Re: [galaxy-dev] Fwd: Galaxy process

Tue, 15 Mar 2011 05:44:02 -0700 

Brad Chapman wrote:
> 
> > We made a decision when we implemented libraries that we would provide
> > fine grained security at the dataset level. The trade-off, obviously,
> > is that it takes time to check every dataset. Another approach to
> > solve this would be to not provide as fine-grained security, and have
> > security at the folder level rather than the dataset level. If this is
> > done, all dataset within a folder would be required to have the same
> > security. What are your thoughts on this approach?
> 
> This sounds like a very reasonable trade off. We go one further and 
> use Data Library level security, so everything within a library has 
> the same permissions, but I can definitely see how having the
> ability to control is at the folder level would be useful.

My suggestion would be a solution somewhere in the middle.  The ability
to have per-dataset permissions is something that I think we should
retain, but we could change our current policy of checking the
permissions of the entire library at every load.  Instead, it could work
like this:

  1. Check permissions on the library.
  2. Check permissions on the first level contents of the library.
  3. When a folder is expanded to show its contents, check the
     permissions of that folder's contents via AJAX.

The reason we didn't do this originally was to prevent folders from
showing up if a user didn't have permission to access any of the
datasets in that folder.  But this can be worked around by setting
access permission on the folder itself.

This is probably a fair amount of work, though, since it means not
loading subfolder contents at page load since we are not checking their
security until later.

--nate

> 
> Brad
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> 
>   http://lists.bx.psu.edu/
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/

Reply via email to