[ome-devel] Group permissions
Josiah Johnston
siah at nih.gov
Fri Jan 13 22:01:59 GMT 2006
On second thought, DO NOT APPLY THIS PATCH. It will make repositories
hidden from non-priveledged users. I'll send a better fix as soon as I
can.
-Josiah
On Jan 13, 2006, at 4:17 PM, Josiah Johnston wrote:
> It has recently come to our attention that the Group ownership have
> not been set on ModuleExecutions. The outcome of this is that almost
> all data in the DB other than images, datasets, and projects are
> openly visible to anyone who can log into your system. This is because
> the access control layer interprets a NULL group to mean open access.
> I recently patched the code that creates ModuleExecutions, so all new
> data will have appropriate group permissions set. Depending on your
> sophistication of use, you may not notice this new behavior.
>
> Because the patch is simple and this error does not matter for most
> people, we decided to publish the patch instead of wrapping it in a DB
> upgrade script.
>
> If you would like to patch your DB, go to the command line, and type:
>
> psql ome
>
> then:
>
> BEGIN;
> UPDATE module_executions SET group_id = experimenters.group_id
> WHERE experimenters.attribute_id = module_executions.experimenter_id
> AND
> module_executions.group_id is NULL;
> COMMIT;
>
> It's a fast patch; it took less than a minute to update 6 months of
> records on our production server.
>
> The background of this is described in Bug 618:
> http://bugs.openmicroscopy.org.uk/show_bug.cgi?id=618
>
> -Josiah
>
> _______________________________________________
> ome-devel mailing list
> ome-devel at lists.openmicroscopy.org.uk
> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel
>
More information about the ome-devel
mailing list