[ome-devel] Group permissions

Josiah Johnston siah at nih.gov
Fri Jan 13 22:01:59 GMT 2006


On second thought, DO NOT APPLY THIS PATCH. It will make repositories 
hidden from non-priveledged users. I'll send a better fix as soon as I 
can.

-Josiah

On Jan 13, 2006, at 4:17 PM, Josiah Johnston wrote:

> It has recently come to our attention that the Group ownership have 
> not been set on ModuleExecutions. The outcome of this is that almost 
> all data in the DB other than images, datasets, and projects are 
> openly visible to anyone who can log into your system. This is because 
> the access control layer interprets a NULL group to mean open access. 
> I recently patched the code that creates ModuleExecutions, so all new 
> data will have appropriate group permissions set. Depending on your 
> sophistication of use, you may not notice this new behavior.
>
> Because the patch is simple and this error does not matter for most 
> people, we decided to publish the patch instead of wrapping it in a DB 
> upgrade script.
>
> If you would like to patch your DB, go to the command line, and type:
>
> psql ome
>
> then:
>
> BEGIN;
> UPDATE module_executions SET group_id = experimenters.group_id
> WHERE experimenters.attribute_id = module_executions.experimenter_id 
> AND
>       module_executions.group_id is NULL;
> COMMIT;
>
> It's a fast patch; it took less than a minute to update 6 months of 
> records on our production server.
>
> The background of this is described in Bug 618:
> 	http://bugs.openmicroscopy.org.uk/show_bug.cgi?id=618
>
> -Josiah
>
> _______________________________________________
> ome-devel mailing list
> ome-devel at lists.openmicroscopy.org.uk
> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel
>



More information about the ome-devel mailing list