Feature #18277

Ability to make groups visible to all users

Added by Ward Vandewege about 2 months ago. Updated 11 days ago.

Status:
New
Priority:
Normal
Assigned To:
Category:
API
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
(Total: 0.00 h)
Story points:
-

Description

Need to be able to share with groups without having full read access to the group.

Ideas:

  1. New type of permission link that grants ability to see a group without traversing it
  2. Config option to make all 'role' groups visible without traversing them

Option 1 would allow us to generalize the annoying special case of read access on users (unlike groups, can_read on a user implies seeing the user but not traversing them).

Option 2 is simpler. It does require introducing a special case to the permission checks.

From discussion on Nov 23:

Consensus to do the easier solution (option 2).

Proposal:

New configuration option RoleGroupsVisibleToAll

When enabled, all Users are permitted to see role groups and share things with them.

Default value true, based on feedback, this is how users generally expect the system to work. Does not prevent us from supporting the a complex multi-tenant case (using option 1) in the future -- config option can be turned off.

Will be implemented by adding making role groups a special case within ArvadosModel#readable_by.

Must have at least one non-anonymous, active user in the list of users passed to readable_by.


Subtasks

Task #18475: ReviewNewLucas Di Pentima

History

#1 Updated by Peter Amstutz about 1 month ago

  • Description updated (diff)
  • Subject changed from Add config option (default off) to make all groups visible to all users to Ability to make groups visible to all users

#2 Updated by Peter Amstutz about 1 month ago

  • Description updated (diff)

#3 Updated by Peter Amstutz about 1 month ago

  • Description updated (diff)

#4 Updated by Peter Amstutz 12 days ago

  • Description updated (diff)

#5 Updated by Peter Amstutz 12 days ago

  • Description updated (diff)

#6 Updated by Peter Amstutz 12 days ago

  • Description updated (diff)

#7 Updated by Peter Amstutz 12 days ago

  • Description updated (diff)

#8 Updated by Peter Amstutz 12 days ago

  • Target version set to 2021-12-08 sprint

#9 Updated by Peter Amstutz 12 days ago

  • Category set to API

#10 Updated by Peter Amstutz 11 days ago

  • Description updated (diff)

#11 Updated by Peter Amstutz 11 days ago

  • Assigned To set to Tom Clegg

Also available in: Atom PDF