Link Search Menu Expand Document

Setting Access Control List (ACL)

The Repositories can be used with or without authentication. Both the NFDI-MatWerk Data and Metadata Repsoitories have a federated login system. The credentials created on one will also work with the other. Only public documents are viewable without prior authentication. Each user has an SID (subject identifier) that identifies her/him/the group while logged in.

More about rights and ACL can be found here: https://kit-data-manager.github.io/metastore2/acl/introduction.html

If no access data is available (if not logged-in on the browser based User Interface or no token is passed during REST-API calls), access is automatically granted as an anonymous user
(SID: anonymousUser). An anonymous user cannot create or modify data, but only view the publically made available data.

In order for documents to be made publically available (published), the ACL must be extended accordingly. In this case, access must be granted to the user anonymousUser with READ rights, in the administrative metadata part (i.e., in the Data Resource Metadata under Access Control List in the Enhanced Metadata section). This process is described in the next section.

Setting the ACL using the Browser based Graphical User Interface

  1. In the home page of the NFDI-MatWerk Data Repository or NFDI-matWerk Metadata Repository, first login with your credentials.

  2. Find the document/record for which the ACL needs to be edited from the listings, and click on the edit button to the far right.

    edit_button

  3. In the tab “Data Resource Metadata”, expand the field “Access Control List” contained in the section “Enhanced Metadata”, by clicking on the blue + button. If the document should be made publically available, then add an SID as anonymousUser and select persmission as READ from the drop down menu.

    set_ACL

    Note: Never give more than READ permission to anonymousUser

  4. If the document is to be shared with selected user(s) or group(s), the SIDs of the user(s) or group(s) can also be added in a similar way, and appropriate level of permission can be granted to them. For this, they should be already registered and their SIDs need to be known.
  5. Only documents which are publically made available (published) can be opened in the browser by using the URL, like in this case -

https://matwerk.datamanager.kit.edu/api/v1/dataresources/423ece8d-6171-4f9a-9055-77ebb77c05e8 and the corresponding image data: https://matwerk.datamanager.kit.edu/api/v1/dataresources/423ece8d-6171-4f9a-9055-77ebb77c05e8/data/surface.png.