Task #1769 (new)
Opened 14 years ago
Last modified 14 years ago
Permissions : Handle admin/PI viewing/annotating in private group — at Version 4
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | major | Milestone: | OMERO-Beta4.2 |
Component: | Security | Version: | 4.1 |
Keywords: | n.a. | Cc: | atarkowska, jburel |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description (last modified by jmoore)
This ticket is a part of #1434
A system or group administrator who views or attempts to annotate data belonging in a private or non-member group may break group-based security settings for the owner.
Options:
- make objects belong to admins public
- -1 since objects would appear as disembodied hands for non-owners.
- make annotations/rendering settings/thumbnails belong to the owner (or the group in the case of a shared group which the admin is not a member of))
- -1 since objects would suddenly appear to the owner as his/her own.
- make the session read-only (with special handling for rendering settings and thumbnails)
- ?
- add a flag or other marker to allow user-reading of such data.
- Dicussion: an "AsAdmin" flag would mark any object which was created via admin privilege, so that when a PI annotates in a shared group, there is no flag but in a private group, there is. Then if the PI-user is removed as an owner or the admin is removed from the "system" group, the object would still be marked as special.
- Would need special handling on down- (and up-?) grades of permissions.
- Is this identical to making public above?
- ???
Change History (4)
comment:1 Changed 14 years ago by jmoore
- Description modified (diff)
comment:2 Changed 14 years ago by jmoore
- Description modified (diff)
comment:3 Changed 14 years ago by jmoore
- Description modified (diff)
comment:4 Changed 14 years ago by jmoore
- Description modified (diff)
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.