All Versions
Islandora 7.x-1.13
Islandora 7.x-1.12
Islandora 7.x-1.11
Islandora 7.x-1.10
Islandora 7.x-1.9
Islandora 7.x-1.8
Islandora 7.x-1.7
Islandora 7.x-1.6
Islandora 7.x-1.5
Islandora 7.x-1.4
Islandora 7.x-1.3
Islandora 7.x-1.2
Islandora 7.x-1.1
Islandora 7.x-1.0 (Beta)
Islandora 6.x-13.1.x
Islandora 6.x-12.2.x
Islandora 6.x-12.1.x
Islandora 6.x-11.3.x
Islandora 6.x-11.2.x
Security in Islandora leverages both Drupal’s Access Control infrastructure (Drupal Roles and Permissions) with Fedora’s XACML security framework to create a highly flexible framework that can write restrictions to the datastream and IP level. Additional information about Fedora security is available at the FedoraCommons wiki (see our Selected Reading Section). Note that Fedora's restrictions are always enforced over Drupal's, but Fedora XACML policies cannot grant a user access that they do not have via Drupal permissions.
...
These initial policies are always enforced. No object-specific XACML policy can ever override a repository-wide XACML policy. This means you cannot use a repository-wide policy to forbid users to see any objects, and then use XACML to grant viewing rights on particular objects. However, object-specific XACML can deny rights that are allowed at the Fedora-wide level. You can author object-level XACML policies (to the DSID and role level) by using the XACML Editor (Copy).
Islandora will parse XACML it finds in two places - either the datastream of the object (in the CHILD_SECURITY or POLICY datastreams) or global XACML policies found at
...