify the account by netid |
The Groomer
This tool inspects all user accounts for several conditions.
short | long | meaning |
---|---|---|
-a | --aging | find accounts not logged in since a given date |
-u | --unsalted | find accounts not using salted password hashes |
-b | --before | date cutoff for --aging |
-d | --delete | delete disused accounts (used with --aging) |
Find accounts with unsalted passwords
Earlier versions of DSpace used an "unsalted hash" method to protect user passwords. Recent versions use a salted hash. You can find accounts which have never been converted to salted hashing:
[DSpace]/bin/dsrun org.dspace.eperson.Groomer -u
The output is a list of email addresses for matching accounts.
Find (and perhaps delete) disused accounts
You can list accounts which have not logged on since a given date:
[DSpace]/bin/dsrun org.dspace.eperson.Groomer -a -b 07/20/1969
The output is a tab-separated-value table of the EPerson ID, last login date, email address, netid, and full name for each matching account.
You can also have the tool delete matching accounts:
[DSpace]/bin/dsrun org.dspace.eperson.Groomer -a -b 07/20/1969 -d