This documentation refers to an earlier version of Islandora. https://wiki.duraspace.org/display/ISLANDORA/Start is current.

Skip to end of metadata
Go to start of metadata

Overview

The Islandora XACML Editor provides a graphical user interface to edit XACML policies for objects in a repository or collection. It adds a new tab to each collection called Child Policy and a tab to each item called Item Policy, where permissions can be set on a per User or per Role basis for:

  • Object Management: Controls who can set XACML policies for an object/collection.

  • Object Viewing: Controls who can view an object/collection.
  • Datastreams and MIME types: Controls who can view datastreams by DSID and MIME type.

Tutorials

Using the XACML Editor

Dependencies

Islandora.ca modules:

  • Islandora Repository
  • Islandora XACML API

Drupal.org modules:

Interactions with Other Modules

Fedora Configuration

It may be desirable--and in fact necessary for some modules--to disable/remove one of the default XACML policies which denies any interactions with the POLICY datastream to users without the "administrator" role.

This policy is located at: $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/deny-policy-management-if-not-administrator.xml

Solr Searching Hook

In order to comply with XACML restrictions placed on objects, a hook is used to filter results that do not conform to a searching user's roles and name. This hook will not function correctly if the Solr fields for 'ViewableByUser' and 'ViewableByRole' are not defined correctly. These values can be set through the admin page for the module.

Issues with Autocomplete

There are two known issues that exist within Drupal's autocomplete that can be fixed by patching Drupal:

  • No labels