You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Development/v4.x/backend/authorization.md
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -46,7 +46,7 @@ The permissions in the vanilla installation provides a set of user groups which
46
46
|| Users are allowed to create and update datablocks for datasets belonging to one of their group | DatasetDatablockCreateOwn , DatasetDatablockReadOwn , DatasetDatablockUpdateOwn |
47
47
|| Users can view the logbook of the datasets that belong to one of their group | DatasetLogbookReadOwn |
48
48
|||
49
-
| CREATE_DATASET_PRIVILEGED_GROUPS | Users of the listed groups can create datasets for any group, but can only modify datasets belong to one of the group they belong to. They are allowed to specify pids for new datasets. This settings are suggessted for ingestion functional accounts | DatasetCreateAll , DatasetReadOwn , DatasetUpdateOwn |
49
+
| CREATE_DATASET_PRIVILEGED_GROUPS | Users of the listed groups can create datasets for any group, but can only modify datasets belong to one of the group they belong to. They are allowed to specify pids for new datasets. This settings are suggested for ingestion functional accounts | DatasetCreateAll , DatasetReadOwn , DatasetUpdateOwn |
50
50
|| Users are allowed to perform all operations on attachments for datasets belonging to one of their group | DatasetAttachmentCreateOwn , DatasetAttachmentReadOwn , DatasetAtatchementUpdateOwn , DatasetAttachmentDeleteOwn |
51
51
|| Users are allowed to create origdatablocks for any datasets, but can only update them for datasets belonging to one of their group | DatasetOrigdatablockCreateAny , DatasetOrigdatablockReadOwn , DatasetOrigdatablockUpdateOwn |
52
52
|| Users are allowed to create and update datablocks for datasets belonging to one of their group | DatasetDatablockCreateOwn , DatasetDatablockReadOwn , DatasetDatablockUpdateOwn |
Copy file name to clipboardExpand all lines: Development/v4.x/backend/authorization/authorization_jobs.md
+10-9Lines changed: 10 additions & 9 deletions
Original file line number
Diff line number
Diff line change
@@ -64,11 +64,11 @@ Any positive match will result in the user acquiring _JobCreate_ endpoint author
64
64
|_#all_|_#all_| any user can access this endpoint, both anonymous and authenticated |_#all_| Any user can create this instance of the job |
65
65
|_#datasetPublic_|_#all_| any user can access this endpoint, both anonymous and authenticated |_#datasetPublic_| the job instance will be created only if all the datasets listed are __public__|
66
66
|_#authenticated_|_#user_| any valid users can access the endpoint, independently from their groups |_#user_| any valid users can create this instance of the job |
67
-
|_#datasetAccess_|_#user_| any valid user can access this endpoint, independently from their groups|_#datasetAccess_| the job instance will be created only if the user has access to all the datasets listed |
68
-
|_#datasetOwner_|_#user_| any valid user can access this endpoint, independently from their groups|_#datasetOwner_| the job instance will be created only if the user is part of all the datasets' owner group |
69
-
|__*@GROUP*__|__*GROUP*__|only users that belongs to the specified group can access the endpoint|__*GROUP*__| the job instance will be created only if the user belongs to the group specified |
70
-
|__*USER*__|__*USER*__|only the specified user can access the endpoint |__*USER*__| the job instance can be created only by the user indicated |
71
-
67
+
|_#datasetAccess_|_#all_| any user can access this endpoint, both anonymous and authenticated|_#datasetAccess_| the job instance will be created only if the specified user group or otherwise any of the user's groups has access to all the datasets listed |
68
+
|_#datasetOwner_|_#all_| any user can access this endpoint, both anonymous and authenticated|_#datasetOwner_| the job instance will be created only if the specified user group or otherwise any of the user's groups is part of all the datasets' owner group |
69
+
|__*@GROUP*__|_#all_|any user can access this endpoint, both anonymous and authenticated|__*GROUP*__| the job instance will be created only if the user belongs to the group specified |
70
+
|__*USER*__|_#all_|any user can access this endpoint, both anonymous and authenticated |__*USER*__| the job instance can be created only by the user indicated |
71
+
| #jobAdmin | #all | any user can access this endpoint, both anonymous and authenticated |_#jobAdmin_| the job instance can be created by users of ADMIN_GROUPS and CREATE_JOB_PRIVILEGED only |
72
72
__IMPORTANT__: use option _#all_ carefully, as it allows anybody to create a new job. It is mostly used for debugging and testing.
73
73
74
74
#### Job Update Authorization Table
@@ -78,10 +78,11 @@ Any positive match will result in the user acquiring _JobUpdate_ endpoint autho
|_#all_|_#all_| any user can access this endpoint, both anonymous and authenticated |_#all_| Any user can update this job instance |
81
-
|_#jobOwnerUser_|_#user_| authenticated user can access the endpoint |_#jobOwnerUser_| only the user that is listed in field _ownerUser_ can perform the update |
82
-
|_#jobOwnerGroup_|_#user_| authenticated user can access the endpoint |_#jobOwnerGroup_| any user that belongs to the group listed in field _ownerGroup_ can perform the update |
83
-
|__*@GROUP*__|__*GROUP*__| only users that belong to the specified group can access the endpoint |__*GROUP*__| the job can be updated only by users who belong to the group specified |
84
-
|__*USER*__|__*USER*__| only the specified user can access the endpoint |__*USER*__| the job can be updated only by the user indicated |
81
+
|_#jobOwnerUser_|_#user_| any user can access this endpoint, both anonymous and authenticated |_#jobOwnerUser_| only the user that is listed in field _ownerUser_ can perform the update |
82
+
|_#jobOwnerGroup_|_#user_| any user can access this endpoint, both anonymous and authenticated |_#jobOwnerGroup_| any user that belongs to the group listed in field _ownerGroup_ can perform the update |
83
+
|__*@GROUP*__|__*GROUP*__| any user can access this endpoint, both anonymous and authenticated |__*GROUP*__| the job can be updated only by users who belong to the group specified |
84
+
|__*USER*__|__*USER*__| any user can access this endpoint, both anonymous and authenticated |__*USER*__| the job can be updated only by the user indicated |
85
+
| #jobAdmin | #all | any user can access this endpoint, both anonymous and authenticated |_#jobAdmin_| the job instance can be created by users of ADMIN_GROUPS and UPDATE_JOB_PRIVILEGED only |
85
86
86
87
__IMPORTANT__: use option _#all_ carefully, as it allows anybody to update the job. It is mostly used for debugging and testing.
0 commit comments