Users and Permissions: EPeople and Groups
Definitions
E-Persons and Groups are the way DSpace identifies users for the purpose of granting permissions in the repository.
E-Persons
A user, or user account, is called an "E-Person" in DSpace. For many functions in DSpace, like searching and retrieving openly available documents, a user account is not necessary. That is, users do not have to be authenticated to browse, search, and retrieve content. However, for administrative tasks, and to access certain restricted items in the repository, users must have an E-Person account and log in with that account.
In TDL-hosted DSpace repositories, new e-persons are created in one of two ways:
Users affiliated with the host institution. Most TDL-hosted repositories are integrated with campus authentication systems via Shibboleth. Any user with campus credentials can log in to the repository, and as soon as they do, an E-Person is created for that user. That E-Person account does not necessarily have any special privileges associated with their account automatically, but once they have logged in one time, a Repository Administrator can search for and find their E-Person account and grant privileges to it.
Users not affiliated with the host institution: Repository Administrators can create E-People for users who do not have campus credentials and cannot log in via Shibboleth. The process for doing this is explained in Creating a new EPerson (for non-affiliated users only).
Groups
Groups are a list of E-People. Groups can be assigned roles or permissions, where everybody in the groups is granted those permissions. Any E-Person added to a group gets the permissions granted to that group.
DSpace has two default groups created: Administrator and Anonymous. 'Administrators' have full access to every part of the administrative user interface of the repository; 'Anonymous' is a list that contains all users, whether or not they are logged in. Assigning a policy for an action on an object to anonymous means giving everyone permission to do that action. (For example, most objects in DSpace sites have a policy of 'anonymous' READ – i.e., anyone can browse, view, and download unrestricted content on the site.)
Creating and Managing Groups of Users
Groups of EPeople (aka Users) can be created and used to assign roles throughout the repository at the Collection and Community level.
Repository Administrator or Community Administrator permissions are necessary to create and manage groups.
Create a Group
Go to Access Control => Groups
Click the "Add Group” button, give the new group a name, and click Save.
Search for and add EPeople to the group.
No privileges are attached to any groups at this stage. The newly created group can be assigned roles in any Community or Collection, or added to workflow steps. See Roles and Workflows.
Manage a Group
Step 1: Go to Access Control => Groups
Step 2: Find the Group you wish to manage, either by searching or browsing the list. Once you find the Group, you can edit the group's details, add or remove EPeople (i.e. users), or delete the Group entirely.
To delete the Group, click the trash can icon in the rightmost "Edit" column.
To make other changes, click the pencil icon in the rightmost "Edit" column.
Editing a Group
If you click the "Edit" pencil icon, you will be taken to an "Edit Group" page.
From here you can update the Group's name and description, delete the group, or add and remove EPeople or other Groups.
Additional Resources