Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Case: Access Control in Islandora #1920

Open
kstapelfeldt opened this issue Oct 19, 2021 · 3 comments
Open

Use Case: Access Control in Islandora #1920

kstapelfeldt opened this issue Oct 19, 2021 · 3 comments
Labels
Subject: Institutional Repository IRIG Type: Meta-issue Identifies multiple related tickets for ease Type: use case proposes a new feature or function for the software using user-first language.

Comments

@kstapelfeldt
Copy link
Member

kstapelfeldt commented Oct 19, 2021
edited
Loading

Title (Goal) Granular Access Control
Primary Actor Collections Manager
Scope The scope of the project. Example: architecture, access
Story As a site administrator/collection manager I wish to map Islandora-specific and Drupal content permissions at the media, metadata, individual node, node type, and collection level so that I can granularly restrict content (for example, video files in a node are available, but the consent forms of subjects of a video are unavailable to those without a given role).

I wish to have these permissions respected to the file level (so that people cannot access direct URLs) and I wish to have these permissions respected in all searches.

I also seek mechanisms to assign these permissions in a time-based way that will automatically expire and/or be based on IP addresses (embargo).

I also seek the ability to apply and modify these permissions by default to objects in a given collection or throughout my repository. This will give me the level of control I require over access to objects in my repository.|
@kstapelfeldt kstapelfeldt added Type: use case proposes a new feature or function for the software using user-first language. Type: Meta-issue Identifies multiple related tickets for ease labels Oct 19, 2021
@kstapelfeldt kstapelfeldt changed the title Access Control Meta-Issue Use Case: Access Control in Islandora Oct 19, 2021
@kstapelfeldt
Copy link
Member Author

See also:

#273
#385
#412
#413
#414
#606
#825

@amyrb
Copy link
Contributor

amyrb commented Nov 16, 2021

Is there a use case for connecting to/enabling Fedora permissions? Since the Fedora layer is no longer required, this clearly wouldn't be a default, but would it potentially be a good option for users who keep the Fedora layer?

@DonRichards
Copy link
Member

@amyrb It's been discussed that "Permissions by Terms" has scaling issues and "Groups" has an "all or nothing problem" meaning embargoes aren't practical due to the nature of how "Groups" takes over.

So it would be a solid +1 for Fedora if WebAC was used as the ACL method, assuming it blocks access at the fs level and checking the permissions is possible.

What I think would be needed to integrate Fedora's WebAC access control

  • WebAC admin config page for global settings
  • The integration with Solr to check user permission access
  • The integration for Islandora to check user permission access
  • Allow for explicit and/or inherited permissions from collection/parent
    • Settings to modify WebAC permissions at the collection, parent, and object level.
  • 🤯 Bonus would be a timer to set restricted permissions until a specified Level 0 EDTF date ([dateI][“T”][time][“Z”]). Basically making embargoes possible.

Just a thought 🤷

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Subject: Institutional Repository IRIG Type: Meta-issue Identifies multiple related tickets for ease Type: use case proposes a new feature or function for the software using user-first language.
Projects
Islandora Issues Queue
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kstapelfeldt @DonRichards @amyrb