Hi Keir: That's exactly it. New policies don't extend to previously created items, bundles, and bitstreams. If you look in the docs, there is a mention that permissions don't "commute".
The Advanced Policy manager is what you need. Really, it's not a "manager" per se. It's just a tool that clears policies and adds policies in a batch job. "READ" is the default for the dropdown menu, so it will always say "READ". It's a limited tool, but it's nicer than trying to work out all the SQL yourself. I can assure you that it does work, at least in Dspace 4.2. I was just using it yesterday to update permissions/authorizations for past bitstreams. The technique is just to create the group you want, add the e-people to it, choose "item" (or "bitstream"), choose the collection, and then choose the authorization you want to add. You'll need to do this multiple times if you want to apply multiple "actions" (eg read, write, add, etc). What problem are you encountering? I was stumped yesterday when I couldn't update item metadata in the JSPUI, but I figured it out eventually. While I had authorization for the item, I didn't have authorization for the bitstream. The current JSPUI has a peculiarity (I would call it a bug) where it updates item metadata and bitstream metadata at the same time. If you want to get around that, fix your authorizations or use the XMLUI (which separates out the item and bitstream metadata update pages). By the way, Keir, I actually work just down the street from you. If you ever want to chat Dspace, I'm happy to meet up or you can give me a call at 02 9212 0899. I am literally just a walk away ;). David Cook Systems Librarian Prosentient Systems 72/330 Wattle St, Ultimo, NSW 2007 > -----Original Message----- > From: Keir Vaughan-Taylor [mailto:[email protected]] > Sent: Tuesday, 9 September 2014 9:00 AM > To: [email protected] > Subject: [Dspace-tech] Authorizations > > Using DSpace 4.1 > I want to create a new group and then define access policies where say all > the items in a collection are viewable and by users in that group. > > Using the AccessControl->Authorization menu then manage community and > manage collection policies I have tried adding Read, default_item_read and > also default bitstream_read but users in that new group cannot view items > already in the collection. > > I can give access to users in the new group by placing the group in a > previously existing group that has access to all the items and then they get > access. The trouble is that previous give has attributes that I don't want > extended to this new group. > > Its as though new policies won't extend to previously created objects. > Is there perhaps a way of forcing this through with SQL? > > I tried the Advanced Policy manager only the utility seems to allow one policy > for any particular group. The Advance Policy Manager initially appears with > the action READ and even if the policy is changed the next time it still appears > with READ as the default action and no indication of what a group might > previously have been set to. Doesn't sem to work anyway. > > My basic need is to create a group and give access to all items in a collection > to persons in that group. Is there a technique to get this working? > > > > -- > Keir Vaughan-Taylor > ERA DSpace Administrator > Rm:123 Fisher Library University of Sydney [email protected] > ph:+61 2 9351 7408 > mb:+61 434 606 885 > > > ---------------------------------------------------------------------------- -- > Want excitement? > Manually upgrade your production database. > When you want reliability, choose Perforce > Perforce version control. Predictably reliable. > http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.cl > ktrk > _______________________________________________ > DSpace-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-tech > List Etiquette: > https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
