Re: [Dspace-tech] DSpace authorization policies
Hello Marina, I tried your below suggestion on one item and inserted its corresponding entry into the resourcepolicy table. But when I open the item I am still getting an error: This item is restricted You do not have the credentials to access the restricted item hdl:10938/31966. I am sure I have an entry for resource_id 31966 of time 2 and with 0 read and 0 anonymous as you described below. Do I have to do any build or anything after inserting the record? Or might it be reading from another table? Please advise, Thank you! Layale. From: Muilwijk, M. (Marina) [mailto:m.muilw...@uu.nl] Sent: Thursday, April 16, 2015 11:53 AM To: Layale Bassil Cc: Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies Hello Layale, you need the resourcepolicy table. Here's what I use (in DSpace 3.2) to give Anonymous read access to an item: select nextval('resourcepolicy_seq'); (this gets the next resourcepolicy_id) insert into resourcepolicy (policy_id, resource_type_id, resource_id, action_id, epersongroup_id) values ([the resourcepolicy_id], 2, [the id of the item], 0, 0); In this SQL the 2 means a resource of the type item, the first 0 is read and the second 0 is Anonymous. Hope this helps, Marina Op 16 apr. 2015, om 10:18 heeft Layale Bassil l...@aub.edu.lbmailto:l...@aub.edu.lb het volgende geschreven: Hello Terry, Thank you so much for the below info. I checked the PHP code and the queries but still a little lost. What I need should be straighforward since you are familiar with the tables’ structure. I have a list of items and I need to write and SQL Statement in order to set the access to those items Anonymous. I need to know what tables should I edit and what is the ID of the Anonymous secutiry policy, etc… Your help is very much appreciated. Best Regards, Layale. From: Terry Brady [mailto:terry.br...@georgetown.edu] Sent: Monday, April 06, 2015 7:08 PM To: Layale Bassil; Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies We had a similar need, so we developed a set of PHP toolshttps://github.com/Georgetown-University-Libraries/batch-tools/wiki/Quality-control-reports-tailored-to-your-metadata-standards that iterate over every collection / community and report on interesting use cases such as restricted access/embargoed content in each collection. The following SQL fragments might help in your investigation. https://github.com/Georgetown-University-Libraries/batch-tools/blob/master/web/query/queriesEmbargo.php You can wrap these SQL fragments in the following manner select i.owning_collection,count(*) from item i where 1=1 *** insert query fragment *** group by i.owning_collection Terry On Thu, Apr 2, 2015 at 2:44 AM, Layale Bassil l...@aub.edu.lbmailto:l...@aub.edu.lb wrote: Dear All, Thank you so much for your valuable input! However, I would like to be able to do the same but using SQL queries. I don’t have access to run scripts on the server where Dspace is installed. Add to this, I don’t know how to write Ruby code. I need to make a batch change to the access policies of all items older than 50 years (having publication date older than year 1964). I want to make them public (ANONYMOUS). I tried to query the resourcepolicy table, but I didn’t know how can I set the right policy and how to link the item id with the resouce id. Your help is very much appreciated. Regards. From: Brown, Jacob [mailto:j.h.br...@tcu.edumailto:j.h.br...@tcu.edu] Sent: Wednesday, November 12, 2014 9:18 PM To: Mark Diggory; Peter Dietz Cc: Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies I put together (very quickly!) a tiny gem as a wrapper/DSL for creating admin scripts: https://github.com/kardeiz/dscriptor. It basically wraps a set of commands in a block which loads the DSpace jars and configuration, starts the ServiceManager, and then closes the context on exit. The repo contains an example of altering a DSpace object (renaming a collection). There are a lot of convenience methods that could be added to the block context, and I’ll try to add more sample scripts. Currently you kind of have to have some familiarity with Ruby to use this tool (but it wouldn’t be that difficult to add another abstraction layer on top of this). Jacob From: mdigg...@gmail.commailto:mdigg...@gmail.com [mailto:mdigg...@gmail.com] On Behalf Of Mark Diggory Sent: Tuesday, November 11, 2014 3:32 PM To: Peter Dietz Cc: Brown, Jacob; Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies Jacob / Peter, I agree, this is most excellent. The added benefit of not manipulating the database directly is that the Event System is properly activated if you do manipulations, do you have an example that alters DSpace objects? Other thoughts, The ServiceManager could stand to be activated to assure it can be leveraged. Example code: https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org
Re: [Dspace-tech] DSpace authorization policies
Hello Layale, you need the resourcepolicy table. Here's what I use (in DSpace 3.2) to give Anonymous read access to an item: select nextval('resourcepolicy_seq'); (this gets the next resourcepolicy_id) insert into resourcepolicy (policy_id, resource_type_id, resource_id, action_id, epersongroup_id) values ([the resourcepolicy_id], 2, [the id of the item], 0, 0); In this SQL the 2 means a resource of the type item, the first 0 is read and the second 0 is Anonymous. Hope this helps, Marina Op 16 apr. 2015, om 10:18 heeft Layale Bassil l...@aub.edu.lbmailto:l...@aub.edu.lb het volgende geschreven: Hello Terry, Thank you so much for the below info. I checked the PHP code and the queries but still a little lost. What I need should be straighforward since you are familiar with the tables’ structure. I have a list of items and I need to write and SQL Statement in order to set the access to those items Anonymous. I need to know what tables should I edit and what is the ID of the Anonymous secutiry policy, etc… Your help is very much appreciated. Best Regards, Layale. From: Terry Brady [mailto:terry.br...@georgetown.edu] Sent: Monday, April 06, 2015 7:08 PM To: Layale Bassil; Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies We had a similar need, so we developed a set of PHP toolshttps://github.com/Georgetown-University-Libraries/batch-tools/wiki/Quality-control-reports-tailored-to-your-metadata-standards that iterate over every collection / community and report on interesting use cases such as restricted access/embargoed content in each collection. The following SQL fragments might help in your investigation. https://github.com/Georgetown-University-Libraries/batch-tools/blob/master/web/query/queriesEmbargo.php You can wrap these SQL fragments in the following manner select i.owning_collection,count(*) from item i where 1=1 *** insert query fragment *** group by i.owning_collection Terry On Thu, Apr 2, 2015 at 2:44 AM, Layale Bassil l...@aub.edu.lbmailto:l...@aub.edu.lb wrote: Dear All, Thank you so much for your valuable input! However, I would like to be able to do the same but using SQL queries. I don’t have access to run scripts on the server where Dspace is installed. Add to this, I don’t know how to write Ruby code. I need to make a batch change to the access policies of all items older than 50 years (having publication date older than year 1964). I want to make them public (ANONYMOUS). I tried to query the resourcepolicy table, but I didn’t know how can I set the right policy and how to link the item id with the resouce id. Your help is very much appreciated. Regards. From: Brown, Jacob [mailto:j.h.br...@tcu.edumailto:j.h.br...@tcu.edu] Sent: Wednesday, November 12, 2014 9:18 PM To: Mark Diggory; Peter Dietz Cc: Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies I put together (very quickly!) a tiny gem as a wrapper/DSL for creating admin scripts: https://github.com/kardeiz/dscriptor. It basically wraps a set of commands in a block which loads the DSpace jars and configuration, starts the ServiceManager, and then closes the context on exit. The repo contains an example of altering a DSpace object (renaming a collection). There are a lot of convenience methods that could be added to the block context, and I’ll try to add more sample scripts. Currently you kind of have to have some familiarity with Ruby to use this tool (but it wouldn’t be that difficult to add another abstraction layer on top of this). Jacob From: mdigg...@gmail.commailto:mdigg...@gmail.com [mailto:mdigg...@gmail.com] On Behalf Of Mark Diggory Sent: Tuesday, November 11, 2014 3:32 PM To: Peter Dietz Cc: Brown, Jacob; Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies Jacob / Peter, I agree, this is most excellent. The added benefit of not manipulating the database directly is that the Event System is properly activated if you do manipulations, do you have an example that alters DSpace objects? Other thoughts, The ServiceManager could stand to be activated to assure it can be leveraged. Example code: https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/app/launcher/ScriptLauncher.java Cheers, Mark On Tue, Nov 11, 2014 at 12:14 PM, Peter Dietz pe...@longsight.commailto:pe...@longsight.com wrote: Jacob, That is REALLY cool! So, for quick one-off tasks, this jruby looks pretty handy. You have full access to the dspace-api, so you can access database, solr, dspace-objects, elasticsearch, everything I guess. And its really quick to get running. i.e. A development cycle (change code, re-run code) is just a few seconds, rather than 5+ minutes for a full DSpace rebuild. So for admin tasks, and especially reports, this is perfect. Thanks for sharing. Peter Dietz Longsight www.longsight.comhttp://www.longsight.com/ pe...@longsight.commailto:pe
Re: [Dspace-tech] DSpace authorization policies
Hello Terry, Thank you so much for the below info. I checked the PHP code and the queries but still a little lost. What I need should be straighforward since you are familiar with the tables’ structure. I have a list of items and I need to write and SQL Statement in order to set the access to those items Anonymous. I need to know what tables should I edit and what is the ID of the Anonymous secutiry policy, etc… Your help is very much appreciated. Best Regards, Layale. From: Terry Brady [mailto:terry.br...@georgetown.edu] Sent: Monday, April 06, 2015 7:08 PM To: Layale Bassil; Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies We had a similar need, so we developed a set of PHP toolshttps://github.com/Georgetown-University-Libraries/batch-tools/wiki/Quality-control-reports-tailored-to-your-metadata-standards that iterate over every collection / community and report on interesting use cases such as restricted access/embargoed content in each collection. The following SQL fragments might help in your investigation. https://github.com/Georgetown-University-Libraries/batch-tools/blob/master/web/query/queriesEmbargo.php You can wrap these SQL fragments in the following manner select i.owning_collection,count(*) from item i where 1=1 *** insert query fragment *** group by i.owning_collection Terry On Thu, Apr 2, 2015 at 2:44 AM, Layale Bassil l...@aub.edu.lbmailto:l...@aub.edu.lb wrote: Dear All, Thank you so much for your valuable input! However, I would like to be able to do the same but using SQL queries. I don’t have access to run scripts on the server where Dspace is installed. Add to this, I don’t know how to write Ruby code. I need to make a batch change to the access policies of all items older than 50 years (having publication date older than year 1964). I want to make them public (ANONYMOUS). I tried to query the resourcepolicy table, but I didn’t know how can I set the right policy and how to link the item id with the resouce id. Your help is very much appreciated. Regards. From: Brown, Jacob [mailto:j.h.br...@tcu.edumailto:j.h.br...@tcu.edu] Sent: Wednesday, November 12, 2014 9:18 PM To: Mark Diggory; Peter Dietz Cc: Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies I put together (very quickly!) a tiny gem as a wrapper/DSL for creating admin scripts: https://github.com/kardeiz/dscriptor. It basically wraps a set of commands in a block which loads the DSpace jars and configuration, starts the ServiceManager, and then closes the context on exit. The repo contains an example of altering a DSpace object (renaming a collection). There are a lot of convenience methods that could be added to the block context, and I’ll try to add more sample scripts. Currently you kind of have to have some familiarity with Ruby to use this tool (but it wouldn’t be that difficult to add another abstraction layer on top of this). Jacob From: mdigg...@gmail.commailto:mdigg...@gmail.com [mailto:mdigg...@gmail.com] On Behalf Of Mark Diggory Sent: Tuesday, November 11, 2014 3:32 PM To: Peter Dietz Cc: Brown, Jacob; Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies Jacob / Peter, I agree, this is most excellent. The added benefit of not manipulating the database directly is that the Event System is properly activated if you do manipulations, do you have an example that alters DSpace objects? Other thoughts, The ServiceManager could stand to be activated to assure it can be leveraged. Example code: https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/app/launcher/ScriptLauncher.java Cheers, Mark On Tue, Nov 11, 2014 at 12:14 PM, Peter Dietz pe...@longsight.commailto:pe...@longsight.com wrote: Jacob, That is REALLY cool! So, for quick one-off tasks, this jruby looks pretty handy. You have full access to the dspace-api, so you can access database, solr, dspace-objects, elasticsearch, everything I guess. And its really quick to get running. i.e. A development cycle (change code, re-run code) is just a few seconds, rather than 5+ minutes for a full DSpace rebuild. So for admin tasks, and especially reports, this is perfect. Thanks for sharing. Peter Dietz Longsight www.longsight.comhttp://www.longsight.com pe...@longsight.commailto:pe...@longsight.com p: 740-599-5005 x809tel:740-599-5005%20x809 On Tue, Nov 11, 2014 at 11:45 AM, Brown, Jacob j.h.br...@tcu.edumailto:j.h.br...@tcu.edu wrote: I’ve started using JRuby for administrative/backend stuff like this to work with the DSpace API, and I’ve found it to be very convenient and more flexible than using straight SQL for most things. Here is an example script for doing something along the lines you mention: https://gist.github.com/kardeiz/c8ab990614dbbcb31213. This certainly isn’t as fast/efficient as a SQL script, but I’ve found it’s really nice to have a DSpace scripting language
Re: [Dspace-tech] DSpace authorization policies
Hello Marina, Thank you so much for your prompt response. I will try your suggestion and get back to you. Many thanks, Regards. Layale. From: Muilwijk, M. (Marina) [mailto:m.muilw...@uu.nl] Sent: Thursday, April 16, 2015 11:53 AM To: Layale Bassil Cc: Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies Hello Layale, you need the resourcepolicy table. Here's what I use (in DSpace 3.2) to give Anonymous read access to an item: select nextval('resourcepolicy_seq'); (this gets the next resourcepolicy_id) insert into resourcepolicy (policy_id, resource_type_id, resource_id, action_id, epersongroup_id) values ([the resourcepolicy_id], 2, [the id of the item], 0, 0); In this SQL the 2 means a resource of the type item, the first 0 is read and the second 0 is Anonymous. Hope this helps, Marina Op 16 apr. 2015, om 10:18 heeft Layale Bassil l...@aub.edu.lbmailto:l...@aub.edu.lb het volgende geschreven: Hello Terry, Thank you so much for the below info. I checked the PHP code and the queries but still a little lost. What I need should be straighforward since you are familiar with the tables’ structure. I have a list of items and I need to write and SQL Statement in order to set the access to those items Anonymous. I need to know what tables should I edit and what is the ID of the Anonymous secutiry policy, etc… Your help is very much appreciated. Best Regards, Layale. From: Terry Brady [mailto:terry.br...@georgetown.edu] Sent: Monday, April 06, 2015 7:08 PM To: Layale Bassil; Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies We had a similar need, so we developed a set of PHP toolshttps://github.com/Georgetown-University-Libraries/batch-tools/wiki/Quality-control-reports-tailored-to-your-metadata-standards that iterate over every collection / community and report on interesting use cases such as restricted access/embargoed content in each collection. The following SQL fragments might help in your investigation. https://github.com/Georgetown-University-Libraries/batch-tools/blob/master/web/query/queriesEmbargo.php You can wrap these SQL fragments in the following manner select i.owning_collection,count(*) from item i where 1=1 *** insert query fragment *** group by i.owning_collection Terry On Thu, Apr 2, 2015 at 2:44 AM, Layale Bassil l...@aub.edu.lbmailto:l...@aub.edu.lb wrote: Dear All, Thank you so much for your valuable input! However, I would like to be able to do the same but using SQL queries. I don’t have access to run scripts on the server where Dspace is installed. Add to this, I don’t know how to write Ruby code. I need to make a batch change to the access policies of all items older than 50 years (having publication date older than year 1964). I want to make them public (ANONYMOUS). I tried to query the resourcepolicy table, but I didn’t know how can I set the right policy and how to link the item id with the resouce id. Your help is very much appreciated. Regards. From: Brown, Jacob [mailto:j.h.br...@tcu.edumailto:j.h.br...@tcu.edu] Sent: Wednesday, November 12, 2014 9:18 PM To: Mark Diggory; Peter Dietz Cc: Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies I put together (very quickly!) a tiny gem as a wrapper/DSL for creating admin scripts: https://github.com/kardeiz/dscriptor. It basically wraps a set of commands in a block which loads the DSpace jars and configuration, starts the ServiceManager, and then closes the context on exit. The repo contains an example of altering a DSpace object (renaming a collection). There are a lot of convenience methods that could be added to the block context, and I’ll try to add more sample scripts. Currently you kind of have to have some familiarity with Ruby to use this tool (but it wouldn’t be that difficult to add another abstraction layer on top of this). Jacob From: mdigg...@gmail.commailto:mdigg...@gmail.com [mailto:mdigg...@gmail.com] On Behalf Of Mark Diggory Sent: Tuesday, November 11, 2014 3:32 PM To: Peter Dietz Cc: Brown, Jacob; Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies Jacob / Peter, I agree, this is most excellent. The added benefit of not manipulating the database directly is that the Event System is properly activated if you do manipulations, do you have an example that alters DSpace objects? Other thoughts, The ServiceManager could stand to be activated to assure it can be leveraged. Example code: https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/app/launcher/ScriptLauncher.java Cheers, Mark On Tue, Nov 11, 2014 at 12:14 PM, Peter Dietz pe...@longsight.commailto:pe...@longsight.com wrote: Jacob, That is REALLY cool! So, for quick one-off tasks, this jruby looks pretty handy. You have full access to the dspace-api, so you can access database, solr, dspace-objects, elasticsearch, everything I guess. And its really quick to get running
Re: [Dspace-tech] DSpace authorization policies
We had a similar need, so we developed a set of PHP tools https://github.com/Georgetown-University-Libraries/batch-tools/wiki/Quality-control-reports-tailored-to-your-metadata-standards that iterate over every collection / community and report on interesting use cases such as restricted access/embargoed content in each collection. The following SQL fragments might help in your investigation. https://github.com/Georgetown-University-Libraries/batch-tools/blob/master/web/query/queriesEmbargo.php You can wrap these SQL fragments in the following manner select i.owning_collection,count(*) from item i where 1=1 *** insert query fragment *** group by i.owning_collection Terry On Thu, Apr 2, 2015 at 2:44 AM, Layale Bassil l...@aub.edu.lb wrote: Dear All, Thank you so much for your valuable input! However, I would like to be able to do the same but using SQL queries. I don’t have access to run scripts on the server where Dspace is installed. Add to this, I don’t know how to write Ruby code. I need to make a batch change to the access policies of all items older than 50 years (having publication date older than year 1964). I want to make them public (ANONYMOUS). I tried to query the resourcepolicy table, but I didn’t know how can I set the right policy and how to link the item id with the resouce id. Your help is very much appreciated. Regards. *From:* Brown, Jacob [mailto:j.h.br...@tcu.edu] *Sent:* Wednesday, November 12, 2014 9:18 PM *To:* Mark Diggory; Peter Dietz *Cc:* Dspace Tech list *Subject:* Re: [Dspace-tech] DSpace authorization policies I put together (very quickly!) a tiny gem as a wrapper/DSL for creating admin scripts: https://github.com/kardeiz/dscriptor. It basically wraps a set of commands in a block which loads the DSpace jars and configuration, starts the ServiceManager, and then closes the context on exit. The repo contains an example of altering a DSpace object (renaming a collection). There are a lot of convenience methods that could be added to the block context, and I’ll try to add more sample scripts. Currently you kind of have to have some familiarity with Ruby to use this tool (but it wouldn’t be that difficult to add another abstraction layer on top of this). Jacob *From:* mdigg...@gmail.com [mailto:mdigg...@gmail.com mdigg...@gmail.com] *On Behalf Of *Mark Diggory *Sent:* Tuesday, November 11, 2014 3:32 PM *To:* Peter Dietz *Cc:* Brown, Jacob; Dspace Tech list *Subject:* Re: [Dspace-tech] DSpace authorization policies Jacob / Peter, I agree, this is most excellent. The added benefit of not manipulating the database directly is that the Event System is properly activated if you do manipulations, do you have an example that alters DSpace objects? Other thoughts, The ServiceManager could stand to be activated to assure it can be leveraged. Example code: https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/app/launcher/ScriptLauncher.java Cheers, Mark On Tue, Nov 11, 2014 at 12:14 PM, Peter Dietz pe...@longsight.com wrote: Jacob, That is REALLY cool! So, for quick one-off tasks, this jruby looks pretty handy. You have full access to the dspace-api, so you can access database, solr, dspace-objects, elasticsearch, everything I guess. And its really quick to get running. i.e. A development cycle (change code, re-run code) is just a few seconds, rather than 5+ minutes for a full DSpace rebuild. So for admin tasks, and especially reports, this is perfect. Thanks for sharing. Peter Dietz Longsight www.longsight.com pe...@longsight.com p: 740-599-5005 x809 On Tue, Nov 11, 2014 at 11:45 AM, Brown, Jacob j.h.br...@tcu.edu wrote: I’ve started using JRuby for administrative/backend stuff like this to work with the DSpace API, and I’ve found it to be very convenient and more flexible than using straight SQL for most things. Here is an example script for doing something along the lines you mention: https://gist.github.com/kardeiz/c8ab990614dbbcb31213. This certainly isn’t as fast/efficient as a SQL script, but I’ve found it’s really nice to have a DSpace scripting language. For this example, I “monkeypatched” the ResourcePolicy class since it doesn’t have a `findAll` method, but this usually isn’t necessary. This is just a first quick iteration—there are lots of things that could be improved in this script. Use at your own risk (though I don’t think there is anything breakable here). Jacob Brown Digital Services Librarian j.h.br...@tcu.edu 817-257-5339 *From:* Paul Go [mailto:p...@iit.edu] *Sent:* Monday, November 10, 2014 12:36 PM *To:* Peter Dietz *Cc:* Dspace Tech list; DSpace General Mailing List *Subject:* Re: [Dspace-tech] DSpace authorization policies Thank you, Peter. Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V
Re: [Dspace-tech] DSpace authorization policies
Dear All, Thank you so much for your valuable input! However, I would like to be able to do the same but using SQL queries. I don’t have access to run scripts on the server where Dspace is installed. Add to this, I don’t know how to write Ruby code. I need to make a batch change to the access policies of all items older than 50 years (having publication date older than year 1964). I want to make them public (ANONYMOUS). I tried to query the resourcepolicy table, but I didn’t know how can I set the right policy and how to link the item id with the resouce id. Your help is very much appreciated. Regards. From: Brown, Jacob [mailto:j.h.br...@tcu.edu] Sent: Wednesday, November 12, 2014 9:18 PM To: Mark Diggory; Peter Dietz Cc: Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies I put together (very quickly!) a tiny gem as a wrapper/DSL for creating admin scripts: https://github.com/kardeiz/dscriptor. It basically wraps a set of commands in a block which loads the DSpace jars and configuration, starts the ServiceManager, and then closes the context on exit. The repo contains an example of altering a DSpace object (renaming a collection). There are a lot of convenience methods that could be added to the block context, and I’ll try to add more sample scripts. Currently you kind of have to have some familiarity with Ruby to use this tool (but it wouldn’t be that difficult to add another abstraction layer on top of this). Jacob From: mdigg...@gmail.commailto:mdigg...@gmail.com [mailto:mdigg...@gmail.com] On Behalf Of Mark Diggory Sent: Tuesday, November 11, 2014 3:32 PM To: Peter Dietz Cc: Brown, Jacob; Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies Jacob / Peter, I agree, this is most excellent. The added benefit of not manipulating the database directly is that the Event System is properly activated if you do manipulations, do you have an example that alters DSpace objects? Other thoughts, The ServiceManager could stand to be activated to assure it can be leveraged. Example code: https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/app/launcher/ScriptLauncher.java Cheers, Mark On Tue, Nov 11, 2014 at 12:14 PM, Peter Dietz pe...@longsight.commailto:pe...@longsight.com wrote: Jacob, That is REALLY cool! So, for quick one-off tasks, this jruby looks pretty handy. You have full access to the dspace-api, so you can access database, solr, dspace-objects, elasticsearch, everything I guess. And its really quick to get running. i.e. A development cycle (change code, re-run code) is just a few seconds, rather than 5+ minutes for a full DSpace rebuild. So for admin tasks, and especially reports, this is perfect. Thanks for sharing. Peter Dietz Longsight www.longsight.comhttp://www.longsight.com pe...@longsight.commailto:pe...@longsight.com p: 740-599-5005 x809tel:740-599-5005%20x809 On Tue, Nov 11, 2014 at 11:45 AM, Brown, Jacob j.h.br...@tcu.edumailto:j.h.br...@tcu.edu wrote: I’ve started using JRuby for administrative/backend stuff like this to work with the DSpace API, and I’ve found it to be very convenient and more flexible than using straight SQL for most things. Here is an example script for doing something along the lines you mention: https://gist.github.com/kardeiz/c8ab990614dbbcb31213. This certainly isn’t as fast/efficient as a SQL script, but I’ve found it’s really nice to have a DSpace scripting language. For this example, I “monkeypatched” the ResourcePolicy class since it doesn’t have a `findAll` method, but this usually isn’t necessary. This is just a first quick iteration—there are lots of things that could be improved in this script. Use at your own risk (though I don’t think there is anything breakable here). Jacob Brown Digital Services Librarian j.h.br...@tcu.edumailto:j.h.br...@tcu.edu 817-257-5339tel:817-257-5339 From: Paul Go [mailto:p...@iit.edumailto:p...@iit.edu] Sent: Monday, November 10, 2014 12:36 PM To: Peter Dietz Cc: Dspace Tech list; DSpace General Mailing List Subject: Re: [Dspace-tech] DSpace authorization policies Thank you, Peter. Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997tel:312.567.7997 p...@iit.edumailto:p...@iit.edu Driving Innovation through Knowledge and Scholarship On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz pe...@longsight.commailto:pe...@longsight.com wrote: Hi Paul, There are a lot of relationships in the authorization policies, to handle all of that complexity, I think you could build some custom java code to walk through all of them, and join all of the resources, and all of the epersons and epersongroups. Here's an inaccurate query that would give you some of the information: SELECT * FROM public.handle, public.resourcepolicy, public.epersongroup WHERE
Re: [Dspace-tech] DSpace authorization policies
I put together (very quickly!) a tiny gem as a wrapper/DSL for creating admin scripts: https://github.com/kardeiz/dscriptor. It basically wraps a set of commands in a block which loads the DSpace jars and configuration, starts the ServiceManager, and then closes the context on exit. The repo contains an example of altering a DSpace object (renaming a collection). There are a lot of convenience methods that could be added to the block context, and I’ll try to add more sample scripts. Currently you kind of have to have some familiarity with Ruby to use this tool (but it wouldn’t be that difficult to add another abstraction layer on top of this). Jacob From: mdigg...@gmail.com [mailto:mdigg...@gmail.com] On Behalf Of Mark Diggory Sent: Tuesday, November 11, 2014 3:32 PM To: Peter Dietz Cc: Brown, Jacob; Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies Jacob / Peter, I agree, this is most excellent. The added benefit of not manipulating the database directly is that the Event System is properly activated if you do manipulations, do you have an example that alters DSpace objects? Other thoughts, The ServiceManager could stand to be activated to assure it can be leveraged. Example code: https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/app/launcher/ScriptLauncher.java Cheers, Mark On Tue, Nov 11, 2014 at 12:14 PM, Peter Dietz pe...@longsight.commailto:pe...@longsight.com wrote: Jacob, That is REALLY cool! So, for quick one-off tasks, this jruby looks pretty handy. You have full access to the dspace-api, so you can access database, solr, dspace-objects, elasticsearch, everything I guess. And its really quick to get running. i.e. A development cycle (change code, re-run code) is just a few seconds, rather than 5+ minutes for a full DSpace rebuild. So for admin tasks, and especially reports, this is perfect. Thanks for sharing. Peter Dietz Longsight www.longsight.comhttp://www.longsight.com pe...@longsight.commailto:pe...@longsight.com p: 740-599-5005 x809tel:740-599-5005%20x809 On Tue, Nov 11, 2014 at 11:45 AM, Brown, Jacob j.h.br...@tcu.edumailto:j.h.br...@tcu.edu wrote: I’ve started using JRuby for administrative/backend stuff like this to work with the DSpace API, and I’ve found it to be very convenient and more flexible than using straight SQL for most things. Here is an example script for doing something along the lines you mention: https://gist.github.com/kardeiz/c8ab990614dbbcb31213. This certainly isn’t as fast/efficient as a SQL script, but I’ve found it’s really nice to have a DSpace scripting language. For this example, I “monkeypatched” the ResourcePolicy class since it doesn’t have a `findAll` method, but this usually isn’t necessary. This is just a first quick iteration—there are lots of things that could be improved in this script. Use at your own risk (though I don’t think there is anything breakable here). Jacob Brown Digital Services Librarian j.h.br...@tcu.edumailto:j.h.br...@tcu.edu 817-257-5339tel:817-257-5339 From: Paul Go [mailto:p...@iit.edumailto:p...@iit.edu] Sent: Monday, November 10, 2014 12:36 PM To: Peter Dietz Cc: Dspace Tech list; DSpace General Mailing List Subject: Re: [Dspace-tech] DSpace authorization policies Thank you, Peter. Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997tel:312.567.7997 p...@iit.edumailto:p...@iit.edu Driving Innovation through Knowledge and Scholarship On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz pe...@longsight.commailto:pe...@longsight.com wrote: Hi Paul, There are a lot of relationships in the authorization policies, to handle all of that complexity, I think you could build some custom java code to walk through all of them, and join all of the resources, and all of the epersons and epersongroups. Here's an inaccurate query that would give you some of the information: SELECT * FROM public.handle, public.resourcepolicy, public.epersongroup WHERE resourcepolicy.resource_type_id = handle.resource_type_id AND resourcepolicy.resource_id = handle.resource_id AND resourcepolicy.epersongroup_id = epersongroup.eperson_group_id; This would show you what objects with handles (community, collection, item), have an authorization policy to an eperson-group. You would have to make other queries to find policies that map to an eperson (as opposed to eperson group). And also, this only connects to things with handles, which misses bundles and bitstreams. Since this is for an audit, your probably more concerned with finding users with irregular permissions, so maybe you could work backwords. Start with all the eperson, and see which one's are members of groups or resourcepolicy's. Because it's likely that you'll find that 99% of users have essentially nothing interesting in terms
Re: [Dspace-tech] DSpace authorization policies
Jacob, That is REALLY cool! So, for quick one-off tasks, this jruby looks pretty handy. You have full access to the dspace-api, so you can access database, solr, dspace-objects, elasticsearch, everything I guess. And its really quick to get running. i.e. A development cycle (change code, re-run code) is just a few seconds, rather than 5+ minutes for a full DSpace rebuild. So for admin tasks, and especially reports, this is perfect. Thanks for sharing. Peter Dietz Longsight www.longsight.com pe...@longsight.com p: 740-599-5005 x809 On Tue, Nov 11, 2014 at 11:45 AM, Brown, Jacob j.h.br...@tcu.edu wrote: I’ve started using JRuby for administrative/backend stuff like this to work with the DSpace API, and I’ve found it to be very convenient and more flexible than using straight SQL for most things. Here is an example script for doing something along the lines you mention: https://gist.github.com/kardeiz/c8ab990614dbbcb31213. This certainly isn’t as fast/efficient as a SQL script, but I’ve found it’s really nice to have a DSpace scripting language. For this example, I “monkeypatched” the ResourcePolicy class since it doesn’t have a `findAll` method, but this usually isn’t necessary. This is just a first quick iteration—there are lots of things that could be improved in this script. Use at your own risk (though I don’t think there is anything breakable here). Jacob Brown Digital Services Librarian j.h.br...@tcu.edu 817-257-5339 *From:* Paul Go [mailto:p...@iit.edu] *Sent:* Monday, November 10, 2014 12:36 PM *To:* Peter Dietz *Cc:* Dspace Tech list; DSpace General Mailing List *Subject:* Re: [Dspace-tech] DSpace authorization policies Thank you, Peter. Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997 p...@iit.edu *Driving Innovation through Knowledge and Scholarship* On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz pe...@longsight.com wrote: Hi Paul, There are a lot of relationships in the authorization policies, to handle all of that complexity, I think you could build some custom java code to walk through all of them, and join all of the resources, and all of the epersons and epersongroups. Here's an inaccurate query that would give you some of the information: SELECT * FROM public.handle, public.resourcepolicy, public.epersongroup WHERE resourcepolicy.resource_type_id = handle.resource_type_id AND resourcepolicy.resource_id = handle.resource_id AND resourcepolicy.epersongroup_id = epersongroup.eperson_group_id; This would show you what objects with handles (community, collection, item), have an authorization policy to an eperson-group. You would have to make other queries to find policies that map to an eperson (as opposed to eperson group). And also, this only connects to things with handles, which misses bundles and bitstreams. Since this is for an audit, your probably more concerned with finding users with irregular permissions, so maybe you could work backwords. Start with all the eperson, and see which one's are members of groups or resourcepolicy's. Because it's likely that you'll find that 99% of users have essentially nothing interesting in terms of policies/memberships, and then just investigate the dozen or so users with permissions. Good luck! If you end up creating any interesting java code (such as a query tool to look at all of this information), or just a series of SQL queries it might be helpful to share back your eventual findings. Peter Dietz Longsight www.longsight.com pe...@longsight.com p: 740-599-5005 x809 On Mon, Nov 10, 2014 at 12:44 PM, Paul Go p...@iit.edu wrote: Is there a way to export the entirety of the authorization policies so that we can audit them in bulk rather than one by one? Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997 p...@iit.edu *Driving Innovation through Knowledge and Scholarship* -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111iu=/4140
Re: [Dspace-tech] DSpace authorization policies
Hi, Jacob, I agree with Peter's enthusiasm, this is indeed really cool, and handy to have as an example. It would be nice to grow a collection of similar scripts, and share them around. Would you consider writing an article for the DSpace documentation wiki? I think you definitely have the makings for a presentation and/or workshop at a DSpace Users Group. [1] [1] http://www.or2015.net/ From: Peter Dietz [pe...@longsight.com] Sent: Tuesday, November 11, 2014 2:14 PM To: Brown, Jacob Cc: Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies Jacob, That is REALLY cool! So, for quick one-off tasks, this jruby looks pretty handy. You have full access to the dspace-api, so you can access database, solr, dspace-objects, elasticsearch, everything I guess. And its really quick to get running. i.e. A development cycle (change code, re-run code) is just a few seconds, rather than 5+ minutes for a full DSpace rebuild. So for admin tasks, and especially reports, this is perfect. Thanks for sharing. Peter Dietz Longsight www.longsight.comhttp://www.longsight.com pe...@longsight.commailto:pe...@longsight.com p: 740-599-5005 x809 On Tue, Nov 11, 2014 at 11:45 AM, Brown, Jacob j.h.br...@tcu.edumailto:j.h.br...@tcu.edu wrote: I’ve started using JRuby for administrative/backend stuff like this to work with the DSpace API, and I’ve found it to be very convenient and more flexible than using straight SQL for most things. Here is an example script for doing something along the lines you mention: https://gist.github.com/kardeiz/c8ab990614dbbcb31213. This certainly isn’t as fast/efficient as a SQL script, but I’ve found it’s really nice to have a DSpace scripting language. For this example, I “monkeypatched” the ResourcePolicy class since it doesn’t have a `findAll` method, but this usually isn’t necessary. This is just a first quick iteration—there are lots of things that could be improved in this script. Use at your own risk (though I don’t think there is anything breakable here). Jacob Brown Digital Services Librarian j.h.br...@tcu.edumailto:j.h.br...@tcu.edu 817-257-5339tel:817-257-5339 From: Paul Go [mailto:p...@iit.edumailto:p...@iit.edu] Sent: Monday, November 10, 2014 12:36 PM To: Peter Dietz Cc: Dspace Tech list; DSpace General Mailing List Subject: Re: [Dspace-tech] DSpace authorization policies Thank you, Peter. Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997tel:312.567.7997 p...@iit.edumailto:p...@iit.edu Driving Innovation through Knowledge and Scholarship On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz pe...@longsight.commailto:pe...@longsight.com wrote: Hi Paul, There are a lot of relationships in the authorization policies, to handle all of that complexity, I think you could build some custom java code to walk through all of them, and join all of the resources, and all of the epersons and epersongroups. Here's an inaccurate query that would give you some of the information: SELECT * FROM public.handle, public.resourcepolicy, public.epersongroup WHERE resourcepolicy.resource_type_id = handle.resource_type_id AND resourcepolicy.resource_id = handle.resource_id AND resourcepolicy.epersongroup_id = epersongroup.eperson_group_id; This would show you what objects with handles (community, collection, item), have an authorization policy to an eperson-group. You would have to make other queries to find policies that map to an eperson (as opposed to eperson group). And also, this only connects to things with handles, which misses bundles and bitstreams. Since this is for an audit, your probably more concerned with finding users with irregular permissions, so maybe you could work backwords. Start with all the eperson, and see which one's are members of groups or resourcepolicy's. Because it's likely that you'll find that 99% of users have essentially nothing interesting in terms of policies/memberships, and then just investigate the dozen or so users with permissions. Good luck! If you end up creating any interesting java code (such as a query tool to look at all of this information), or just a series of SQL queries it might be helpful to share back your eventual findings. Peter Dietz Longsight www.longsight.comhttp://www.longsight.com pe...@longsight.commailto:pe...@longsight.com p: 740-599-5005 x809tel:740-599-5005%20x809 On Mon, Nov 10, 2014 at 12:44 PM, Paul Go p...@iit.edumailto:p...@iit.edu wrote: Is there a way to export the entirety of the authorization policies so that we can audit them in bulk rather than one by one? Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997tel:312.567.7997 p
Re: [Dspace-tech] DSpace authorization policies
Fantastic! Will investigate Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997 p...@iit.edu *Driving Innovation through Knowledge and Scholarship* On Tue, Nov 11, 2014 at 10:45 AM, Brown, Jacob j.h.br...@tcu.edu wrote: I’ve started using JRuby for administrative/backend stuff like this to work with the DSpace API, and I’ve found it to be very convenient and more flexible than using straight SQL for most things. Here is an example script for doing something along the lines you mention: https://gist.github.com/kardeiz/c8ab990614dbbcb31213. This certainly isn’t as fast/efficient as a SQL script, but I’ve found it’s really nice to have a DSpace scripting language. For this example, I “monkeypatched” the ResourcePolicy class since it doesn’t have a `findAll` method, but this usually isn’t necessary. This is just a first quick iteration—there are lots of things that could be improved in this script. Use at your own risk (though I don’t think there is anything breakable here). Jacob Brown Digital Services Librarian j.h.br...@tcu.edu 817-257-5339 *From:* Paul Go [mailto:p...@iit.edu] *Sent:* Monday, November 10, 2014 12:36 PM *To:* Peter Dietz *Cc:* Dspace Tech list; DSpace General Mailing List *Subject:* Re: [Dspace-tech] DSpace authorization policies Thank you, Peter. Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997 p...@iit.edu *Driving Innovation through Knowledge and Scholarship* On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz pe...@longsight.com wrote: Hi Paul, There are a lot of relationships in the authorization policies, to handle all of that complexity, I think you could build some custom java code to walk through all of them, and join all of the resources, and all of the epersons and epersongroups. Here's an inaccurate query that would give you some of the information: SELECT * FROM public.handle, public.resourcepolicy, public.epersongroup WHERE resourcepolicy.resource_type_id = handle.resource_type_id AND resourcepolicy.resource_id = handle.resource_id AND resourcepolicy.epersongroup_id = epersongroup.eperson_group_id; This would show you what objects with handles (community, collection, item), have an authorization policy to an eperson-group. You would have to make other queries to find policies that map to an eperson (as opposed to eperson group). And also, this only connects to things with handles, which misses bundles and bitstreams. Since this is for an audit, your probably more concerned with finding users with irregular permissions, so maybe you could work backwords. Start with all the eperson, and see which one's are members of groups or resourcepolicy's. Because it's likely that you'll find that 99% of users have essentially nothing interesting in terms of policies/memberships, and then just investigate the dozen or so users with permissions. Good luck! If you end up creating any interesting java code (such as a query tool to look at all of this information), or just a series of SQL queries it might be helpful to share back your eventual findings. Peter Dietz Longsight www.longsight.com pe...@longsight.com p: 740-599-5005 x809 On Mon, Nov 10, 2014 at 12:44 PM, Paul Go p...@iit.edu wrote: Is there a way to export the entirety of the authorization policies so that we can audit them in bulk rather than one by one? Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997 p...@iit.edu *Driving Innovation through Knowledge and Scholarship* -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] DSpace authorization policies
Hi Hardy and Peter, Thanks for the enthusiasm! I've been using similar scripts for reports and other things like managing files (moving bitstreams conditionally to other bundles, adding embargo dates in bulk, etc.), where there isn't currently a lot of tooling in place. I've thought about packaging the functionality as a library/gem, but couldn't decide what it should look like (provide a DSL? read instructions from a spreadsheet?), and then got distracted by other things... I'll revisit this. I'll contact you later off-list for guidance on writing an article for the wiki. Jacob From: Pottinger, Hardy J. [mailto:pottinge...@missouri.edu] Sent: Tuesday, November 11, 2014 2:39 PM To: Peter Dietz; Brown, Jacob Cc: Dspace Tech list Subject: RE: [Dspace-tech] DSpace authorization policies Hi, Jacob, I agree with Peter's enthusiasm, this is indeed really cool, and handy to have as an example. It would be nice to grow a collection of similar scripts, and share them around. Would you consider writing an article for the DSpace documentation wiki? I think you definitely have the makings for a presentation and/or workshop at a DSpace Users Group. [1] [1] http://www.or2015.net/ From: Peter Dietz [pe...@longsight.com] Sent: Tuesday, November 11, 2014 2:14 PM To: Brown, Jacob Cc: Dspace Tech list Subject: Re: [Dspace-tech] DSpace authorization policies Jacob, That is REALLY cool! So, for quick one-off tasks, this jruby looks pretty handy. You have full access to the dspace-api, so you can access database, solr, dspace-objects, elasticsearch, everything I guess. And its really quick to get running. i.e. A development cycle (change code, re-run code) is just a few seconds, rather than 5+ minutes for a full DSpace rebuild. So for admin tasks, and especially reports, this is perfect. Thanks for sharing. Peter Dietz Longsight www.longsight.comhttp://www.longsight.com pe...@longsight.commailto:pe...@longsight.com p: 740-599-5005 x809 On Tue, Nov 11, 2014 at 11:45 AM, Brown, Jacob j.h.br...@tcu.edumailto:j.h.br...@tcu.edu wrote: I've started using JRuby for administrative/backend stuff like this to work with the DSpace API, and I've found it to be very convenient and more flexible than using straight SQL for most things. Here is an example script for doing something along the lines you mention: https://gist.github.com/kardeiz/c8ab990614dbbcb31213. This certainly isn't as fast/efficient as a SQL script, but I've found it's really nice to have a DSpace scripting language. For this example, I monkeypatched the ResourcePolicy class since it doesn't have a `findAll` method, but this usually isn't necessary. This is just a first quick iteration-there are lots of things that could be improved in this script. Use at your own risk (though I don't think there is anything breakable here). Jacob Brown Digital Services Librarian j.h.br...@tcu.edumailto:j.h.br...@tcu.edu 817-257-5339tel:817-257-5339 From: Paul Go [mailto:p...@iit.edumailto:p...@iit.edu] Sent: Monday, November 10, 2014 12:36 PM To: Peter Dietz Cc: Dspace Tech list; DSpace General Mailing List Subject: Re: [Dspace-tech] DSpace authorization policies Thank you, Peter. Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997tel:312.567.7997 p...@iit.edumailto:p...@iit.edu Driving Innovation through Knowledge and Scholarship On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz pe...@longsight.commailto:pe...@longsight.com wrote: Hi Paul, There are a lot of relationships in the authorization policies, to handle all of that complexity, I think you could build some custom java code to walk through all of them, and join all of the resources, and all of the epersons and epersongroups. Here's an inaccurate query that would give you some of the information: SELECT * FROM public.handle, public.resourcepolicy, public.epersongroup WHERE resourcepolicy.resource_type_id = handle.resource_type_id AND resourcepolicy.resource_id = handle.resource_id AND resourcepolicy.epersongroup_id = epersongroup.eperson_group_id; This would show you what objects with handles (community, collection, item), have an authorization policy to an eperson-group. You would have to make other queries to find policies that map to an eperson (as opposed to eperson group). And also, this only connects to things with handles, which misses bundles and bitstreams. Since this is for an audit, your probably more concerned with finding users with irregular permissions, so maybe you could work backwords. Start with all the eperson, and see which one's are members of groups or resourcepolicy's. Because it's likely that you'll find that 99% of users have essentially nothing interesting in terms of policies/memberships, and then just investigate the dozen or so users with permissions
Re: [Dspace-tech] DSpace authorization policies
Jacob / Peter, I agree, this is most excellent. The added benefit of not manipulating the database directly is that the Event System is properly activated if you do manipulations, do you have an example that alters DSpace objects? Other thoughts, The ServiceManager could stand to be activated to assure it can be leveraged. Example code: https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/app/launcher/ScriptLauncher.java Cheers, Mark On Tue, Nov 11, 2014 at 12:14 PM, Peter Dietz pe...@longsight.com wrote: Jacob, That is REALLY cool! So, for quick one-off tasks, this jruby looks pretty handy. You have full access to the dspace-api, so you can access database, solr, dspace-objects, elasticsearch, everything I guess. And its really quick to get running. i.e. A development cycle (change code, re-run code) is just a few seconds, rather than 5+ minutes for a full DSpace rebuild. So for admin tasks, and especially reports, this is perfect. Thanks for sharing. Peter Dietz Longsight www.longsight.com pe...@longsight.com p: 740-599-5005 x809 On Tue, Nov 11, 2014 at 11:45 AM, Brown, Jacob j.h.br...@tcu.edu wrote: I’ve started using JRuby for administrative/backend stuff like this to work with the DSpace API, and I’ve found it to be very convenient and more flexible than using straight SQL for most things. Here is an example script for doing something along the lines you mention: https://gist.github.com/kardeiz/c8ab990614dbbcb31213. This certainly isn’t as fast/efficient as a SQL script, but I’ve found it’s really nice to have a DSpace scripting language. For this example, I “monkeypatched” the ResourcePolicy class since it doesn’t have a `findAll` method, but this usually isn’t necessary. This is just a first quick iteration—there are lots of things that could be improved in this script. Use at your own risk (though I don’t think there is anything breakable here). Jacob Brown Digital Services Librarian j.h.br...@tcu.edu 817-257-5339 *From:* Paul Go [mailto:p...@iit.edu] *Sent:* Monday, November 10, 2014 12:36 PM *To:* Peter Dietz *Cc:* Dspace Tech list; DSpace General Mailing List *Subject:* Re: [Dspace-tech] DSpace authorization policies Thank you, Peter. Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997 p...@iit.edu *Driving Innovation through Knowledge and Scholarship* On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz pe...@longsight.com wrote: Hi Paul, There are a lot of relationships in the authorization policies, to handle all of that complexity, I think you could build some custom java code to walk through all of them, and join all of the resources, and all of the epersons and epersongroups. Here's an inaccurate query that would give you some of the information: SELECT * FROM public.handle, public.resourcepolicy, public.epersongroup WHERE resourcepolicy.resource_type_id = handle.resource_type_id AND resourcepolicy.resource_id = handle.resource_id AND resourcepolicy.epersongroup_id = epersongroup.eperson_group_id; This would show you what objects with handles (community, collection, item), have an authorization policy to an eperson-group. You would have to make other queries to find policies that map to an eperson (as opposed to eperson group). And also, this only connects to things with handles, which misses bundles and bitstreams. Since this is for an audit, your probably more concerned with finding users with irregular permissions, so maybe you could work backwords. Start with all the eperson, and see which one's are members of groups or resourcepolicy's. Because it's likely that you'll find that 99% of users have essentially nothing interesting in terms of policies/memberships, and then just investigate the dozen or so users with permissions. Good luck! If you end up creating any interesting java code (such as a query tool to look at all of this information), or just a series of SQL queries it might be helpful to share back your eventual findings. Peter Dietz Longsight www.longsight.com pe...@longsight.com p: 740-599-5005 x809 On Mon, Nov 10, 2014 at 12:44 PM, Paul Go p...@iit.edu wrote: Is there a way to export the entirety of the authorization policies so that we can audit them in bulk rather than one by one? Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997 p...@iit.edu *Driving Innovation through Knowledge and Scholarship* -- ___ DSpace-tech mailing list
[Dspace-tech] DSpace authorization policies
Is there a way to export the entirety of the authorization policies so that we can audit them in bulk rather than one by one? Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997 p...@iit.edu *Driving Innovation through Knowledge and Scholarship* -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] DSpace authorization policies
Hi Paul, There are a lot of relationships in the authorization policies, to handle all of that complexity, I think you could build some custom java code to walk through all of them, and join all of the resources, and all of the epersons and epersongroups. Here's an inaccurate query that would give you some of the information: SELECT * FROM public.handle, public.resourcepolicy, public.epersongroup WHERE resourcepolicy.resource_type_id = handle.resource_type_id AND resourcepolicy.resource_id = handle.resource_id AND resourcepolicy.epersongroup_id = epersongroup.eperson_group_id; This would show you what objects with handles (community, collection, item), have an authorization policy to an eperson-group. You would have to make other queries to find policies that map to an eperson (as opposed to eperson group). And also, this only connects to things with handles, which misses bundles and bitstreams. Since this is for an audit, your probably more concerned with finding users with irregular permissions, so maybe you could work backwords. Start with all the eperson, and see which one's are members of groups or resourcepolicy's. Because it's likely that you'll find that 99% of users have essentially nothing interesting in terms of policies/memberships, and then just investigate the dozen or so users with permissions. Good luck! If you end up creating any interesting java code (such as a query tool to look at all of this information), or just a series of SQL queries it might be helpful to share back your eventual findings. Peter Dietz Longsight www.longsight.com pe...@longsight.com p: 740-599-5005 x809 On Mon, Nov 10, 2014 at 12:44 PM, Paul Go p...@iit.edu wrote: Is there a way to export the entirety of the authorization policies so that we can audit them in bulk rather than one by one? Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997 p...@iit.edu *Driving Innovation through Knowledge and Scholarship* -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] DSpace authorization policies
Thank you, Peter. Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997 p...@iit.edu *Driving Innovation through Knowledge and Scholarship* On Mon, Nov 10, 2014 at 12:30 PM, Peter Dietz pe...@longsight.com wrote: Hi Paul, There are a lot of relationships in the authorization policies, to handle all of that complexity, I think you could build some custom java code to walk through all of them, and join all of the resources, and all of the epersons and epersongroups. Here's an inaccurate query that would give you some of the information: SELECT * FROM public.handle, public.resourcepolicy, public.epersongroup WHERE resourcepolicy.resource_type_id = handle.resource_type_id AND resourcepolicy.resource_id = handle.resource_id AND resourcepolicy.epersongroup_id = epersongroup.eperson_group_id; This would show you what objects with handles (community, collection, item), have an authorization policy to an eperson-group. You would have to make other queries to find policies that map to an eperson (as opposed to eperson group). And also, this only connects to things with handles, which misses bundles and bitstreams. Since this is for an audit, your probably more concerned with finding users with irregular permissions, so maybe you could work backwords. Start with all the eperson, and see which one's are members of groups or resourcepolicy's. Because it's likely that you'll find that 99% of users have essentially nothing interesting in terms of policies/memberships, and then just investigate the dozen or so users with permissions. Good luck! If you end up creating any interesting java code (such as a query tool to look at all of this information), or just a series of SQL queries it might be helpful to share back your eventual findings. Peter Dietz Longsight www.longsight.com pe...@longsight.com p: 740-599-5005 x809 On Mon, Nov 10, 2014 at 12:44 PM, Paul Go p...@iit.edu wrote: Is there a way to export the entirety of the authorization policies so that we can audit them in bulk rather than one by one? Paul Go Systems Librarian / Library Technology Manager / CS and ITM Liaison Paul V. Galvin Library Illinois Institute of Technology 35 West 33rd Street Chicago, IL 60616 312.567.7997 p...@iit.edu *Driving Innovation through Knowledge and Scholarship* -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] dspace authorization
Hi, My user of dspace by mistake has received a task to process, I'd want to delegate it to another user. Please could you help how to do that? I use dspace 1.5.2 Thanks in advance -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] dspace authorization
2012/10/9 Sean Carte sean.ca...@gmail.com: On 9 October 2012 14:39, Sergio Belkin seb...@gmail.com wrote: My user of dspace by mistake has received a task to process, I'd want to delegate it to another user. Please could you help how to do that? I use dspace 1.5.2 Return the task to the pool, then the other user can take it. Sean -- Sean Carte DUT E-Repository Administrator +27 72 898 8775 +27 31 373 5761 fax: +27 86 674 1254 http://ir.dut.ac.za But I have only 2 options: take submit or leave submit if I choose the last one, the task still appears on my pool, am I doing something wrong? TIA -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] dspace authorization
On 9 October 2012 14:56, Sergio Belkin seb...@gmail.com wrote: On 9 October 2012 14:39, Sergio Belkin seb...@gmail.com wrote: My user of dspace by mistake has received a task to process, I'd want to delegate it to another user. Please could you help how to do that? I use dspace 1.5.2 Return the task to the pool, then the other user can take it. Sean But I have only 2 options: take submit or leave submit if I choose the last one, the task still appears on my pool, am I doing something wrong? Sorry, I assumed that 1.5.2 would have similar options to 1.8. Hopefully someone more familiar with 1.5.2 will be able to give you advice. Sean -- Sean Carte DUT E-Repository Administrator +27 72 898 8775 +27 31 373 5761 fax: +27 86 674 1254 http://ir.dut.ac.za -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] dspace authorization
2012/10/9 Sean Carte sean.ca...@gmail.com: On 9 October 2012 14:56, Sergio Belkin seb...@gmail.com wrote: On 9 October 2012 14:39, Sergio Belkin seb...@gmail.com wrote: My user of dspace by mistake has received a task to process, I'd want to delegate it to another user. Please could you help how to do that? I use dspace 1.5.2 Return the task to the pool, then the other user can take it. Sean But I have only 2 options: take submit or leave submit if I choose the last one, the task still appears on my pool, am I doing something wrong? Sorry, I assumed that 1.5.2 would have similar options to 1.8. Hopefully someone more familiar with 1.5.2 will be able to give you advice. Sean -- Sean Carte DUT E-Repository Administrator +27 72 898 8775 +27 31 373 5761 fax: +27 86 674 1254 http://ir.dut.ac.za I've found it ! Accepting the submit, then I have the option to return the task to the pool :) -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] dspace authorization
Hello Sergio, if the other user is already belonging to the group assigned responsible for the workflow step, he can take the task from the task pool. It might be necessary for the wrong user to return the task to the pool, if already choosen. If not, it will not work adding the other user to the group. In that case you can achieve this only afaik on the database level. The usual warning backup db, be sure what you are doing. The command would be update tasklistitem set eperson_id=[the eperson_id of the owner you want the item to be delegated to] where tasklist_id=[id of the tasklistitem]; Hope this helps Claudia Jürgen Am 09.10.2012 14:39, schrieb Sergio Belkin: Hi, My user of dspace by mistake has received a task to process, I'd want to delegate it to another user. Please could you help how to do that? I use dspace 1.5.2 Thanks in advance -- Claudia Juergen Universitaetsbibliothek Dortmund Eldorado 0231/755-4043 https://eldorado.tu-dortmund.de/ -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech