You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
Overview
The Islandora XACML Editor provides a graphical user interface to edit XACML policies for objects in a repository or collection. It adds a new tab to each collection called Child Policy and a tab to each item called Item Policy, where permissions can be set on a per User or per Role basis for:
Dependencies
Drupal.org modules:
Installation
Install as usual, see this for further information.
Usage
Using the XACML Editor
Configuration
Fedora Configuration
It may be desirable--and in fact necessary for some modules--to disable/remove ene of the default XACML policies which denies any interactions with the POLICY datastream to users without the "administrator" role.
This policy is located here: $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/deny-policy-management-if-not-administrator.xml
Solr Searching Hook
In order to comply with XACML restrictions placed on objects, a hook is used to filter results that do not conform to a searching user's roles and name. This hook will not function correctly if the Solr fields for ViewableByUser
and ViewableByRole
are not defined correctly as they are set in the XSLT. These values can be set through the admin page for the module.
Notes
The XACML editor hooks into ingesting through the interface. When a child is added through the interface, the parent's POLICY will be applied if one exists.
If XACML policies are written or edited by hand, it may result in unexpected behaviour.
Troubleshooting/Issues
Having problems or solved a problem? Check out the Islandora google groups for a solution.