Project

General

Profile

Actions
Copy link

Feature #16571

open

Permission system supports seeing & sharing with a group without having access to group contents.

Added by Peter Amstutz almost 4 years ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
-
Target version:
Future
Story points:
-
Release:
Postponed
Release relationship:
Auto

Description

Customer has curators who are not admins who need to share data they manage with other groups. They need to be able to see those groups to select them without being able to see the other group's contents.

It already works this way for Users (you can see a user without gaining access to the things the user owns) but there isn't a way to achieve this behavior for groups

Some ideas:

  • Workaround: create a fake user, grant can_manage, people share with the fake user
  • New group_class that has the desired behavior
  • "view" permission with new semantics (can view group record but follow any of its links)
  • permission links specify separate permission levels for record and traversal: can read/write/manage record, can gain read/write/manage by traversing record
  • "can_use_permissions" and "can_list_members" with new semantics #15372

Related issues

Related to Arvados - Idea #15372: Revise group permissions to separate them from permissions on managed objectsNewActions
Related to Arvados Epics - Idea #16445: Expand permission systemNewActions
Actions
Copy link

Also available in: Atom PDF