id summary reporter owner description type status priority milestone component resolution keywords cc rd_points sprint story_priority 8562 Separate annotate and edit WRITE permissions jamoore jamoore "see: https://www.openmicroscopy.org/site/community/minutes/minigroup/2012.03.12-groupperms After extensive discussion (see link above), it was to make the write permissions available per group more fine grained. Rather than just '''read-write''', there will be instead '''read-annotate''' and '''read-edit''' (in most usages, read-edit and read-write will be synonymous). The intended logic is: * in a '''read-only''' group, group members will still be able to create rendering defs and thumbnails for any object they can see. * in a '''read-annotate''' group, group members will be able to link annotations (and in the case of images, regions of interest) to any objects they can view * in a '''read-edit''' group, group members will be able to completely manage viewable data, including modifying and deleting it. All existing '''read-write''' groups will be downgraded to '''read-annotate''' during the database upgrade. Future changing of permissions should be relatively quick, though it should should '''warned''' that once a group is made '''read-annotate''' or '''read-edit''' and links are made between users, '''removing''' the group read permission could be either difficult or '''impossible''' with data cleaning." story accepted critical Permissions Security fixed omero-team@…