Versions Compared

Old Version 1

changes.mady.by.user Bram Luyten (Atmire)

Saved on

compared with

New Version Current

changes.mady.by.user Bram Luyten (Atmire)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Authorization model

The DSpace authorization model is based on group level permissions. Memberships of different groups is not mutually exclusive. As a result, a users's permissions is the sum of all permissions granted through the memberships of each group.

All users are automatically member of the "Anonymous group", which is the group used to grant permissions to non-authorized users. The administrator group, is the one associated with administrator level privileges. These two groups are the only two mandatory ones, but an arbitrary number of additional groups can be used and configured.

Groups

...

Resource policies

...

User Accounts

When a user registers an account for the purpose of subscribing to change notices, submitting content, or the like, DSpace creates an EPerson record in the database.  Administrators can manipulate these records in several ways.

...

From the browser:  JSPUI

TBS

From the command line

The user command

The dspace user command adds, lists, modifies, and deletes EPerson records.

To create a new user account:

Code Block
languagebash
[dspace]/bin/dspace user --add --email jquser@example.com -g John -s User --password hiddensecret
[dspace]/bin/dspace user --add --netid jquser --telephone 555-555-1234 --password hiddensecret

...

-a--addrequired
-m--emailemail address
-n--netid"netid" (a username in an external system such as a directory – see Authentication Methods for details)
-p--passworda password for the account.  Required.
-g--givennameFirst or given name
-s--surname

Last or surname

-t--telephoneTelephone number
-l--languagePreferred language
-c--requireCertificateCertificate required?  See X.509 Authentication for details.

To list accounts:

Code Block
languagebash
[dspace]/bin/dspace user --list

...

shortlongmeaning
-L--listrequired

To modify an account:

Code Block
languagebash
[dspace]/bin/dspace user --modify -m george@example.com

...

shortlongmeaning
-M--modifyrequired
-m--emailidentify the account by email address
-n--netididentify the account by netid
-g--givennameFirst or given name
-s--surnameLast or surname
-t--telephonetelephone number
-l--languagepreferred language
-c--requireCertificatecertificate required?
-C--canLogInis the account enabled or disabled?
-i--newEmailset or change email address
-I--newNetidset or change netid

 

To delete an account:

Code Block
languagebash
[dspace]/bin/dspace user --delete -n martha

...

shortlongmeaning
-d--deleterequired
-m--emailidentify the account by email address
-n--netididentify the account by netid

The Groomer

This tool inspects all user accounts for several conditions.

shortlongmeaning
-a--agingfind accounts not logged in since a given date
-u--unsaltedfind accounts not using salted password hashes
-b--before

date cutoff for --aging

-d--deletedelete disused accounts (used with --aging)

 

Find accounts with unsalted passwords

Earlier versions of DSpace used an "unsalted hash" method to protect user passwords.  Recent versions use a salted hash.  You can find accounts which have never been converted to salted hashing:

Code Block
languagebash
titleDiscovering accounts with unsalted password hashes
[DSpace]/bin/dsrun org.dspace.eperson.Groomer -u

The output is a list of email addresses for matching accounts.

Find (and perhaps delete) disused accounts

You can list accounts which have not logged on since a given date:

Code Block
languagebash
titleDiscovering disused accounts
[DSpace]/bin/dsrun org.dspace.eperson.Groomer -a -b 07/20/1969

The output is a tab-separated-value table of the EPerson ID, last login date, email address, netid, and full name for each matching account.

You can also have the tool delete matching accounts:

Code Block
languagebash
titleDeleting disused accounts
[DSpace]/bin/dsrun org.dspace.eperson.Groomer -a -b 07/20/1969 -d