Skip to content
Gallery
gull-aa66bde11f73425aacb7d5f6bc5
Aviary User Guide
Home
Getting Started
Aviary Features
OHMS in Aviary
Development Log
Search
Share
Explore
Aviary Features

Custom Permissions

Last edited 117 days ago by Joan Hua
Skip to end of metadata
Created by
Pamela Vizner
, last modified by
Kevin Glick
on
Nov 10, 2021
Go to start of metadata
In Aviary, an organization owner or admins can grant view, edit or super view permissions to restricted content at the resource level. This can be done via Permission Groups. These groups can be used to grant permissions at the user level (via the users’ email address), to a specific IP address or IP range, or based on determined email domains. Time constraints can be defined for any permission group.

How to give access to private resources to specific users?

To grant access to specific users in Aviary, go to “Permissions” and click on “Permission Groups”. This will open the Permission Groups management page. In here, you can add, edit or delete Permission Groups.
To create a new Permission Group, click on “Add Group”.
pasted image 0.png
Then, assign a Name to the group, and Permission Granted: View, Edit, or Super View. The Super View option allows you to grant access to a resource overriding any collection-level permissions you may have set in the "Global Access Restrictions" for that collection. Read more about that in the
Edit a Collection
article.
You can also limit the Time Period in which the user will have access to the resources. By default, Time Period is set to “Ongoing”.
In the “Select Permission Type” dropdown menu select “User Level”. This will display two new sections: “Group members”, where you can define the specific users who will have access to the content; and “Permission Content”, where you can select the specific collections and/or resources these users will have access to.
In the “Group Members” box, add the email addresses of the users who will have access to the content. Note that only registered users can be added to permission groups. Once you have entered the complete email address, the user name will show up. Click on the suggested user name to add to the list. You can add and remove multiple email addresses to this list.
Screen Shot 2019-02-05 at 12.07.26 PM.png
In the “Permission Content” section, select the collections and/or specific resources you want to add to this group. The type-ahead feature will suggest collection or resource names to add. Simply click on them to add to the list.
Click “Save.” Your new permission group will now show in the “Permission Groups” management table. In here, you can search, enable/disable, edit or delete any permission group.
Screen Shot 2019-02-06 at 8.56.55 AM.png

How to give access to private resources to specific IPs or IP ranges?

To grant access to users in specific IP addresses or IP ranges in Aviary, go to “Permissions” and click on “Permission Groups”. This will open the Permission Groups management page. In here, you can add, edit or delete Permission Groups.
To create a new Permission Group, click on “Add Group”.
pasted image 0.png
Then, assign a Name to the group, and Permission Granted (View or Edit). You can also limit the Time Period in which the user will have access to the resources. By default, Time Period is set to “Ongoing”.
In the “Select Permission Type” dropdown menu select “IP Access List”. This will display two new sections: “IP address or range”, where you can define the specific IPs that will have access to the content; and “Permission Content”, where you can select the specific collections and/or resources these users will have access to.
In the “IP address or range” box, add the specific IP addresses one by one, or define an IP range.
To understand how to express IP ranges appropriately in Aviary, it is important first to understand a little about how IP addresses work. IP addresses are 4 byte numbers (e.g., 198.164.1.132). Each of the numbers in that string is represented by one byte (8-bit number; can represent a value of 0–255). An IP address is broken into two main parts: Network address and Host address. By default there are three main classes of IP addresses:
Class A networks use a default subnet mask of 255.0.0.0 and have 0-127 as their first octet. The address 10.52.36.11 is a class A address. Its first octet is 10, which is between 1 and 126, inclusive.
Class B networks use a default subnet mask of 255.255.0.0 and have 128-191 as their first octet. The address 172.16.52.63 is a class B address. Its first octet is 172, which is between 128 and 191, inclusive.
Class C networks use a default subnet mask of 255.255.255.0 and have 192-223 as their first octet. The address 192.168.123.132 is a class C address. Its first octet is 192, which is between 192 and 223, inclusive.
Class A IP addresses usually have the first numeric value to represent the Network address and the next three values together represent the Host address. Class B IP addresses usually have the first two numeric values to represent the Network address and the next two values together represent the Host address. Class C IP addresses usually have the first three numeric values to represent the Network address and the last value represents the Host address.
To enter an IP range, it is important to know the Class, and therefore the default subnet mask (or the default number of bytes for the Network address).
For example, default Class A IP ranges must be entered in this format: “10.0.0.0/8”, where the zeros validate all IP addresses from 10.1.1.1 to 10.254.254.254.
For example, default Class B IP ranges must be entered in this format: “129.164.0.0/16”, where the zeros validate all IP addresses from 129.164.1.1 to 129.164.254.254.
For example, default Class C IP ranges must be entered in this format: “198.164.123.0/24”, where the zeros validate all IP addresses from 198.164.123.1 to 198.164.123.254.
It is also possible to label each entry to allow easy management. Each new entry will be added to the table. You can add and remove multiple IP addresses to this list.
Screen Shot 2019-02-26 at 2.59.07 PM.png
In the “Permission Content” section, select the collections and/or specific resources you want to add to this group. The type-ahead feature will suggest collection or resource names to add. Simply click on them to add to the list.
Click “Save”. Your new permission group will now show in the “Permission Groups” management table. In here, you can search, enable/disable, edit or delete any permission group.
Screen Shot 2019-02-06 at 9.22.54 AM.png

How to give access to private resources to specific email domains?

To grant access to users in specific IP addresses or IP ranges in Aviary, go to “Permissions” and click on “Permission Groups”. This will open the Permission Groups management page. In here, you can add, edit or delete Permission Groups.
To create a new Permission Group, click on “Add Group”.
pasted image 0.png
Then, assign a Name to the group, and Permission Granted (View or Edit). You can also limit the Time Period in which the user will have access to the resources. By default, Time Period is set to “Ongoing”.
In the “Select Permission Type” dropdown menu select “Email domain”. This will display two new sections: “Domain”, where you can define the specific domain that will have access to the content; and “Permission Content”, where you can select the specific collections and/or resources these users will have access to.
In the “Domain” box, add the email domain. You can only add one email domain per permission group.
Screen Shot 2019-02-06 at 9.30.01 AM.png
In the “Permission Content” section, select the collections and/or specific resources you want to add to this group. The type-ahead feature will suggest collection or resource names to add. Simply click on them to add to the list.
Click “Save”. Your new permission group will now show in the “Permission Groups” management table. In here, you can search, enable/disable, edit or delete any permission group.
Screen Shot 2019-02-06 at 9.30.37 AM.png
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.