id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,drp_resources,i_links,o_links,remaining_time,sprint 1794,Permissions : Define exceptions to standard group permissions (#1434),jamoore,jamoore,"As a follow-up to #1434, an attempt should be made to outline the ''exceptions'' to the group-security system that has been put in place. E.g. what objects cannot exist in only one group? Two examples have already shown up: * #1784 - scripts in the ""system"" group * #1791 - user photos in the ""user"" group ==Discussion Mar. 22 (Ola, Jean-Marie, Josh):== * the goal is a common-pot * the common-pot is an area to put objects which 1. should be seen by all users 1. can be linked to by all objects * possible objects for the common pot: ratings (1-5), tags, scripts (#1784) , user photos (#1791) * need to keep in mind uploading private scripts versus uploading public scripts * need method for uploading user photos * an alternative might be adding roles (""PUBLIC"", etc.) but this will need more investigation ==Questions:== * What does an '''owner''' of ""user"" group mean? * Do we need a parameters item to filter out the common-pot? * will these objects be allowed to have divergent permissions (not tied to the group) or is it even necessary since they have special handling? * would it be possible to use the ""WORLD"" flag? ==Decisions:== * move from using ""system"" and ""user"" group to only using ""user"" group for common-pot * only admins can add to the common pot (add methods where necessary) * we will wait on the parameter filter and decide on its need",task,closed,major,OMERO-Beta4.2,Security,4.1,fixed,,atarkowska jburel,,,,0,2010-03-19 (5)