Skip to content
Snippets Groups Projects
Commit 7549a5ef authored by florian's avatar florian
Browse files

DOC: Extend text on setting permissions

parent 619a50d7
No related branches found
No related tags found
1 merge request!67DRAFT: F permission docs
Pipeline #26155 passed
...@@ -36,6 +36,19 @@ A Permission Rule consists of: ...@@ -36,6 +36,19 @@ A Permission Rule consists of:
priority = ``true`` override those without, see the calculation rules priority = ``true`` override those without, see the calculation rules
below. below.
There are two complementing types of permission rules that will be explained
below: transaction permissions and entity permissions.
.. _transaction-permissions:
Transaction permissions
***********************
.. _entity-permissions:
Entity permissions
******************
.. _Calculation: .. _Calculation:
Permission calculation Permission calculation
...@@ -93,13 +106,28 @@ used for administration users and in no other case. So, ... ...@@ -93,13 +106,28 @@ used for administration users and in no other case. So, ...
How to set permissions How to set permissions
---------------------- ----------------------
There are multiple ways to set transaction and entity permissions. The most
common and best tested way currently is to set global default entity permissions
in the ``global_entity_permissions.xml`` config file, and role-based transaction
permissions with the ``caosdb_admin.py`` `utility script
<https://gitlab.com/caosdb/caosdb-pylib/-/blob/main/src/caosdb/utils/caosdb_admin.py>`__
of CaosDB's Python library which is also used to `manage users and
roles <https://docs.indiscale.com/caosdb-pylib/administration.html>`__. Below you
find a more detailed description of the possible ways of setting permissions.
- **Config file:** Some default permissions are typically set in the - **Config file:** Some default permissions are typically set in the
``global_entity_permissions.xml`` file, see also the `default file ``global_entity_permissions.xml`` file, see also the `default file
<https://gitlab.com/caosdb/caosdb-server/-/blob/main/conf/core/global_entity_permissions.xml>`__. Here, <https://gitlab.com/caosdb/caosdb-server/-/blob/main/conf/core/global_entity_permissions.xml>`__. Here,
you can set the default permissions that every entity on the server has. Note you can set the default permissions that every entity on the server has. The
that you can add more rules but you can never remove rules set in the global default permissions can **only** be set in this file; all other ways
below can only change the permissions of individual entities. Note that you
can add more rules but you can never remove rules set in the
``global_entity_permissions.xml``. Thus, it might not be possible to overrule ``global_entity_permissions.xml``. Thus, it might not be possible to overrule
permissions defined here (see :ref:`Permission calculation<Calculation>`). permissions defined here (see :ref:`Permission
calculation<Calculation>`). Note also that, as the name suggests, only
:ref:`entity permissions<entity-permissions>` can be set this way. The
role-based :ref:`transaction-permissions<transaction-permissions>` have to be
set with one of the other ways explained below.
- **API:** Both REST and GRPC API allow to set the permissions. This hasn't been - **API:** Both REST and GRPC API allow to set the permissions. This hasn't been
documented properly yet, but for the GRPC API, `the specification documented properly yet, but for the GRPC API, `the specification
<https://gitlab.com/caosdb/caosdb-proto/-/blob/main/proto/caosdb/acm/v1alpha1/main.proto>`__ <https://gitlab.com/caosdb/caosdb-proto/-/blob/main/proto/caosdb/acm/v1alpha1/main.proto>`__
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment