All Versions
Islandora 7.x-1.13
Islandora 7.x-1.12
Islandora 7.x-1.11
Islandora 7.x-1.10
Islandora 7.x-1.9
Islandora 7.x-1.8
Islandora 7.x-1.7
Islandora 7.x-1.6
Islandora 7.x-1.5
Islandora 7.x-1.4
Islandora 7.x-1.3
Islandora 7.x-1.2
Islandora 7.x-1.1
Islandora 7.x-1.0 (Beta)
Islandora 6.x-13.1.x
Islandora 6.x-12.2.x
Islandora 6.x-12.1.x
Islandora 6.x-11.3.x
Islandora 6.x-11.2.x
Access restrictions to collections, objects, or datastreams in Islandora are controlled by a combination of Drupal roles and permissions and XACML policies stored in Fedora. Drupal roles and permissions control the type of access granted (access to view, manage, or delete) and XACML restrictions control which specific collections, objects, or files users with those permissions can access.
...
Below are more detailed instructions on using the Object Policy tab together with Drupal roles and permissions to restrict access to collections, objects, and files.
Object Management policies restrict access to the Manage tab on objects or collections to only the users and roles who are highlighted. These users and roles must also have Drupal permissions to perform management functions on repository objects.
...
| Warning |
|---|
In order to prevent accidentally locking yourself out of an object or collection, the XACML Editor will prompt you to always select your account and that of the admin user (user 1). To remove a XACML policy completely, delete the POLICY datastream under the Object Details tab rather than deselecting members in the XACML Editor. |
Object Viewing policies control who can view an object. If this option is not enabled, regular Drupal permissions will apply.
When enabled, this option will grant viewing access only to users and roles who have the necessary Drupal permissions and who are selected in the list of allowed users under Object Viewing. Object viewing permissions also affect all Solr views and search results.
Datastream (DSID) and MIME type restrictions control user access to individual datastreams on an object or collection. If this option is enabled, only the selected users will be able to view certain datastreams or file types attached to an object or collection. An example use of this functionality is to restrict the master copy (OBJ) of a file to administrators, but make an access copy or the metadata available to more users.
...
When editing the Object Policy at the collection level, an additional menu is available to determine how the policies will be applied to children of the collection (objects and child collections).
...