Greenstone Wiki

User Tools

Site Tools

You are here: index » en » user_advanced » security
en:user_advanced:security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:user_advanced:security [2020/06/22 08:12] anupamaen:user_advanced:security [2023/03/13 01:46] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +
 +
 +
 ====== Security in Greenstone Collections ====== ====== Security in Greenstone Collections ======
  
-Greenstone software comes equipped with a system for registering and administering users. Greenstone users can register as user with a login and password. Administrators can then assign them into various groups. See [[en:user_advanced:user_managementthis page]] for user management information.+Greenstone software comes equipped with a system for registering and administering users. Greenstone users can register as user with a login and password. Administrators can then assign them into various groups. For user management information, see [[en:user_advanced:gs3_user_managementGreenstone 3 User Management]] or [[en:user_advanced:gs2_user_management| Greenstone 2 User Management]]
  
 Once groups have been set up, access to collections or sets of documents in a collection can be restricted to certain groups.  Once groups have been set up, access to collections or sets of documents in a collection can be restricted to certain groups. 
Line 10: Line 13:
 ===Important Note=== ===Important Note===
   * Most of these protection mechanisms are not available in GLI, but require you to edit the collection's configuration file directly. Please make sure that GLI does not have your collection open before modifying the configuration file, otherwise GLI will overwrite your changes when it saves the file.    * Most of these protection mechanisms are not available in GLI, but require you to edit the collection's configuration file directly. Please make sure that GLI does not have your collection open before modifying the configuration file, otherwise GLI will overwrite your changes when it saves the file. 
-  * In Greenstone 3 from v3.08, you can use GLI's Edit > Edit collectionConfig.xml to make these edits without closing GLI.+  * In Greenstone 3 from v3.08 onward, you can use GLI's Edit > Edit collectionConfig.xml to make these edits without having to close GLI. From 3.10, this will also be functional in client-GLI.
  
-<TABAREA tabs="Greenstone3,Greenstone2"> +<tabbox Greenstone3>
-<TAB>+
 A collection's configuration file is called 'collectionConfig.xml' and can be found in the collection's etc folder. This can be found at ''<greenstone home folder>/web/sites/localsite/collect/<collname>/etc/collectionConfig.xml''. A collection's configuration file is called 'collectionConfig.xml' and can be found in the collection's etc folder. This can be found at ''<greenstone home folder>/web/sites/localsite/collect/<collname>/etc/collectionConfig.xml''.
-</TAB> +<tabbox Greenstone2>
-<TAB>+
 A collection's configuration file is called 'collect.cfg' and can be found in the collection's etc folder. This can be found at ''<greenstone home folder>/collect/<collname>/etc/collect.cfg''. A collection's configuration file is called 'collect.cfg' and can be found in the collection's etc folder. This can be found at ''<greenstone home folder>/collect/<collname>/etc/collect.cfg''.
-</TAB> +</tabbox>
-</TABAREA>+
  
 =====Hiding a collection===== =====Hiding a collection=====
Line 25: Line 25:
 This can be done via GLI. Open the collection in GLI, and go to the 'General' page of the 'Format' panel. Deselecting "This collection should be publically accessible" will hide it from the home page of the library. This can be done via GLI. Open the collection in GLI, and go to the 'General' page of the 'Format' panel. Deselecting "This collection should be publically accessible" will hide it from the home page of the library.
  
-<TABAREA tabs="Greenstone3,Greenstone2"> +<tabbox Greenstone3>
-<TAB>+
 To make this change in the configuration file directly, open up the collection's collectionConfig.xml file (see [[#Important_Note | here]]), and set the 'public' metadata element value to 'false'. To make this change in the configuration file directly, open up the collection's collectionConfig.xml file (see [[#Important_Note | here]]), and set the 'public' metadata element value to 'false'.
   <metadata name="public">false</metadata>   <metadata name="public">false</metadata>
-</TAB> +<tabbox Greenstone2>
-<TAB>+
 To make this change in the configuration file directly, open up the collection's collect.cfg file (see [[#Important_Note | here]]), and set the 'public' field to 'false'. To make this change in the configuration file directly, open up the collection's collect.cfg file (see [[#Important_Note | here]]), and set the 'public' field to 'false'.
   public false   public false
-</TAB> +</tabbox>
-</TABAREA>+
  
 ===== Collection Level Protection ===== ===== Collection Level Protection =====
Line 42: Line 39:
 Collection level protection can not be done via GLI, but must be done by editing the collection's config file. Collection level protection can not be done via GLI, but must be done by editing the collection's config file.
  
-<TABAREA tabs="Greenstone3,Greenstone2"> +<tabbox Greenstone3>
-<TAB>+
 Open up collectionConfig.xml (see [[#Important_Note | here]]). Add a ''<security>'' element as a child element of ''<CollectionConfig>''. It doesn't matter where in the file it goes, as long as it is a child of ''<CollectionConfig>'', and not inside any other element. The following is an example security block. Open up collectionConfig.xml (see [[#Important_Note | here]]). Add a ''<security>'' element as a child element of ''<CollectionConfig>''. It doesn't matter where in the file it goes, as long as it is a child of ''<CollectionConfig>'', and not inside any other element. The following is an example security block.
  
Line 56: Line 52:
 This restricts access to all users except those who are part of the dl group. This restricts access to all users except those who are part of the dl group.
 There can be more than one group element in an exception element, and more than one exception in a security element. There can be more than one group element in an exception element, and more than one exception in a security element.
-</TAB> +<tabbox Greenstone2>
-<TAB>+
 Open up collect.cfg (see [[#Important_Note | here]]). Add lines like the following: Open up collect.cfg (see [[#Important_Note | here]]). Add lines like the following:
 <code> <code>
Line 65: Line 60:
 This restricts access to all users except those who are part of the dl group. This restricts access to all users except those who are part of the dl group.
 You can have one or more groups in the auth_groups line. Separate them by space. You can have one or more groups in the auth_groups line. Separate them by space.
-</TAB> +</tabbox>
-</TABAREA>+
  
 ===== Document Level Protection ===== ===== Document Level Protection =====
Line 77: Line 71:
 Remember, you can't have the collection open in GLI while you are editing the configuration file. If you need to use GLI to find out document OIDs, then make a note of the OIDs while you have GLI open, then close the collection before writing the OIDs into the configuration file. Remember, you can't have the collection open in GLI while you are editing the configuration file. If you need to use GLI to find out document OIDs, then make a note of the OIDs while you have GLI open, then close the collection before writing the OIDs into the configuration file.
  
-<TABAREA tabs="Greenstone3,Greenstone2"> +<tabbox Greenstone3>
-<TAB>+
 Open up collectionConfig.xml (see [[#Important_Note | here]]). Add a ''<security>'' block as a child of the ''<CollectionConfig>'' element. The security element will look  like Open up collectionConfig.xml (see [[#Important_Note | here]]). Add a ''<security>'' block as a child of the ''<CollectionConfig>'' element. The security element will look  like
  ''<security scope="document" default_access="public|private">''  ''<security scope="document" default_access="public|private">''
Line 154: Line 147:
 </security> </security>
 </code> </code>
-</TAB> +<tabbox Greenstone2>
-<TAB>+
 Open up collect.cfg (see [[#Important_Note | here]]). To make most of the documents freely accessible, with a few documents restricted, add lines like the following: Open up collect.cfg (see [[#Important_Note | here]]). To make most of the documents freely accessible, with a few documents restricted, add lines like the following:
 <code> <code>
Line 174: Line 166:
  
 Note, in Greenstone 2, document level restrictions only work with the Greenstone version of the document, i.e. the page you get to using [link][/link]. Links to the original verison (using [srclink][/srclink]), e.g. to the PDF file, are **not** covered by the security system. If you want to protect documents, then you mustn't use [srclink] in search results or browsing classifier format statements. You can add a link to the original file from the document page, if you want authorised users to have access to it. Note, in Greenstone 2, document level restrictions only work with the Greenstone version of the document, i.e. the page you get to using [link][/link]. Links to the original verison (using [srclink][/srclink]), e.g. to the PDF file, are **not** covered by the security system. If you want to protect documents, then you mustn't use [srclink] in search results or browsing classifier format statements. You can add a link to the original file from the document page, if you want authorised users to have access to it.
-</TAB> +</tabbox>
-</TABAREA>+
  
 ===== Collection vs Document level protection ===== ===== Collection vs Document level protection =====
Line 185: Line 176:
 Protecting the **collection** will mean that non-authorised users cannot even visit the collection. Protecting the **collection** will mean that non-authorised users cannot even visit the collection.
  
-<TABAREA tabs="Greenstone3,Greenstone2"> +<tabbox Greenstone3>
-<TAB>+
 The ''<security>'' blocks for the two options are as follows. The ''<security>'' blocks for the two options are as follows.
   * Restricting the entire collection to group X:   * Restricting the entire collection to group X:
Line 204: Line 194:
   </security>   </security>
 </code> </code>
-</TAB> +<tabbox Greenstone2>
-<TAB>+
 The code for the two options are as follows. The code for the two options are as follows.
   * Restricting the entire collection to group X:   * Restricting the entire collection to group X:
Line 218: Line 207:
 </code> </code>
  
-</TAB> +</tabbox>
-</TABAREA>+
  
 ===== Additional Resources ===== ===== Additional Resources =====
  
   * [[http://greenstonesupport.iimk.ac.in/Documents/Greenstone%20User%20Administration-Collection-Authentication.pdf|User administration and collection authentication]] document from [[http://greenstonesupport.iimk.ac.in/ | Greenstone Support for South Asia]]. This is a more descriptive explanation, but only covers Greenstone 2 and may be slightly out of date.   * [[http://greenstonesupport.iimk.ac.in/Documents/Greenstone%20User%20Administration-Collection-Authentication.pdf|User administration and collection authentication]] document from [[http://greenstonesupport.iimk.ac.in/ | Greenstone Support for South Asia]]. This is a more descriptive explanation, but only covers Greenstone 2 and may be slightly out of date.
en/user_advanced/security.1592813522.txt.gz · Last modified: 2020/06/22 08:12 by anupama