| Last updated | 2002-03-13 11:13:03 EST |
| Doc Title | Image Class Access Control |
| Author 1 | Weise, John |
| CVS Revision | $Revision: 1.6 $ |
The document on DLXS Authentication and Authorization covers in depth what you need to do to set up access control for all of DLXS, including Image Class.
A special Image Class option allows collections that are unrestricted at the collection level, to have individually identified full-size images restricted at the record level. A good example of this is the University of Michigan, Museum of Art. Authorized users (University of Michigan faculty, staff, students) have unrestricted (collection level) access to all text records, thumbnail images, and full size images. Those using the collection from outside the range of valid umich IP addresses are allowed to access all text records, all thumbnail images, and most full-size images, but are restricted from viewing some full-size images that are identified in the item level text record (encoded in the SGML) as being restricted (due to copyright in the case of the Museum).
At the item level, every SGML encoded text record has an ENTRYAUTH element. If it says this...
<ENTRYAUTH MALLOW="WORLD">
...then the big image(s) (i.e., everything larger than the thumbnail) associated with the text record (SGML ENTRY element) may be accessed by a user at any IP address in the world. If the ENTRYAUTH says...
<ENTRYAUTH MALLOW="COLLID">
...(where COLLID is a collection ID; e.g., "MUSART") then the big (i.e., everything larger than the thumbnail) image(s) will be restricted to situations where the collid of the MALLOW attribute represents a collection the user is authorized to use according to AUTHZD_COLL or PUBLIC_COLL.
Keep in mind that if the collection is restricted to an authorized group of users at the collection level, the Image Class middleware will not allow unauthorized users to access the image, no matter what the ENTRYAUTH says.
The value of the ENTRYAUTH MALLOW attribute is established at the time the text database is transformed to SGML. The value can be specified globally (for an entire collection) in the collection "info" file. Please see the Collection Level Information section of the Image Class Data Transformation documentation for details on how to create/edit the collection info file. The collection info file is a simple file with four fields delimited by "#". The third field is used to globally specify item level access for a collection. Here are two examples...
The following table shows how the configuration of the third field of the collection info file affects the ENTRYAUTH in the SGML.
| French Architecture#RPW Image Publishing, Inc.#SAMPLEIC#both |
<ENTRYAUTH MALLOW="SAMPLEIC"> |
| French Architecture#RPW Image Publishing, Inc.#WORLD#both |
<ENTRYAUTH MALLOW="WORLD"> |
Finally, as mentioned earlier, it is also possible for each record/ENTRY to have the ENTRYAUTH specified independently. This allows some full-size images to be available to the world, and others to be restricted to certain groups. In order for this to be utilized, the text database must have a field dedicated to specifying access restrictions for the full-size images associated with the record, and the appropriate field of the database mapped to the "DLXS.ea" Category Administrative Mapping in record 4 of the transformation configuration file.
Currently, if the value of the field mapped to DLXS.ea is "www" or "world" (not case sensitive) then the ENTRYAUTH will be set to "WORLD" in the SGML file. Any other value in the DLXS.ea mapped field will result in the ENTRYAUTH MALLOW being set to the value of the third field of the coll-info.txt file.
See Image Class Access Control Summary and Examples Table for useful examples.