Overview
Muradora comes with web interface for setting Access Control on datastreams, objects and collections. Users with appropriate permissions will be able to see the "Edit Permission" icon next to each datastream, object or collection in Browse/Object view pages.
With the Policy Editor, you can specify two type of permissions: simple and advanced. Simple access control, as the name indicates, allows you to assign concrete permissions such as "read", "write" and "publish" to users or a group of users (role). With advanced policies, you can create complex and powerful access control rules such as "allow public users to read all PDF datastreams of this object" or "denied access to all Word documents created by Joe Bloke"...
Basic Permissions
Once the "Edit Permission" icon is clicked, the following screen will be presented to users:
The list box on the left contains a shortlist of possible users/roles that you can assign permissions to, for the currently selected datastream/object/collection. If you select a user/role in this list, Muradora will automatically retrieve permissions assigned to that user/role for the current object and display them on the right hand side.
The screenshot above can be interpreted as: users with "public" role are allowed to read the content of this object but are denied every other actions. You can change these permissions but check/uncheck appropriate checkboxes. You will need to click on "Submit" button at the bottom of the screen to persist your changes.
Note that you can search or add more users/roles to the list box by clicking on "Add users or groups" button. Every user who has logged in to Muradora will have their username/role recorded in an embedded database. The search function of the Policy Editor enables you to find such users either by their username or role.
You can add arbitrary users/roles by clicking on "Add User/Role" tab.
Advanced Permissions
In order to specify advanced policies for a particular user/role, select that user/role in the list box and click on "Advanced Permissions" tab on the right hand side. The following will be presented to you:
Muradora will try to load any existing advanced policies assigned to the selected user/role for current object. An advance policy consists of multiple rules each of which has multiple criteria. Criteria are used by XACML engine to determined whether a request matches a rule. Examples of criteria are "MIMETYPE equals PDF" or "OWER_ID equals JOE BLOKE"... The effect of a rule can either be "Permit" or "Deny". If an advanced policy has multiple rules then its effective effect will be determined by the combination algorithm of the XACML engine.
Attachments
- Screenshot-1.png (24.3 kB) - added by cuong on 05/19/08 17:40:31.
- Screenshot-3.png (32.8 kB) - added by cuong on 05/19/08 17:46:37.
- Screenshot-4.png (29.1 kB) - added by cuong on 05/19/08 17:52:33.
- Screenshot-5.png (30.5 kB) - added by cuong on 05/19/08 18:03:27.
- Screenshot-6.png (30.3 kB) - added by cuong on 05/19/08 18:04:14.
- Screenshot-7.png (34.0 kB) - added by cuong on 05/19/08 18:18:58.
- Screenshot-8.png (44.7 kB) - added by cuong on 05/19/08 18:28:24.