search

Islandora / documentation

Contains islandora's documentation and main issue queue.
MIT License
103 stars 71 forks source link

AuthZ for Preservation: Ensure no one person has write access to all copies. #414

Open rosiel opened 7 years ago

rosiel commented 7 years ago

A "a challenging, food for thought-type requirement" from Brad, as worded in The NDSA Levels of Digital Preservation, Level 4:

Title (Goal) Ensure no one person has write access to all copies.
Primary Actor Repository admin
Scope preservation, access
Level High
Story I want to comply with the The NDSA Levels of Digital Preservation, Level 4.

Source: Page 3, Table 1, Row 2 (File Fixity and Data Integrity), Level 4 definition: http://www.digitalpreservation.gov/documents/NDSA_Levels_Archiving_2013.pdf

This is a "use case" that might involve other system aspects, such as the backups and (possibly) where else an object has been duplicated.

ruebot commented 7 years ago

It would be helpful to flesh this out a lot more. Please expand on the level, and what layers of the stack, looking specifically at the gap between Fedora and CLAW where this would be required.

rosiel commented 7 years ago

I'm sorry. I know nothing about standards for digital preservation. I tried to include a disclaimer that this is not necessarily CLAW related, but likely has more to do with the implementation of good backup policies and strategic content duplication.

My goal in including this was to bring the use cases that were brought forward in the discussion group to the appropriate venue.

Please close this ticket if this is unacceptable.

ruebot commented 7 years ago

@rosiel what discussion group?

dannylamb commented 7 years ago

So no admin user, then? Or just block admin user from having admin privileges, thus rendering it not admin?

rosiel commented 7 years ago

From here: https://groups.google.com/forum/#!topic/islandora/YGBMUU4OSM8

As mentioned it was "a challenging food for thought" requirement.

We've always managed one single copy of an archival object, maybe this points out a use case where multiple would be worthwhile?

ruebot commented 7 years ago

I think this would be an excellent opportunity for the group to articulate where they would like to see the functionality for the management of multiple copies of an archival object to reside; Drupal, Fedora, somewhere else?

kstapelfeldt commented 2 years ago

Maybe I'm missing something, but this seems like a staffing/practice problem? Without two systems administrators, how would software solve this problem?