You are here

CONTENTdm Permissions

1. Add the domain account name of anyone who is to have administrative rights to a collection in CONTENTdm to the Windows Group "CONTENTdm Administrators" on the CONTENTdm server (elib). CONTENTdm requires this group and uses it for identifying system administrators.

My Computer > Manage > System Tools > Local User and Groups > Groups > CONTENTdm Administrators.

2. Add each user's domain/username as a User in CONTENTdm

  • http://[contentdm-host]:2012/cgi-bin/admin/start.exe
  • Select "server" tab > users > add user (e.g. hamilton-d/<username> or [contentdm-host]/[username])

  • Grant user appropriate rights to specific collections.

3. To allow the person to add objects to the collection, the account name must be added to the Permissions for the share of the collections on which they are going to add/edit records.

  • Go to [directory]:/contents.

  • Select the appropriate collection folder.

  • Right click on the "Index" folder > Sharing and Security > "Sharing" tab > Permissions

  • Add the domain username for each administrator of the collection.

  • Grant Change and Read permissions to each administrator.

  • If the user has trouble logging in with full admin privileges, you have have to add that account manually with full NTFS privileges on the "content5/server" folder.

4. To restrict who can view a collection, edit the collection-level permissions for each collection.

  • Launch http://[server.name.edu]/cgi-bin/admin/start.exe

  • Select a collection

  • Select "collections" tab > configuration

  • Add account names in "User name" (e.g. hamilton-d\pmacdona, hamilton-d\nreynold)

  • To allow only a certain group of people to see images in a collection...

    • Create a Windows user group on the CONTENTdm server, say, "CONTENTdm students," and add each student's domain/username into that group.

    • Grant that group permission to read and execute the "/dmscripts/admin/login.exe" file.

    • Add the domain/username for each student into the Permissions box in the Configuration menu for the collection they need permissions to.

  • To allow only Hamilton College affiliates to view a collection, add the IP address of the eZproxy server to the permissions. This will force users to log in with a valid Hamilton College ID number.


SYSADMIN NOTE: To lock down collections with a batch script, an administrator could use a script to put AD users into Groups that can be used to protect collection folders on CONTENTdm server with NTFS permission.
See createUsers.bat script at http://users.telenet.be/mydotcom howto/scripts/sysadmin/createusers.htm (accessed May 16, 2008)

- Top -

(Reviewed: September 27, 2008)