I'm in the process of changing the authorization policy for a large dspace repo filled with closed collections. I created a new group to facilitate the new access rights and added the appropriate users to the group. Finally, I edited the collection items policy through the "Advanced Policy Manager". In exact, I added to collection X and Group Y the 'DEFAULT_BITSTREAM_READ'.
When I browse the items of the collection I see that the item files have the corresponding policy (policy ID:822518 - Action:DEFAULT_BITSTREAM_READ - EPerson: ... - Group: GroupY)
This means that all members of groupY should be able to open the bitstream/read the file. The problem is that while some users are in fact able to, some can't. Is there some better way to edit user authorizations? How could I debug the problem? Is there any proposed tutorial on performing dspace administration tasks?
Thank you for your time.
Adding new DEFAULT_* policies to collections does not effect any of the already existing items. DEFAULT_* policy settings are used to create policies when new items are added. In other words: an items BITSTREAM_READ policies are informed by the DEFAULT_BITSTREAM_READ policies of its collection at the time of adding the item.
It sounds like your system sets DEFAULT_BITSTREAM_READ to a policy that contains GroupY. Therefore items should have their BITSTREAM_READ set to that container group. If that is true you could change GroupY's members, adding additional users to open up access to the bitstreams in your currently closed collection. If you do so, you need to make sure, that there are no unintended consequences. This approach will not have the desired effect, if GroupY is used in collections that should stay closed.