Groups Projects Ownership and Permissions Specification » History » Version 6
Peter Amstutz, 08/06/2014 11:00 PM
| 1 | 1 | Peter Amstutz | h1. Groups, Projects, Ownership and Permissions Specification |
|---|---|---|---|
| 2 | |||
| 3 | 3 | Peter Amstutz | h2. Permissions |
| 4 | |||
| 5 | 6 | Peter Amstutz | * There are four levels of permission, *none*, *can_read*, *can_write*, and *can_manage*. |
| 6 | ** *none* is the default state when there are no permission grants |
||
| 7 | *** the object should not be returned by any list query |
||
| 8 | *** direct queries of the object by uuid should return 404 Not Found. |
||
| 9 | *** Link objects require valid identifiers in @head_uuid@ or @tail_uuid@, so an attempt to create a Link that references an unreadable object will return an error indicating the object is not found |
||
| 10 | ** *can_read* grants read-only access to the record. Attempting to update the record returns an error. |
||
| 11 | 1 | Peter Amstutz | ** *can_write* permits changes to content (but not metadata) fields of the record. *can_write* also implies *can_read* |
| 12 | ** *can_manage* permits the user to create permission links with @head_uuid@ set to this object. *can_manage* also implies *can_write* and *can_read* |
||
| 13 | |||
| 14 | 6 | Peter Amstutz | h3. Questions |
| 15 | |||
| 16 | What level of permission is required to delete an Object? |
||
| 17 | 4 | Peter Amstutz | |
| 18 | 3 | Peter Amstutz | h2. Ownership |
| 19 | 1 | Peter Amstutz | |
| 20 | * All Arvados objects have an @owner_uuid@ field. Valid uuid types for @owner_uuid@ are "User" or "Group". |
||
| 21 | 4 | Peter Amstutz | * The User or Group specified by @owner_uuid@ has *can_manage* permission on that object. |
| 22 | 3 | Peter Amstutz | * If @owner_uuid@ of an object is a Group, then that object is a member of that group, and should be displayed as being contained within the owner Group. |
| 23 | ** A "Project" is a subtype of Group that indicates the group should be displayed in the "Projects" section of Workbench. |
||
| 24 | |||
| 25 | 5 | Peter Amstutz | h3. Questions |
| 26 | |||
| 27 | Moving an object from Group A to Group B implies changing the @owner_uuid@ field from Group A to Group B. |
||
| 28 | |||
| 29 | * What permission is required on the object itself to change the @owner_uuid@ field? |
||
| 30 | * What permission is required on Group A to change the object @owner_uuid@ field so it no longer points to Group A? This logically removes the object from Group A. |
||
| 31 | * What permission is required on Project B to set the object @owner_uuid@ field to Group B? This logically adds the object to Group B. |
||
| 32 | |||
| 33 | 1 | Peter Amstutz | h2. Permission links |
| 34 | 3 | Peter Amstutz | |
| 35 | 4 | Peter Amstutz | A link object with |
| 36 | 1 | Peter Amstutz | |
| 37 | 4 | Peter Amstutz | * @link_class@ "permission" |
| 38 | * @name@ one of *can_read*, *can_write* or *can_manage* |
||
| 39 | * @head_uuid@ of some Arvados object |
||
| 40 | * @tail_uuid@ of an User or Group |
||
| 41 | |||
| 42 | grants the @name@ permission for @tail_uuid@ accessing @head_uuid@ |
||
| 43 | |||
| 44 | 1 | Peter Amstutz | h2. Transitive permissions |
| 45 | 3 | Peter Amstutz | |
| 46 | * If a User *can_read* Group A, and Group A *can_read* group B, then User *can_read* Group B. |
||
| 47 | 4 | Peter Amstutz | * Permissions are narrowed to the least powerful permission on the path. |
| 48 | 3 | Peter Amstutz | ** If User *can_write* Group A, and Group A *can_read* Group B, then User *can_read* Group B. |
| 49 | ** If User *can_read* Group A, and Group A *can_write* Group B, then User *can_read* Group B. |