Difference between revisions of "Edit permissions"
Jump to navigation
Jump to search
Line 5: | Line 5: | ||
'''Scenario: In a multi-repository system, add a user who can create, update and publish archival descriptions belonging to one institution only.''' | '''Scenario: In a multi-repository system, add a user who can create, update and publish archival descriptions belonging to one institution only.''' | ||
− | # [[Image:0_show_screen.png|500px|right|thumb|Fig.1. Default permissions for Contributor group in show screen]]In the main menu bar, go to admin > groups > contributor. Click on Archival description permissions. Your screen will show the default "grant" permissions for the Contributor group - i.e. it shows you everything the user is permitted to do (see fig.1) | + | # [[Image:0_show_screen.png|500px|right|thumb|Fig.1. Default permissions for Contributor group in show screen]]In the main menu bar, go to admin > groups > contributor. Click on Archival description permissions. Your screen will show the default "grant" permissions for the Contributor group - i.e. it shows you everything the user is permitted to do (see fig.1). |
+ | #* Note that the Contributor group inherits some of its settings from its parent group, Authenticated. | ||
# [[Image:1_default.png|500px|right|thumb|Fig.2. Default permissions for Contributor group in edit screen]]Click Edit. In the edit screen, you will get a better sense of the group's permission settings (see fig.2) . The Contributor has the following permissions: | # [[Image:1_default.png|500px|right|thumb|Fig.2. Default permissions for Contributor group in edit screen]]Click Edit. In the edit screen, you will get a better sense of the group's permission settings (see fig.2) . The Contributor has the following permissions: | ||
#* Read: Grant (inherited from Authenticated group) | #* Read: Grant (inherited from Authenticated group) | ||
Line 14: | Line 15: | ||
#* Publish: Deny (inherited from Authenticated group) | #* Publish: Deny (inherited from Authenticated group) | ||
#* Access master digital object: Grant | #* Access master digital object: Grant | ||
− | #* Access reference digital object: Grant (inherited from Authenticated group)In other words, anyone belonging to the Contributor group automatically has the ability to read, create and update descriptions, view draft descriptions and access digital objects. However, s/he cannot delete or publish descriptions. In our scenario, we would like to create users who can create and update descriptions belonging only to a particular institution and who in addition can delete and publish archival descriptions from that institution. | + | #* Access reference digital object: Grant (inherited from Authenticated group). In other words, anyone belonging to the Contributor group automatically has the ability to read, create and update descriptions, view draft descriptions and access digital objects. However, s/he cannot delete or publish descriptions. In our scenario, we would like to create users who can create and update descriptions belonging only to a particular institution and who in addition can delete and publish archival descriptions from that institution. |
# [[Image:2_edit_group.png|500px|right|thumb|Fig.3. Modified permissions for Contributor group in edit screen]]In order to restrict permissions to descriptions of a particular institution, we need to first deny the permissions across the board, and then add them back for the specified institution. We will do the blanket denial in the Contributor group edit screen, and later add a user with permissions granted for a particular institution. To deny the permissions in the Contributor group, open the edit screen and select Deny for the Create and Update permissions (See fig.3). | # [[Image:2_edit_group.png|500px|right|thumb|Fig.3. Modified permissions for Contributor group in edit screen]]In order to restrict permissions to descriptions of a particular institution, we need to first deny the permissions across the board, and then add them back for the specified institution. We will do the blanket denial in the Contributor group edit screen, and later add a user with permissions granted for a particular institution. To deny the permissions in the Contributor group, open the edit screen and select Deny for the Create and Update permissions (See fig.3). | ||
# [[Image:3_show_screen.png|500px|right|thumb|Fig.4. Modified permissions for Contributor group in show screen]]Save the group. Your show screen should like the screen in fig.4. | # [[Image:3_show_screen.png|500px|right|thumb|Fig.4. Modified permissions for Contributor group in show screen]]Save the group. Your show screen should like the screen in fig.4. |
Revision as of 10:56, 6 April 2010
Please note that ICA-AtoM is no longer actively supported by Artefactual Systems.
Visit https://www.accesstomemory.org for information about AtoM, the currently supported version.
Main Page > User manual > UM-7 Administer ICA-AtoM > UM-7.2 1.0.9 Edit user permissions in ICA-AtoM 1.0.9
When refining user permissions, it is often useful to start with the group to which the user belongs. You can refine permissions for the group, then add users to the group, all of whom will inherit the modified permissions.
Scenario: In a multi-repository system, add a user who can create, update and publish archival descriptions belonging to one institution only.
- In the main menu bar, go to admin > groups > contributor. Click on Archival description permissions. Your screen will show the default "grant" permissions for the Contributor group - i.e. it shows you everything the user is permitted to do (see fig.1).
- Note that the Contributor group inherits some of its settings from its parent group, Authenticated.
- Click Edit. In the edit screen, you will get a better sense of the group's permission settings (see fig.2) . The Contributor has the following permissions:
- Read: Grant (inherited from Authenticated group)
- Create: Grant
- Update: Grant
- Delete: Deny (inherited from Authenticated group)
- View draft (Grant)
- Publish: Deny (inherited from Authenticated group)
- Access master digital object: Grant
- Access reference digital object: Grant (inherited from Authenticated group). In other words, anyone belonging to the Contributor group automatically has the ability to read, create and update descriptions, view draft descriptions and access digital objects. However, s/he cannot delete or publish descriptions. In our scenario, we would like to create users who can create and update descriptions belonging only to a particular institution and who in addition can delete and publish archival descriptions from that institution.
- In order to restrict permissions to descriptions of a particular institution, we need to first deny the permissions across the board, and then add them back for the specified institution. We will do the blanket denial in the Contributor group edit screen, and later add a user with permissions granted for a particular institution. To deny the permissions in the Contributor group, open the edit screen and select Deny for the Create and Update permissions (See fig.3).
- Save the group. Your show screen should like the screen in fig.4.
- Go to admin > users and add a new user as in fig. 5. Be sure too add the user to the Contributor group.
- Click on Archival description permissions. You will see the permissions that are specified in the Contributor group, as in Fig.6.
- Open the edit screen and click on the blue ""Permissions by archival institution" link and then the "Add archival institution" link. Select the archival institution as in fig.7.
- You will now be able to add permissions specific to descriptions belonging to this archival institution. For Create, Update and Publish, select Grant as in fig.8.
- Save the record. The screen should show the modified permissions as in fig.9. To test your permissions, try logging out and logging back in as the user you created. You should be able to create, edit and publish descriptions belonging to the specified institution only, and you should not be able to delete any descriptions.