karlcz
commented
7 years ago This is something we can worry about later this summer after the ERMrest fine-grained ACLs support lands.
Closed karlcz closed 7 years ago
karlcz
commented
7 years ago This is something we can worry about later this summer after the ERMrest fine-grained ACLs support lands.
BDemps
commented
7 years ago I think as long as the curators are you, me, and Zhuowei this should be fine. Pretty much everyone else should be read only. Do you think this makes sense?
karlcz
commented
7 years ago This policy is in pilot evaluation now
BDemps
commented
7 years ago So just you, Zhuowei and I have permission to delete? I'm gonna get an undergrad to sign in today and see if I can delete a dummy thing.
On Jul 19, 2017 1:53 PM, "Karl Czajkowski" notifications@github.com wrote:
This policy is in pilot evaluation now
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_informatics-2Disi-2Dedu_synspy_issues_24-23issuecomment-2D316513900&d=DwMCaQ&c=clK7kQUTWtAVEOVIgvi0NU5BOUHhpN0H8p7CSfnc_gI&r=Lssj6JKak_DaRnExGYcKnQ&m=wMa8wiRLKgaQOuGvJFuZQxqojnFTmxvr8euccuMkBxc&s=AzHnqJWHBEhFnhFbvgV1HfI9z4V69w7W4By0Y2QdTxo&e=, or mute the thread https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AbQSt7pIWHFBfJ3-5FPnSSoXf3qZQb66bmks5sPmzGgaJpZM4Nu0rE&d=DwMCaQ&c=clK7kQUTWtAVEOVIgvi0NU5BOUHhpN0H8p7CSfnc_gI&r=Lssj6JKak_DaRnExGYcKnQ&m=wMa8wiRLKgaQOuGvJFuZQxqojnFTmxvr8euccuMkBxc&s=gWaXi6MIV6B_jxWk6ysPGe2I5zbqvpMB0cwRGIUz8dE&e= .
karlcz
commented
7 years ago On Jul 19, BDemps modulated:
So just you, Zhuowei and I have permission to delete? I'm gonna get an undergrad to sign in today and see if I can delete a dummy thing.
Right, whoever is in the curator group has full reign.
Everyone else should be read-only except for limited ability to update existing Image Region records for which they are the Classifier.
Given this upgrade to policies, server, and client tools, please verify that the student can use the launcher and that new results are actually captured properly! We don't want them doing too much work and finding out their efforts are discarded due to configuration problems...
karl
BDemps
commented
7 years ago Captured properly meaning that segments that are selected as truth are actually retained when you exit?
On Jul 19, 2017 3:33 PM, "Karl Czajkowski" notifications@github.com wrote:
On Jul 19, BDemps modulated:
So just you, Zhuowei and I have permission to delete? I'm gonna get an undergrad to sign in today and see if I can delete a dummy thing.
Right, whoever is in the curator group has full reign.
Everyone else should be read-only except for limited ability to update existing Image Region records for which they are the Classifier.
Given this upgrade to policies, server, and client tools, please verify that the student can use the launcher and that new results are actually captured properly! We don't want them doing too much work and finding out their efforts are discarded due to configuration problems...
karl
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_informatics-2Disi-2Dedu_synspy_issues_24-23issuecomment-2D316538466&d=DwMFaQ&c=clK7kQUTWtAVEOVIgvi0NU5BOUHhpN0H8p7CSfnc_gI&r=Lssj6JKak_DaRnExGYcKnQ&m=tvte1d1Tdg0hI-KUFck-H_FaTPgSpxTpccLO7QXCk-4&s=GH6zxLw9rZtSEwGU5238bjZtQ-mag4Fz6zgsUdKs8_E&e=, or mute the thread https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AbQSt-5FVrwmXs6pINzS2L1-5FtwXtSQbUQbks5sPoQZgaJpZM4Nu0rE&d=DwMFaQ&c=clK7kQUTWtAVEOVIgvi0NU5BOUHhpN0H8p7CSfnc_gI&r=Lssj6JKak_DaRnExGYcKnQ&m=tvte1d1Tdg0hI-KUFck-H_FaTPgSpxTpccLO7QXCk-4&s=8VaKojKzTDqWKP3xi0q2oe1IIEkelsOuIMOPPMCRODw&e= .
karlcz
commented
7 years ago Yes, verify the whole cycle works and that new work isn't lost.
karlcz
commented
7 years ago Bill confirmed out of band that launcher task results are saved properly for the less privileged user role.
Divide the current equivalence class of trusted users into more fine-grained permissions:
@BDemps are there any other differentiated access control policies you think would matter in the short term? Is there a need for any read-only groups or even more limited ability to read some catalog info and not others?