[ome-devel] Group permissions

Josiah Johnston siah at nih.gov
Fri Jan 13 21:17:19 GMT 2006


It has recently come to our attention that the Group ownership have not 
been set on ModuleExecutions. The outcome of this is that almost all 
data in the DB other than images, datasets, and projects are openly 
visible to anyone who can log into your system. This is because the 
access control layer interprets a NULL group to mean open access. I 
recently patched the code that creates ModuleExecutions, so all new 
data will have appropriate group permissions set. Depending on your 
sophistication of use, you may not notice this new behavior.

Because the patch is simple and this error does not matter for most 
people, we decided to publish the patch instead of wrapping it in a DB 
upgrade script.

If you would like to patch your DB, go to the command line, and type:

psql ome

then:

BEGIN;
UPDATE module_executions SET group_id = experimenters.group_id
WHERE experimenters.attribute_id = module_executions.experimenter_id AND
       module_executions.group_id is NULL;
COMMIT;

It's a fast patch; it took less than a minute to update 6 months of 
records on our production server.

The background of this is described in Bug 618:
	http://bugs.openmicroscopy.org.uk/show_bug.cgi?id=618

-Josiah



More information about the ome-devel mailing list