Brad Chapman wrote: > > > We made a decision when we implemented libraries that we would provide > > fine grained security at the dataset level. The trade-off, obviously, > > is that it takes time to check every dataset. Another approach to > > solve this would be to not provide as fine-grained security, and have > > security at the folder level rather than the dataset level. If this is > > done, all dataset within a folder would be required to have the same > > security. What are your thoughts on this approach? > > This sounds like a very reasonable trade off. We go one further and > use Data Library level security, so everything within a library has > the same permissions, but I can definitely see how having the > ability to control is at the folder level would be useful.
My suggestion would be a solution somewhere in the middle. The ability to have per-dataset permissions is something that I think we should retain, but we could change our current policy of checking the permissions of the entire library at every load. Instead, it could work like this: 1. Check permissions on the library. 2. Check permissions on the first level contents of the library. 3. When a folder is expanded to show its contents, check the permissions of that folder's contents via AJAX. The reason we didn't do this originally was to prevent folders from showing up if a user didn't have permission to access any of the datasets in that folder. But this can be worked around by setting access permission on the folder itself. This is probably a fair amount of work, though, since it means not loading subfolder contents at page load since we are not checking their security until later. --nate > > Brad > ___________________________________________________________ > Please keep all replies on the list by using "reply all" > in your mail client. To manage your subscriptions to this > and other Galaxy lists, please use the interface at: > > http://lists.bx.psu.edu/ ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/