4.3. Advanced right management

4.3.1. Introduction

In the dLibra library access restrictions are applied on three different levels: library level, directory level and publication level. The library-level access restrictions concern attribute scheme management, library users and groups management. The directory-level restrictions can be applied to every single directory in the library content tree and regard content visibility, permission to read and edit the content of the directory. Finally, the publication-level access management applies to a single publication and regards publication viewing and reading. The three groups of access permissions will be discussed in detail further in this section.

Regardless of the access level, rights are granted on a user or group basis. A user has the rights he was directly granted, but also the rights inherited from all groups he is a member of. Thus, a change made to access permissions of a group will affect every user belonging to the group.

4.3.2. Library-level permissions

In dLibra there are five library-level (administrative) permissions:

  • account management - allows to create, remove and alter user accounts
  • group management - allows to create, remove and alter user groups
  • attributes management - allows to create, remove and alter attributes
  • attribute values management - allows to manage the synonyms dictionary
  • languages management - allows to manage sets of metadata and interface languages
  • tags management - allows to manage all tags in administrator application
  • collections management - allows to create, remove and alter collections
  • web application management - allows to login to administrative panel of web application and use available functions

The administrative rights of a user can be changed in the User Properties panel, Administrative rights tab ( Figure 4.27, “User administrative rights tab”). The administrative rights of a group can be changed in the Group Properties panel, Administrative rights tab.

Figure 4.27. User administrative rights tab

User administrative rights tab

4.3.3. Directory-level permissions

In dLibra, access to the library directories is controlled separately for every single directory and every single library user. This means that both for the same directory different users can have different permissions, and one user can have different levels of access to different directories. There are four different ways in which a user can have directory permission:

  • directly granted

  • implied by another right that is directly granted (e.g. the directory listing right is implied by the directory content reading right)

  • inherited from one of the parent directories for which the permission is directly granted or implied

  • inherited from a group the user is a member of

In dLibra there are seven directory-level permissions:

  • Access - makes the directory visible in a user's view of the library tree. Not inherited from the parent directories.

  • List - enables a user to view the content of the directory (i.e. publications and subdirectories) and view the published editions of publications placed in the directory. Inherited from the parent directories. Implies the Access permission.

  • Read - enables a user to view all editions (whether published or not) of all publications contained in the directory. Inherited from the parent directories. Implies the Access and List permissions.

  • Structure edit - enables a user to edit the structure of the directory, i.e. to create, move and remove subdirectories. Inherited from the parent directories. Implies the Access, List and Read permissions.

  • Publication create - enables a user to create new publications in the directory. Inherited from the parent directories. Implies the Access and List permissions.

  • Publication management - enables a user to remove publications from the directory. Inherited from the parent directories. Implies the Access, List, Read and Publication create permissions in the current directory and Publication view and manage permissions for all publications in this directory.

  • Rights management - enables a user to alter access rights for the directory. Inherited from the parent directories. Implies the Access, List and Read permissions.

The directory-level access permissions can be altered in the Directory Properties panel, Rights tab.

Figure 4.28. Directory-level rights editor

Directory-level rights editor

On the list on the left library users na (in black having at least one right, in grey having no rights) and groups (in red) are shown. When the button is pressed, public users are not displayed. After selecting one or more users or groups, their rights to the chosen directory are displayed, in four columns, in the table on the right:

  • Right - contains the name of the permission

  • Old state - displays the state of the permission before change

  • New state - displays the state of the permission after change. To grant the right to the chosen users - select the checkbox in the table.

  • Recursion - select the checkbox to grant the right directly for all subdirectories of the selected directory.

4.3.4. Collection-level permissions

As with the library directories, access to dLibra publications is controlled separately for every single publication and every single library user. Similarly to the library directories, access permissions to publications can be directly granted, implied, inherited from parent directories or inherited from a group (see previous section).

In dLibra there is only one publication-level permission:

  • Manage collection content - enables a user to add and remove publications from a chosen collection.

Figure 4.29. Collection-level rights editor

Collection-level rights editor

Rights can be managed on a tab signed Rights.

4.3.5. Publication-level permissions

As with the library directories or collections, access to dLibra publications is controlled separately for every single publication and every single library user - for the same publication different users can have different permissions, and one user can have different levels of access to different publications. Similarly to the library directories, access permissions to publications can be directly granted, implied, inherited from parent directories or inherited from a group (see previous section).

In dLibra there are three publication-level permissions:

  • View - enables a user to read the published editions of a publication. Inherited from the "List" right of the directory the publication belongs to.

  • Read - enables a user to read all editions (whether published or not) of a publication. Inherited from the "Read" right of the directory the publication belongs to.

  • Manage - enables a user to alter other user's rights for it. By default granted to the creator of the publication.

The publication-level access permissions can be altered in the Publication Properties panel, Rights tab.

Figure 4.30. Publication-level rights editor

Publication-level rights editor