Task #5933 (new)
Opened 13 years ago
Last modified 13 years ago
LIM: Data access by not-in-group user
Reported by: | atarkowska | Owned by: | jamoore |
---|---|---|---|
Priority: | critical | Milestone: | Unscheduled |
Component: | Security | Version: | n.a. |
Keywords: | n.a. | Cc: | saloynton, jburel, cxallan |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description (last modified by atarkowska)
Once user imported the data in context of current active group, those data is no longer transferable to other contexts. Because Omero allows free user transfer between groups then user might end up with the situation of "loosing" the data (data is still in the system but no longer visible for the owner). Similar problem can be faced by admins (member of group "system"). That user should be able to access every single object created in the system regardless which group is a member of.
Questions:
- How ex-member of the group could access his own data while is no longer a member of the group?
- How admin could access the data if is not a member of group?
Solutions:
- Ability to create session in particular context of a group
Change History (2)
comment:1 Changed 13 years ago by atarkowska
- Description modified (diff)
comment:2 Changed 13 years ago by jmoore
- Cc jburel cxallan added
- Milestone changed from OMERO-Beta4.3.1 to Unscheduled
After some discussion (Jean-Marie, Chris, Josh), the impact of this is quite large. Pushing to "Unscheduled" for more evaluation.