Project

General

Profile

Bug #3908

replication data user permission error

Added by Michael Daigle about 11 years ago. Updated about 11 years ago.

Status:
Resolved
Priority:
Immediate
Category:
metacat
Target version:
Start date:
03/19/2009
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
3908

Description

From Jing

I observed some error message during the replication from LTER to KNB:
Failed to write doc pisco_recruitment.314.1 into db because User does not have
permission to update of access rules for data file pisco_recruitment.120
[edu.ucsb.nceas.metacat.ReplicationHandler]
Metacat: [ERROR]: error to handle update doc in xml_documents in time
replicationUser does not have permission to update of access rules for data
file pisco_recruitment.120 [edu.ucsb.nceas.metacat.ReplicationHandler]
Metacat: [ERROR]: Error in Eml200SAXHanlder.handleOnlineUrlDataFile is User
does not have permission to update of access rules for data file
pisco_recruitment.120 [edu.ucsb.nceas.metacat.Eml200SAXHandler]

I think this is an issue ( which may NOT relative to Margaret's one). During
the replication, there no user login, so the user is null and it should have
all permission to write documents into the db. Obviously, this access control
rule was modified.


Related issues

Blocked by Metacat - Bug #3906: Can't read files whose names are a pathResolved03/19/2009

History

#1 Updated by ben leinfelder about 11 years ago

looking into documents on LTER metacat:
pisco_recruitment.120 is a data file in the package pisco_recruitment.123.
There is an additionalMetadata element that specifies permissions for data 120:
additionalMetadata |___text '\n ' |___element 'describes' | |___text 'pisco_recruitment.120' |___text '\n ' |___element 'access' | | \___attribute 'authSystem' = 'ldap://ldap.ecoinformatics.org:389/dc=ecoinformatics,dc=org' | | \___attribute 'order' = 'denyFirst' | |___text '\n ' | |___element 'allow' | | |___text '\n ' | | |___element 'principal' | | | |___text 'public' | | |___text '\n ' | | |___element 'permission' | | | |___text 'read' | | |___text '\n ' | |___text '\n ' | |___element 'allow' | | |___text '\n ' | | |___element 'principal' | | | |___text 'cn=data-managers,o=PISCOGROUPS,dc=ecoinformatics,dc=org' | | |___text '\n ' | | |___element 'permission' | | | |___text 'all' | | |___text '\n ' | |___text '\n ' | |___element 'allow' | | |___text '\n ' | | |___element 'principal' | | | |___text 'cn=pisco-intertidal-write,o=PISCOGROUPS,dc=ecoinformatics,dc=org' | | |___text '\n ' | | |___element 'permission' | | | |___text 'all' | | |___text '\n ' | |___text '\n ' |___text '\n'

#2 Updated by ben leinfelder about 11 years ago

looking at the error message again, and looking at the Ids involved:
i found EML doc "pisco_recruitment.123.1" that specifies access for data file "pisco_recruitment.120.1"
but the log message indicates that "pisco_recruitment.314.1" is trying to ALSO specify access for data file "pisco_recruitment.120.1"
Is this perhaps what the problem is?
Also note: I cannot find the eml file "pisco_recruitment.314.1" on the LTER server.

#3 Updated by Jing Tao about 11 years ago

Hi, ben. I think this is perhaps the issue: "pisco_recruitment.314.1" is trying to ALSO specify access for data file "pisco_recruitment.120.1"

#4 Updated by Michael Daigle about 11 years ago

The replication system was getting a user from the post request for certain read operations. It should have ALL permissions. Added a "replication" user that has ALL permissions and use that user for all replication read and write calls.

#5 Updated by Michael Daigle about 11 years ago

Note, the replication user was added to the SessionService (next to the public user) so that it is always logged in.

#6 Updated by Redmine Admin about 7 years ago

Original Bugzilla ID was 3908

Also available in: Atom PDF