This is an object-specific policy. It could be stored inside the demo:5 digital object in the POLICY datastream OR in the directory for object-specific policies. (The directory location is set in the Authorization module configuration in the Fedora server configuration file (fedora.fcfg). By using multiple policy Rules, this policy shows how to deny access to all raw datastreams in the object except to particular users (e.g., the object owners). It also shows how to deny access to a particular disseminations to selected user roles. demo:5 urn:fedora:names:fedora:2.1:action:id-getDatastreamDissemination testuser1 testuser2 fedoraAdmin demo:5 getHigh demo:5 getVeryHigh urn:fedora:names:fedora:2.1:action:id-getDissemination student professor administrator