[ome-devel] Group permissions
Josiah Johnston
siah at nih.gov
Fri Jan 13 21:17:19 GMT 2006
It has recently come to our attention that the Group ownership have not
been set on ModuleExecutions. The outcome of this is that almost all
data in the DB other than images, datasets, and projects are openly
visible to anyone who can log into your system. This is because the
access control layer interprets a NULL group to mean open access. I
recently patched the code that creates ModuleExecutions, so all new
data will have appropriate group permissions set. Depending on your
sophistication of use, you may not notice this new behavior.
Because the patch is simple and this error does not matter for most
people, we decided to publish the patch instead of wrapping it in a DB
upgrade script.
If you would like to patch your DB, go to the command line, and type:
psql ome
then:
BEGIN;
UPDATE module_executions SET group_id = experimenters.group_id
WHERE experimenters.attribute_id = module_executions.experimenter_id AND
module_executions.group_id is NULL;
COMMIT;
It's a fast patch; it took less than a minute to update 6 months of
records on our production server.
The background of this is described in Bug 618:
http://bugs.openmicroscopy.org.uk/show_bug.cgi?id=618
-Josiah
More information about the ome-devel
mailing list