Access Control: EPeople and Groups

Owned by Kristi Park
Last updated: Dec 08, 2023
3 min read

Definitions

E-Persons and Groups are the way DSpace identifies users for the purpose of granting privileges.

E-Persons

A user, or user account, is called an "E-Person" in DSpace. For many functions in DSpace, like searching and retrieving openly available documents, a user account is not necessary. That is, users do not have to be authenticated to browse, search, and retrieve content. However, for administrative tasks, and to access certain restricted documents in the repository, users must have an E-Person account and log in with that account.

In TDL-hosted DSpace repositories, new e-persons are created in one of two ways:

  • Users affiliated with the host institution. Most TDL-hosted repositories are integrated with campus authentication systems via Shibboleth. Any user with campus credentials can log in to the repository, and as soon as they do, an E-Person is created for that user. That E-Person account does not necessarily have any special privileges associated with their account automatically, but once they have logged in one time, a Repository Administrator can search for and find their E-Person account and grant privileges to it.
  • Users not affiliated with the host institution: Repository Administrators can create E-People for users who do not have campus credentials and cannot log in via Shibboleth. The process for doing this is explained in Creating a new EPerson (for non-affiliated users only).

Groups

Groups are a list of E-People. Any E-Person added to a group gets the permissions granted to that group.

DSpace has two default groups created: Administrator and Anonymous. 'Administrators' have full access to every part of the administrative user interface of the repository; 'Anonymous' is a list that contains all users, whether or not they are logged in. Assigning a policy for an action on an object to anonymous means giving everyone permission to do that action. (For example, most objects in DSpace sites have a policy of 'anonymous' READ – i.e., anyone can browse, view, and download unrestricted content on the site.)

Creating and Managing Groups of Users

Groups of EPeople (aka Users) can be created and used to assign roles throughout the repository at the Collection and Community level.

Repository Administrator or Community Administrator permissions are necessary to create and manage groups.

Create a Group

Go to Access Control => Groups

Click the "Add Group” button, give the new group a name, and click Save.

Search for and add EPeople to the group.

 No privileges are attached to any groups at this stage. The newly created group can be assigned roles in any Community or Collection, or added to workflow steps. See Roles and Workflows.

Manage a Group

Step 1: Go to Access Control => Groups

Step 2: Find the Group you wish to manage, either by searching or browsing the list.  Once you find the Group, you can edit the group's details, add or remove EPeople (i.e. users), or delete the Group entirely.

  • To delete the Group, click the trash can icon in the rightmost "Edit" column.
  • To make other changes, click the pencil icon in the rightmost "Edit" column.

Editing a Group

If you click the "Edit" pencil icon, you will be taken to an "Edit Group" page.

From here you can update the Group's name and description, delete the group, or add and remove EPeople or other Groups.


Additional Resources