Hi Hardy and Peter,
Thanks for the enthusiasm! I've been using similar scripts for reports and
other things like managing files (moving bitstreams conditionally to other
bundles, adding embargo dates in bulk, etc.), where there isn't currently a lot
of tooling in place.
I've thought about packaging the functionality as a library/gem, but couldn't
decide what it should look like (provide a DSL? read instructions from a
spreadsheet?), and then got distracted by other things...
I'll revisit this. I'll contact you later off-list for guidance on writing an
article for the wiki.
Jacob
From: Pottinger, Hardy J. [mailto:pottinge...@missouri.edu]
Sent: Tuesday, November 11, 2014 2:39 PM
To: Peter Dietz; Brown, Jacob
Cc: Dspace Tech list
Subject: RE: [Dspace-tech] DSpace authorization policies
Hi, Jacob, I agree with Peter's enthusiasm, this is indeed really cool, and
handy to have as an example. It would be nice to grow a collection of similar
scripts, and share them around. Would you consider writing an article for the
DSpace documentation wiki? I think you definitely have the makings for a
presentation and/or workshop at a DSpace Users Group. [1]
[1] http://www.or2015.net/
________________________________
From: Peter Dietz [pe...@longsight.com]
Sent: Tuesday, November 11, 2014 2:14 PM
To: Brown, Jacob
Cc: Dspace Tech list
Subject: Re: [Dspace-tech] DSpace authorization policies
Jacob,
That is REALLY cool!
So, for quick one-off tasks, this jruby looks pretty handy. You have full
access to the dspace-api, so you can access database, solr, dspace-objects,
elasticsearch, everything I guess. And its really quick to get running. i.e. A
development cycle (change code, re-run code) is just a few seconds, rather than
5+ minutes for a full DSpace rebuild.
So for admin tasks, and especially reports, this is perfect.
Thanks for sharing.
________________
Peter Dietz
Longsight
www.longsight.com<http://www.longsight.com>
pe...@longsight.com<mailto:pe...@longsight.com>
p: 740-599-5005 x809
On Tue, Nov 11, 2014 at 11:45 AM, Brown, Jacob
<j.h.br...@tcu.edu<mailto:j.h.br...@tcu.edu>> wrote:
I've started using JRuby for administrative/backend stuff like this to work
with the DSpace API, and I've found it to be very convenient and more flexible
than using straight SQL for most things.
Here is an example script for doing something along the lines you mention:
https://gist.github.com/kardeiz/c8ab990614dbbcb31213.
This certainly isn't as fast/efficient as a SQL script, but I've found it's
really nice to have a DSpace scripting language. For this example, I
"monkeypatched" the ResourcePolicy class since it doesn't have a `findAll`
method, but this usually isn't necessary. This is just a first quick
iteration-there are lots of things that could be improved in this script. Use
at your own risk (though I don't think there is anything breakable here).
Jacob Brown
Digital Services Librarian
j.h.br...@tcu.edu<mailto:j.h.br...@tcu.edu>
817-257-5339<tel:817-257-5339>
From: Paul Go [mailto:p...@iit.edu<mailto:p...@iit.edu>]
Sent: Monday, November 10, 2014 12:36 PM
To: Peter Dietz
Cc: Dspace Tech list; DSpace General Mailing List
Subject: Re: [Dspace-tech] DSpace authorization policies
Thank you, Peter.
Paul Go
Systems Librarian /
Library Technology Manager /
CS and ITM Liaison
Paul V. Galvin Library
Illinois Institute of Technology
35 West 33rd Street
Chicago, IL 60616
312.567.7997<tel:312.567.7997>
p...@iit.edu<mailto:p...@iit.edu>
Driving Innovation through Knowledge and Scholarship
On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz
<pe...@longsight.com<mailto:pe...@longsight.com>> wrote:
Hi Paul,
There are a lot of relationships in the authorization policies, to handle all
of that complexity, I think you could build some custom java code to walk
through all of them, and join all of the resources, and all of the epersons and
epersongroups.
Here's an inaccurate query that would give you some of the information:
SELECT
*
FROM
public.handle,
public.resourcepolicy,
public.epersongroup
WHERE
resourcepolicy.resource_type_id = handle.resource_type_id AND
resourcepolicy.resource_id = handle.resource_id AND
resourcepolicy.epersongroup_id = epersongroup.eperson_group_id;
This would show you what objects with handles (community, collection, item),
have an authorization policy to an eperson-group. You would have to make other
queries to find policies that map to an eperson (as opposed to eperson group).
And also, this only connects to things with handles, which misses bundles and
bitstreams.
Since this is for an audit, your probably more concerned with finding users
with irregular permissions, so maybe you could work backwords. Start with all
the eperson, and see which one's are members of groups or resourcepolicy's.
Because it's likely that you'll find that 99% of users have essentially nothing
interesting in terms of policies/memberships, and then just investigate the
dozen or so users with permissions.
Good luck! If you end up creating any interesting java code (such as a query
tool to look at all of this information), or just a series of SQL queries it
might be helpful to share back your eventual findings.
________________
Peter Dietz
Longsight
www.longsight.com<http://www.longsight.com>
pe...@longsight.com<mailto:pe...@longsight.com>
p: 740-599-5005 x809<tel:740-599-5005%20x809>
On Mon, Nov 10, 2014 at 12:44 PM, Paul Go <p...@iit.edu<mailto:p...@iit.edu>>
wrote:
Is there a way to export the entirety of the authorization policies so that we
can audit them in bulk rather than one by one?
Paul Go
Systems Librarian /
Library Technology Manager /
CS and ITM Liaison
Paul V. Galvin Library
Illinois Institute of Technology
35 West 33rd Street
Chicago, IL 60616
312.567.7997<tel:312.567.7997>
p...@iit.edu<mailto:p...@iit.edu>
Driving Innovation through Knowledge and Scholarship
------------------------------------------------------------------------------
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net<mailto:DSpace-tech@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
