Image Class Access Control

dlxs-help@umich.edu

The document on DLXS Authentication and Authorization covers in depth what you need to do to set up access control for all of DLXS, including Image Class.

A special Image Class option allows collections that are unrestricted at the collection level, to have individually identified full-size images restricted at the record level. A good example of this is the University of Michigan, Museum of Art. Authorized users (University of Michigan faculty, staff, students) have unrestricted (collection level) access to all text records, thumbnail images, and full size images. Those using the collection from outside the range of valid umich IP addresses are allowed to access all text records, all thumbnail images, and most full-size images, but are restricted from viewing some full-size images that are identified in the item level record as being restricted (due to copyright in the case of the Museum).

MySQL: item level access information is stored in the m_entryauth field of the media table.

XPat: item level access information is stored in the ENTRYAUTH element, MALLOW attribute of the SGML.

Value Restriction
world unrestricted access to full-size images.
[collid] access to full-size images restricted to authorized users of the collection. note: use the actual collid, not "[collid]".
no access access to full-size image is completely restricted. nobody can see it.

Keep in mind that if the collection is restricted to an authorized group of users at the collection level, the Image Class middleware will not allow unauthorized users to access the image, no matter what the ENTRYAUTH says.

The value of the ENTRYAUTH MALLOW attribute is established at the time the data records are loaded to MySQL or encoded in SGML. The value can be specified globally (for an entire collection).

MySQL: global configuration is in the entryauth field of the CollMgr record.

XPat: global configuration is in the coll-info.txt file. Please see the Collection Level Information section of the Image Class Data Transformation documentation for details on how to create/edit the collection info file. The collection info file is a simple file with four fields delimited by "#". The third field is used to globally specify item level access for a collection. Here are two examples...

It is also possible for each record/ENTRY to have the ENTRYAUTH specified independently. This allows some full-size images to be available to the world, and others to be restricted to certain user groups. In order for this to be utilized, the source data must have a field dedicated to specifying access restrictions for the full-size images associated with the record, and the field must be mapped to the "DLXS_ea" Administrative Field Mappings.

MySQL: Administrative Field Mapping is done in the field_admin_maps CollMgr field.

XPat: Administrative Field Mapping is done in record 4 of the transformation configuration file.

Currently, if the value of the field mapped to DLXS_ea is "www" or "world" (not case sensitive) then the ENTRYAUTH will be set to "WORLD" in the SGML file.

If the value of the field mapped to DLXS_ea is "nobody" or "no access" (not case sensitive) then the ENTRYAUTH will be set to "no access".

Any other value in the DLXS.ea mapped field will result in the ENTRYAUTH MALLOW being set to the value of the third field of the coll-info.txt file.

See Image Class Access Control Summary and Examples Table for useful examples.