Project

General

Profile

Actions

Bug #17073

open

Permission links originating from users should only update that user

Added by Peter Amstutz about 4 years ago. Updated 10 months ago.

Status:
New
Priority:
Normal
Assigned To:
Category:
API
Target version:
Story points:
-
Release:
Release relationship:
Auto

Description

The incremental permission updates presently operates on the principal that for each target_uuid included in the result, it returns every user with permission to that target_uuid. Because it is exhaustive, permissions are removed for any user/target combination not in the result set.

When a permission link is being added, this strategy can lead to unnecessary work, because it returns permission rows for users that already had permission. It should be possible for "permission added" operations to compute only new permissions and merge the results.

When a permission is changed or removed, we don't know if some or all users still have permission via some other path, so we probably have to continue the current behavior which recomputes permissions for users of the selected targets.

When a permission link originates at a user, the permission change can only affect permissions for that specific user. In this case, the update should recompute permissions for only that user.


Subtasks 1 (1 open0 closed)

Task #17089: ReviewNewLucas Di PentimaActions

Related issues 1 (1 open0 closed)

Related to Arvados Epics - Idea #16445: Expand permission systemNewActions
Actions

Also available in: Atom PDF