[ome-devel] SessionService

Mark Woodbridge m.woodbridge at imperial.ac.uk
Wed May 7 12:51:12 BST 2014 

Ok. That's fine. We can copy the files into per-user folders on a shared 
drive, and invoke the import script when complete. I don't mind storing 
the admin password on the server itself, so the import script can just 
create a session key for each user using the SessionService and use it 
to call the standalone command-line importer for each folder. When 
complete the files can be deleted.

Mark.


On 07/05/14 12:34, Munro, Ian wrote:
> Hi All
>
> Just to clarify. We intend to have a workflow as follows:
> 1.Acquire data on microscope machine, possibly multiple runs, each being
> possibly several GB in size
> 2.On each day that data has been acquired, we will run a batch script
> that converts our raw data to OME-TIFFs (on the microscope machine) late
> in the evening e.g. 11pm
> 3.As the final part of the conversion script, we would like the data to
> be uploaded to the remote OMERO server, owned by  the appropriate user
> and to a dataset that they selected.
> The issue with this is that we can’t easily store a user’s username and
> password for use later in a security-conscious way that we’re aware of.
>
> Ian
>
> On 7 May 2014, at 11:18, Josh Moore <josh at glencoesoftware.com
> <mailto:josh at glencoesoftware.com>> wrote:
>
>>
>> On May 6, 2014, at 4:21 PM, Mark Woodbridge wrote:
>>
>>> Hi,
>>
>> Hi Mark,
>>
>>> We would like to schedule an overnight script that batch-converts
>>> some raw images into OME-TIFF and then uploads them to OMERO whist
>>> retaining their original ownership. All the users owning the images
>>> are in the same group.
>>>
>>> In the past I have used the SessionService to run scripts on behalf
>>> of other users, and it works fine but requires the OMERO superuser
>>> password. Is there any way to create a superuser just for this group
>>> and restrict the users that it can impersonate?
>>
>> Not yet, no. As a part of the "import-as" facility, we'd like to allow
>> group owners and possibly other users the ability to perform such
>> actions for someone else. This won't be ready for 5.0.2 though.
>>
>>
>>> Or another means of using the Command Line Importer without sharing
>>> the main admin user's (or individual users') password(s)?
>>
>> As a workaround until the above is done, you could use a very
>> long-lived session per user, similar to an OAuth token:
>>
>>  s.createSessionWithTimeouts(
>>      omero.sys.Principal("someuser", "user", "Task"),
>>      31 * 24 * 60 * 60 * 1000, 0)  # Usable for 1 month.
>>
>> These would have to be manually renewed using the root password. Happy
>> to help come up with a script to do that if you'd like.
>>
>>> OMERO.dropbox is maybe another option but we're using a network drive
>>> for our OMERO filesystem.
>>
>> We're also looking into to making a "manual dropbox" which you could
>> launch periodically, especially for network drives. But again, not
>> ready for 5.0.2.
>>
>>> Mark.
>>
>> All the best,
>> ~Josh.
>> _______________________________________________
>> ome-devel mailing list
>> ome-devel at lists.openmicroscopy.org.uk
>> <mailto:ome-devel at lists.openmicroscopy.org.uk>
>> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel
>

More information about the ome-devel mailing list