[ome-devel] SessionService

Munro, Ian i.munro at imperial.ac.uk
Wed May 7 12:34:17 BST 2014


Hi All

Just to clarify. We intend to have a workflow as follows:

1.       Acquire data on microscope machine, possibly multiple runs, each being possibly several GB in size
2.       On each day that data has been acquired, we will run a batch script that converts our raw data to OME-TIFFs (on the microscope machine) late in the evening e.g. 11pm
3.       As the final part of the conversion script, we would like the data to be uploaded to the remote OMERO server, owned by  the appropriate user and to a dataset that they selected.

The issue with this is that we can’t easily store a user’s username and password for use later in a security-conscious way that we’re aware of.

Ian

On 7 May 2014, at 11:18, Josh Moore <josh at glencoesoftware.com<mailto:josh at glencoesoftware.com>> wrote:


On May 6, 2014, at 4:21 PM, Mark Woodbridge wrote:

Hi,

Hi Mark,

We would like to schedule an overnight script that batch-converts some raw images into OME-TIFF and then uploads them to OMERO whist retaining their original ownership. All the users owning the images are in the same group.

In the past I have used the SessionService to run scripts on behalf of other users, and it works fine but requires the OMERO superuser password. Is there any way to create a superuser just for this group and restrict the users that it can impersonate?

Not yet, no. As a part of the "import-as" facility, we'd like to allow group owners and possibly other users the ability to perform such actions for someone else. This won't be ready for 5.0.2 though.


Or another means of using the Command Line Importer without sharing the main admin user's (or individual users') password(s)?

As a workaround until the above is done, you could use a very long-lived session per user, similar to an OAuth token:

 s.createSessionWithTimeouts(
     omero.sys.Principal("someuser", "user", "Task"),
     31 * 24 * 60 * 60 * 1000, 0)  # Usable for 1 month.

These would have to be manually renewed using the root password. Happy to help come up with a script to do that if you'd like.

OMERO.dropbox is maybe another option but we're using a network drive for our OMERO filesystem.

We're also looking into to making a "manual dropbox" which you could launch periodically, especially for network drives. But again, not ready for 5.0.2.

Mark.

All the best,
~Josh.
_______________________________________________
ome-devel mailing list
ome-devel at lists.openmicroscopy.org.uk<mailto:ome-devel at lists.openmicroscopy.org.uk>
http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-devel/attachments/20140507/e3aa0736/attachment.html>


More information about the ome-devel mailing list