Provides a graphical user interface to edit XACML policies for objects in a repository or collection.
Latest commit cc0cdc5 Dec 15, 2016 @dannylamb dannylamb committed on GitHub Merge pull request #132 from jonathangreen/ISLANDORA-1869
Failed to load latest commit information.
.github Address ISLANDORA-1616; Take avantage of new GitHub functionality and… Mar 17, 2016
api Minor POLICY DS fixes. Sep 23, 2015
build Put build number back in Doxyfile Mar 23, 2013
css Coding standards, hook_implementations related to ONTIME-319. Apr 18, 2013
includes Added warning to let users know the potential side affects of changin… Sep 19, 2015
.gitattributes Added .gitattributes Aug 12, 2011
.gitignore Updated tests for coding standards. Apr 18, 2013
.travis.yml ISLANDORA-1869 Dec 8, 2016 Hitting ISLANDORA-1610 ISLANDORA-1577 and ISLANDORA-1570 Feb 18, 2016
LICENSE.txt Address ISLANDORA-1104 Oct 18, 2014 Update Sep 11, 2015
TODO.txt Update TODO. Jul 23, 2013
build.xml apparently this stuff is case-sensitive Nov 13, 2013
islandora_xacml_editor.api.php Refine query hook implementation based upon code review. Jan 9, 2014 adjusted path Apr 14, 2014
islandora_xacml_editor.install Move those variables to the right module. Sep 25, 2014
islandora_xacml_editor.module ISLANDORA-1753 maintain user selection on 'child collection form' for… Jul 15, 2016

Islandora XACML Editor Build Status


The Islandora XACML Editor provides a graphical user interface to edit XACML policies for objects in a repository or collection. It adds a new tab to each collection called Child Policy and a tab to each item called Item Policy, where permissions can be set on a per User or per Role basis for:

  • Object Management: Controls who can set XACML policies for an object/collection.
  • Object Viewing: Controls who can view an object/collection.
  • Datastreams and MIME types: Controls who can view datastreams by DSID and MIME type.


This module requires the following modules/libraries:


Install as usual, see this for further information.


Fedora Configuration

It may be desirable--and in fact necessary for some modules--to disable/remove one of the default XACML policies which denies any interactions with the POLICY datastream to users without the "administrator" role.

This policy is located here: $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/deny-policy-management-if-not-administrator.xml

Solr Searching Hook

In order to comply with XACML restrictions placed on objects, a hook is used to filter results that do not conform to a searching user's roles and name. This hook will not function correctly if the Solr fields for ViewableByUser and ViewableByRole are not defined correctly as they are set in the XSLT. These values can be set through the admin page for the module.



The XACML editor hooks into ingesting through the interface. When a child is added through the interface, the parent's POLICY will be applied if one exists.

If XACML policies are written or edited by hand, it may result in unexpected behaviour.


Further documentation for this module is available at our wiki.


Having problems or solved a problem? Check out the Islandora google groups for a solution.


Current maintainers:


If you would like to contribute to this module, please check out In addition, we have helpful Documentation for Developers info, as well as our Developers section on the site.