Image Class Access Control

From DLXS Documentation

(Difference between revisions)
Jump to: navigation, search
Current revision (13:38, 31 August 2007) (edit) (undo)
 
Line 1: Line 1:
-
[[DLXS Wiki|Main Page]] > [[Mounting Collections: Class-specific Steps]] > [[Mounting an Image Class Collection]] > [[Image Class Access Control
+
[[DLXS Wiki|Main Page]] > [[Mounting Collections: Class-specific Steps]] > [[Mounting an Image Class Collection]] > Image Class Access Control
-
__FORCETOC__
+
__TOC__
-
[[Overview]]
+
==Overview==
<p>The document on [[Authentication and Authorization]] covers in depth what you need to do to set up access control for all of DLXS, including Image Class. </p>
<p>The document on [[Authentication and Authorization]] covers in depth what you need to do to set up access control for all of DLXS, including Image Class. </p>
-
<p>A special Image Class option allows collections that are unrestricted at  the collection level, to have
+
A special Image Class option allows collections that are unrestricted at  the collection level, to have individually identified full-size images restricted at the record level. A good  
-
    individually identified full-size images restricted at the record level. A good  
+
example of this is the [http://images.umdl.umich.edu/cgi/i/image/image-idx?c=musart University of Michigan, Museum of Art]. Authorized users (University of Michigan
-
    example of this is the [http://images.umdl.umich.edu/cgi/i/image/image-idx?c=musart University  
+
faculty, staff, students) have unrestricted (collection level) access to
-
    of Michigan, Museum of Art]. Authorized users (University of Michigan
+
all text records, thumbnail images, and full size images. Those using the
-
    faculty, staff, students) have unrestricted (collection level) access to
+
collection from outside the range of valid umich IP addresses are allowed
-
    all text records, thumbnail images, and full size images. Those using the
+
to access all text records, all thumbnail images, and most full-size images,
-
    collection from outside the range of valid umich IP addresses are allowed
+
but are restricted from viewing some full-size images that are identified
-
    to access all text records, all thumbnail images, and most full-size images,
+
in the item level record as being restricted (due to
-
    but are restricted from viewing some full-size images that are identified
+
copyright in the case of the Museum).
-
    in the item level record as being restricted (due to
+
 
-
    copyright in the case of the Museum).</p>
+
<p>Item level access information is stored in
<p>Item level access information is stored in
   the <strong>m_entryauth</strong> field of the <strong>[[Media Table|media table]]</strong>.  </p>
   the <strong>m_entryauth</strong> field of the <strong>[[Media Table|media table]]</strong>.  </p>
Line 58: Line 57:
   to the "DLXS_ea" Administrative Field Mappings.</p>
   to the "DLXS_ea" Administrative Field Mappings.</p>
-
<p>[[Image Class Data Loading: MySQL#Mapping for Sorting|Administrative Field Mapping]] is done in the <strong>field_admin_maps</strong>  CollMgr field.</p>
+
[[Image Class Data Loading: MySQL#Mapping for Sorting|Administrative Field Mapping]] is done in the <strong>field_admin_maps</strong>  CollMgr field.
<p>Currently, if the value of the field mapped to DLXS_ea is "www" or "world"  
<p>Currently, if the value of the field mapped to DLXS_ea is "www" or "world"  
Line 68: Line 67:
<p>Any other value in the DLXS.ea mapped field will result in the ENTRYAUTH MALLOW
<p>Any other value in the DLXS.ea mapped field will result in the ENTRYAUTH MALLOW
     being set to the value of the third field of the coll-info.txt file. </p>
     being set to the value of the third field of the coll-info.txt file. </p>
-
<p>See [[Image Class Access Control Summary and  
+
 
-
  Examples Table]] for useful examples.</p>
+
See the [[Image Class Access Control Summary and Examples Table]] for useful examples.
==Access Restriction by Image Size==
==Access Restriction by Image Size==

Current revision

Main Page > Mounting Collections: Class-specific Steps > Mounting an Image Class Collection > Image Class Access Control

Contents


[edit] Overview

The document on Authentication and Authorization covers in depth what you need to do to set up access control for all of DLXS, including Image Class.

A special Image Class option allows collections that are unrestricted at the collection level, to have individually identified full-size images restricted at the record level. A good example of this is the University of Michigan, Museum of Art. Authorized users (University of Michigan faculty, staff, students) have unrestricted (collection level) access to all text records, thumbnail images, and full size images. Those using the collection from outside the range of valid umich IP addresses are allowed to access all text records, all thumbnail images, and most full-size images, but are restricted from viewing some full-size images that are identified in the item level record as being restricted (due to copyright in the case of the Museum).

Item level access information is stored in the m_entryauth field of the media table.

Value Restriction
world unrestricted access to full-size images.
[collid] access to full-size images restricted to authorized users of the collection. note: use the actual collid, not "[collid]".
no access access to full-size image is completely restricted. nobody can see it.

Keep in mind that if the collection is restricted to an authorized group of users at the collection level, the Image Class middleware will not allow unauthorized users to access the image, no matter what the ENTRYAUTH says.

The value of ENTRYAUTH is established at the time the data records are loaded to MySQL. The value can be specified globally (for an entire collection). Global configuration is in the entryauth field of the CollMgr record.

It is also possible for each record/ENTRY to have the ENTRYAUTH specified independently. This allows some full-size images to be available to the world, and others to be restricted to certain user groups. In order for this to be utilized, the source data must have a field dedicated to specifying access restrictions for the full-size images associated with the record, and the field must be mapped to the "DLXS_ea" Administrative Field Mappings.

Administrative Field Mapping is done in the field_admin_maps CollMgr field.

Currently, if the value of the field mapped to DLXS_ea is "www" or "world" (not case sensitive) then the ENTRYAUTH will be set to "WORLD" in the SGML file.

If the value of the field mapped to DLXS_ea is "nobody" or "no access" (not case sensitive) then the ENTRYAUTH will be set to "no access".

Any other value in the DLXS.ea mapped field will result in the ENTRYAUTH MALLOW being set to the value of the third field of the coll-info.txt file.

See the Image Class Access Control Summary and Examples Table for useful examples.

[edit] Access Restriction by Image Size

Restriction of image access by size is also possible by setting the value of imgsizemax and imgsizemin in Collmgr. This is especially useful with JPEG2000 and MrSID files when the largest size is very large and putting a limit on the viewable size is desireable. Please see the help text within Collmgr for more information and allowable values.

As of DLXS 12a, it is possible to allow a specific list of users to have access to all sizes of images/media, even if a size limit has been placed using imgsizemax. This is done by listing userids in the privileged_users Collmgr field. This, therefore, requires an authentication mechanism of some sort (see Authentication and Authorization).

 

Top

Personal tools