This is an object-specific policy. It could be stored inside the demo:5 digital object in the POLICY datastream OR in the directory for object-specific policies. (The directory location is set in the Authorization module configuration in the Fedora server configuration file (fedora.fcfg). By using multiple policy Rules, this policy shows how to deny access to all raw datastreams in the object except to particular users (e.g., the object owners). It also shows how to deny access to a particular disseminations to selected user roles.
demo:5
urn:fedora:names:fedora:2.1:action:id-getDatastreamDissemination
testuser1
testuser2
fedoraAdmin
demo:5
getHigh
demo:5
getVeryHigh
urn:fedora:names:fedora:2.1:action:id-getDissemination
student
professor
administrator