Granting Access with Credentials and Access Permissions

The first step in granting access to a user is to create that user in the Users tab.

The second step is to assign a credential to that user. Once a credential is assigned to the user, they should have the right permissions and access levels to collections and the Independent Media Items. If they are missing access to something, chances are there's a setting that needs to be fixed in the credential or the access permissions.

About Credentials

A credential is assigned to a user. The settings in a credential determine:

 

  • Allow export for LUNA Viewer
  • Allow My Uploads for LUNA Viewer
  • List of allowed file extensions for LUNA Viewer and LUNA Library
  • Ability to create, edit or delete templates in the Collection Manager
  • Ability to create, or delete collections in the Collection Manager (editing collection properties is collection specific and granting this permission is handled using an Access Permission as explained below).
  • Access to LUNA Administrator
  • Access to LUNA Publisher

You can create as many credentials as needed, and assign them to your users. You will always have an "Anonymous User" credential. This credential is automatically assigned to any user that registers an account with the LUNA Viewer. Typically this credential is for users who are mainly accessing the LUNA Viewer.

Anonymous credential (1 of 3 defaults in LUNA)

Use the Anonymous credential to make collections available to your audience without requiring a user to login. This credential is also automatically assigned to users who register an account via the LUNA Viewer. A user with this credential will not have access to any of the other tools in the LUNA suite and will not be able to export images or use My Uploads in the Viewer. Typically, the collection(s) you assign to this credential will be associated with the “restricted” access permission.

Good for granting public access to your collections.


Local Users credential (1 of 3 defaults in LUNA)

Use the Local Users credential to make collections available to general users at your institution. A user with this credential will not have access to any of the other tools in the LUNA suite, but they will be able to export images and use My Uploads in the Viewer. Typically, the collection(s) you assign to this credential will be associated with the “general” access permission which allows users to export images up to size 5 (up to 3072 pixels on long side).

Good for students, staff, researchers.


Administrator credential (1 of 3 defaults in LUNA)

Use the Administrator credential for administrators of the LUNA system and any users authorized to create and manage user accounts and settings. A user with this credential will have full access to all the tools in the LUNA suite. Typically, the collection(s) you assign to this credential will be associated with the “admin” access permission which grants the highest level of permissions.

Good for administrators of the LUNA system and collections within LUNA.


Customized credential (sample)

Say you want to create a credential for a user whose responsibility it is to create and manage collections & data templates. You can design a custom credential that allows for access to the Viewer and Collection Manager while restricting access to the Administrator. Check create, edit and delete under the Templates settings and check create and delete under the collections settings to grant the appropriate permissions in the Collection Manager. Note, the permission to allow “editing” of a collection is set in the access permission. In this same credential, you’ll also grant access to export images and use My Uploads in the Viewer. Typically, the collection(s) you assign to this credential will be associated with the “admin” access permission or a customized access permission.

Good for visual resource librarians, faculty, curators.

 

About Access Permissions


LUNA comes with a set of 5 default access permissions which you can choose from or you can create your own by clicking "Add Access Permission.” You may create as many as you like this way. You may edit the default 5 if you like as well.

Access permissions are added to a credential. The credential grants permission to certain LUNA tools and features, while an access permission pertains only to a specific collection and what a user can do with that collection. For each collection you have added, you can create 1 or more access permissions that you can assign in the Credentials tab to the different credentials to set they kind of access they have to the collection.

Without an access permission a user cannot gain access to a collection in order to create, edit, or view it.

Default Access Permissions:

When a collection is made 5 default access permissions are created. You can think of these as representing different roles, from admin to restricted. So all you have to do is pick one of the 5 access permissions for a collection and add it to the credential. The settings for these 5 default access permissions are:

Dimensions for LUNA sizes 0-8:

LUNA SizesDimensions
Size 0

up to 96 pixels on long side

Size 1up to 192 pixels on long side
Size 2up to 384 pixels on long side
Size 3up to 768 pixels on long side
Size 4up to 1536 pixels on long side
Size 5up to 3072 pixels on long side
Size 6up to 6144 pixels on long side
Size 7up to 12288 pixels on long side
Size 8up to 24576 pixels on long side

Access permissions allow you to grant a specific set of privileges to the Viewer, Library and Collection Manager for an individual collection.

Restricted

Use the restricted access permission for view-only access to a collection in the Viewer. It allows you to restrict the collection down to the most basic level, limiting viewing resolution in the Viewer to size 5 (up to 3072 pixels on long side). No access granted to the Library settings and editing a collection in the Collection Manager.

General

Use the general access permission for limited access to a collection in the Viewer and read-only access in the Library. This access permission allows image export of up to size 5 (up to 3072 pixels on long side) and the highest viewing resolution in the Viewer.

Cataloger

Use the cataloger access permission for extended access to a collection in the Viewer and Library. This access permission allows, collection level annotations, image export of up to size 5 (up to 3072 pixels on long side) in the Library and Viewer and the highest viewing resolution in the Viewer. It includes add, edit and save privileges for records and media items in the Library. It also allows add, edit and delete privileges for authorities as well as data export in the Library. Deleting records and media items is restricted with this access permission.


Publisher

Use the publisher access permission for full access to a collection in the Viewer and Library. It includes image export of JP2K and source image in the Viewer and Library, as well as delete privileges for records and media items in the Library.


Admin
 

Use the admin access permission for full access to a collection in the Viewer and Library and ability to edit and save changes to a collection in the Collection Manager (including editing of the data schema for a collection).



Editing Access Permissions

There are 2 ways to edit an access permission.

  1. Go into the Access Permissions tab, highlight the one you wish to edit and click on "Edit Selected".
  2. While in the credential click on "Edit" for the access permission you wish to edit.

Tip: Since you can't edit the name of an access permission, simply create a new one if you need a name different than the default name created.

 

 

Note: Authorities are the only feature that are not automatically assigned to an access permission. By default a collection creator will have permission to read, add, edit, delete authorities. For all other users you'll need to manually assign the permission to the access permission for the collection.

Although users are able to upload any images they like, they will not be able to save the text they enter into the "Title", "Description", and "Copyright" fields if the credential they are assigned does not have write access for "Independent media Items" access permission in the Administrator section. The "Save media Details" button will not actually work until you add write access for the credential.

Examples

Example 1: "Anonymous User" credential.

As explained above, you will always have an "Anonymous User". This is the default credential and is the one automatically assigned to users who register an account via the LUNA Viewer. Typically this credential is used only to grant access to specific collections in the LUNA Viewer.

In this credential (based on image below) the anonymous user will be able to:

Example 2: Collection Administrator credential

In this credential (based on image below) the user will be able to:

*General and Admin are profiles defined in the Access Permissions tab.