Bug #1236

enhancement to metacat: overall access controls

Added by David Kaplan almost 17 years ago. Updated about 15 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


I am submitting this bug to archive discussions we have been having regarding
access priviledges to the entire metacat system. Basically, I would like to (1)
allow write access and the ability to create new EML documents to only a subset
of the authenticated users, i.e. to an LDAP group/user and (2) provide the name
of a LDAP user or group that always has full priviledges on all documents, i.e.
a sysadmin type priviledge.

I envision a special access list that would be stored in the database that
contained access priviledges for the entire metacat system. This document could
set all the same type of priviledges that you can set in a normal ACL document
associated with a package, but they would apply to all documents before applying
the documents own ACL list. The owner of this special ACL list would be a
user/group specified in the config file and this would essentially create an
admin user/group.

I haven't looked at the code, but this might not be that difficult to implement
considering that you already have to do the same sort of access control on
updates with the package ACL document. You could just consider it a
concatenation of priviledges, although you might have to take care that the user
can never overide overall access controls in his document's ACL list. If not,
it could just be another level of checking before taking any action.


#1 Updated by Saurabh Garg about 15 years ago

Following access controls added in Metacat:

1. Administrators
2. User allowed to submit
3. User not allowed to submit

Closing the bug.

#2 Updated by Matt Jones about 15 years ago

Changed milestone to properly reflect its release.

#3 Updated by Redmine Admin over 7 years ago

Original Bugzilla ID was 1236

Also available in: Atom PDF