Authorization is a process of verifying the permissions of an authenticated user for particular elements (for example, functions or resources) of a system. In the dLibra system, there is a multi-level permission system which makes it easy for the administrators to manage the access of particular users (or user groups) to particular functions and resources of the system. The following permissions are assigned in the system:
- 9 kinds of administrative permissions – they are assigned at the level of the whole system (for example, the permission to manage users, the permission to manage collections, etc.);
- 7 kinds of directory permissions – they are assigned at the level of a particular directory (for example, the permission to list directory content, the permission to manage directory publications, etc.);
- 3 kinds of single publication permissions – they are permissions assigned to users at the level of a specific publication (access to published editions, access to all editions, and the management permission); and
- 1 permission at the level of collections – the possibility of assigning objects to a given collection.
There is also a permission inheritance mechanism, which facilitates the use of the permission system. Permissions are passed on both from parent to child objects (for example, sub-directories inherit some permissions from the directory they are in) and from user groups to the users of those groups. If a given permission includes other permissions (for example, the permission to manage a publication includes the permission to read and review that publication), then those included permissions do not have to be directly assigned – the assignment of the most general permission will be sufficient. In such a case, we say that the (general) permission implies other permissions (for example, the management permission implies the reading and reviewing permission).