Authorization model

The DSpace authorization model is based on group level permissions. Memberships of different groups is not mutually exclusive. As a result, a users's permissions is the sum of all permissions granted through the memberships of each group.

All users are automatically member of the "Anonymous group", which is the group used to grant permissions to non-authorized users. The administrator group, is the one associated with administrator level privileges. These two groups are the only two mandatory ones, but an arbitrary number of additional groups can be used and configured.

Groups

...

Resource policies

...

User Accounts

When a user registers an account for the purpose of subscribing to change notices, submitting content, or the like, DSpace creates an EPerson record in the database.  Administrators can manipulate these records in several ways.

...