Bug #3908
closedreplication data user permission error
0%
Description
From Jing
I observed some error message during the replication from LTER to KNB:
Failed to write doc pisco_recruitment.314.1 into db because User does not have
permission to update of access rules for data file pisco_recruitment.120
[edu.ucsb.nceas.metacat.ReplicationHandler]
Metacat: [ERROR]: error to handle update doc in xml_documents in time
replicationUser does not have permission to update of access rules for data
file pisco_recruitment.120 [edu.ucsb.nceas.metacat.ReplicationHandler]
Metacat: [ERROR]: Error in Eml200SAXHanlder.handleOnlineUrlDataFile is User
does not have permission to update of access rules for data file
pisco_recruitment.120 [edu.ucsb.nceas.metacat.Eml200SAXHandler]
I think this is an issue ( which may NOT relative to Margaret's one). During
the replication, there no user login, so the user is null and it should have
all permission to write documents into the db. Obviously, this access control
rule was modified.
Related issues
Updated by ben leinfelder almost 16 years ago
looking into documents on LTER metacat:
pisco_recruitment.120 is a data file in the package pisco_recruitment.123.
There is an additionalMetadata element that specifies permissions for data 120:
additionalMetadata
|___text '\n '
|___element 'describes'
| |___text 'pisco_recruitment.120'
|___text '\n '
|___element 'access'
| | \___attribute 'authSystem' = 'ldap://ldap.ecoinformatics.org:389/dc=ecoinformatics,dc=org'
| | \___attribute 'order' = 'denyFirst'
| |___text '\n '
| |___element 'allow'
| | |___text '\n '
| | |___element 'principal'
| | | |___text 'public'
| | |___text '\n '
| | |___element 'permission'
| | | |___text 'read'
| | |___text '\n '
| |___text '\n '
| |___element 'allow'
| | |___text '\n '
| | |___element 'principal'
| | | |___text 'cn=data-managers,o=PISCOGROUPS,dc=ecoinformatics,dc=org'
| | |___text '\n '
| | |___element 'permission'
| | | |___text 'all'
| | |___text '\n '
| |___text '\n '
| |___element 'allow'
| | |___text '\n '
| | |___element 'principal'
| | | |___text 'cn=pisco-intertidal-write,o=PISCOGROUPS,dc=ecoinformatics,dc=org'
| | |___text '\n '
| | |___element 'permission'
| | | |___text 'all'
| | |___text '\n '
| |___text '\n '
|___text '\n'
Updated by ben leinfelder almost 16 years ago
looking at the error message again, and looking at the Ids involved:
i found EML doc "pisco_recruitment.123.1" that specifies access for data file "pisco_recruitment.120.1"
but the log message indicates that "pisco_recruitment.314.1" is trying to ALSO specify access for data file "pisco_recruitment.120.1"
Is this perhaps what the problem is?
Also note: I cannot find the eml file "pisco_recruitment.314.1" on the LTER server.
Updated by Jing Tao almost 16 years ago
Hi, ben. I think this is perhaps the issue: "pisco_recruitment.314.1" is trying to ALSO specify access for data file "pisco_recruitment.120.1"
Updated by Michael Daigle over 15 years ago
The replication system was getting a user from the post request for certain read operations. It should have ALL permissions. Added a "replication" user that has ALL permissions and use that user for all replication read and write calls.
Updated by Michael Daigle over 15 years ago
Note, the replication user was added to the SessionService (next to the public user) so that it is always logged in.