The document on DLXS Authentication and Authorization covers in depth what you need to do to set up access control for all of DLXS, including Image Class.
A special Image Class option allows collections that are unrestricted at the collection level, to have individually identified full-size images restricted at the record level. A good example of this is the University of Michigan, Museum of Art. Authorized users (University of Michigan faculty, staff, students) have unrestricted (collection level) access to all text records, thumbnail images, and full size images. Those using the collection from outside the range of valid umich IP addresses are allowed to access all text records, all thumbnail images, and most full-size images, but are restricted from viewing some full-size images that are identified in the item level record as being restricted (due to copyright in the case of the Museum).
Item level access information is stored in the m_entryauth field of the media table.
|world||unrestricted access to full-size images.|
|[collid]||access to full-size images restricted to authorized users of the collection. note: use the actual collid, not "[collid]".|
|no access||access to full-size image is completely restricted. nobody can see it.|
Keep in mind that if the collection is restricted to an authorized group of users at the collection level, the Image Class middleware will not allow unauthorized users to access the image, no matter what the ENTRYAUTH says.
The value of the ENTRYAUTH MALLOW attribute is established at the time the data records are loaded to MySQL. The value can be specified globally (for an entire collection). Global configuration is in the entryauth field of the CollMgr record.
It is also possible for each record/ENTRY to have the ENTRYAUTH specified independently. This allows some full-size images to be available to the world, and others to be restricted to certain user groups. In order for this to be utilized, the source data must have a field dedicated to specifying access restrictions for the full-size images associated with the record, and the field must be mapped to the "DLXS_ea" Administrative Field Mappings.
Administrative Field Mapping is done in the field_admin_maps CollMgr field.
Currently, if the value of the field mapped to DLXS_ea is "www" or "world" (not case sensitive) then the ENTRYAUTH will be set to "WORLD" in the SGML file.
If the value of the field mapped to DLXS_ea is "nobody" or "no access" (not case sensitive) then the ENTRYAUTH will be set to "no access".
Any other value in the DLXS.ea mapped field will result in the ENTRYAUTH MALLOW being set to the value of the third field of the coll-info.txt file.
See Image Class Access Control Summary and Examples Table for useful examples.
Restriction of image access by size is also possible by setting the value of imgsizemax and imgsizemin in Collmgr. This is especially useful with JPEG2000 and MrSID files when the largest size is very large and putting a limit on the viewable size is desireable. Please see the help text within Collmgr for more information and allowable values.
As of DLXS 12a, it is possible to allow a specific list of users to have access to all sizes of images/media, even if a size limit has been placed using imgsizemax. This is done by listing userids in the privileged_users Collmgr field. This, therefore, requires an authentication mechanism of some sort (see DLXS Authentication and Authorization).