Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
C
caosdb-server
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
caosdb
Software
caosdb-server
Commits
7549a5ef
Commit
7549a5ef
authored
2 years ago
by
florian
Browse files
Options
Downloads
Patches
Plain Diff
DOC: Extend text on setting permissions
parent
619a50d7
No related branches found
No related tags found
1 merge request
!67
DRAFT: F permission docs
Pipeline
#26155
passed
2 years ago
Stage: info
Stage: test
Stage: deploy
Changes
1
Pipelines
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
src/doc/permissions.rst
+31
-3
31 additions, 3 deletions
src/doc/permissions.rst
with
31 additions
and
3 deletions
src/doc/permissions.rst
+
31
−
3
View file @
7549a5ef
...
@@ -36,6 +36,19 @@ A Permission Rule consists of:
...
@@ -36,6 +36,19 @@ A Permission Rule consists of:
priority = ``true`` override those without, see the calculation rules
priority = ``true`` override those without, see the calculation rules
below.
below.
There are two complementing types of permission rules that will be explained
below: transaction permissions and entity permissions.
.. _transaction-permissions:
Transaction permissions
***********************
.. _entity-permissions:
Entity permissions
******************
.. _Calculation:
.. _Calculation:
Permission calculation
Permission calculation
...
@@ -93,13 +106,28 @@ used for administration users and in no other case. So, ...
...
@@ -93,13 +106,28 @@ used for administration users and in no other case. So, ...
How to set permissions
How to set permissions
----------------------
----------------------
There are multiple ways to set transaction and entity permissions. The most
common and best tested way currently is to set global default entity permissions
in the ``global_entity_permissions.xml`` config file, and role-based transaction
permissions with the ``caosdb_admin.py`` `utility script
<https://gitlab.com/caosdb/caosdb-pylib/-/blob/main/src/caosdb/utils/caosdb_admin.py>`__
of CaosDB's Python library which is also used to `manage users and
roles <https://docs.indiscale.com/caosdb-pylib/administration.html>`__. Below you
find a more detailed description of the possible ways of setting permissions.
- **Config file:** Some default permissions are typically set in the
- **Config file:** Some default permissions are typically set in the
``global_entity_permissions.xml`` file, see also the `default file
``global_entity_permissions.xml`` file, see also the `default file
<https://gitlab.com/caosdb/caosdb-server/-/blob/main/conf/core/global_entity_permissions.xml>`__. Here,
<https://gitlab.com/caosdb/caosdb-server/-/blob/main/conf/core/global_entity_permissions.xml>`__. Here,
you can set the default permissions that every entity on the server has. Note
you can set the default permissions that every entity on the server has. The
that you can add more rules but you can never remove rules set in the
global default permissions can **only** be set in this file; all other ways
below can only change the permissions of individual entities. Note that you
can add more rules but you can never remove rules set in the
``global_entity_permissions.xml``. Thus, it might not be possible to overrule
``global_entity_permissions.xml``. Thus, it might not be possible to overrule
permissions defined here (see :ref:`Permission calculation<Calculation>`).
permissions defined here (see :ref:`Permission
calculation<Calculation>`). Note also that, as the name suggests, only
:ref:`entity permissions<entity-permissions>` can be set this way. The
role-based :ref:`transaction-permissions<transaction-permissions>` have to be
set with one of the other ways explained below.
- **API:** Both REST and GRPC API allow to set the permissions. This hasn't been
- **API:** Both REST and GRPC API allow to set the permissions. This hasn't been
documented properly yet, but for the GRPC API, `the specification
documented properly yet, but for the GRPC API, `the specification
<https://gitlab.com/caosdb/caosdb-proto/-/blob/main/proto/caosdb/acm/v1alpha1/main.proto>`__
<https://gitlab.com/caosdb/caosdb-proto/-/blob/main/proto/caosdb/acm/v1alpha1/main.proto>`__
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment