Open trel opened 3 years ago
With 4.2.12, this can be resolved by connecting as the local rodsadmin user and using admin level privileges to modify metadata.
This solution doesn't require any modifications to queries, etc. This solution is also used in the logical quotas implementation.
We need to be careful of where the connection is made, else we can end up creating and tearing down connections frequently (i.e do not establish the connection in a loop).
When the scanner is querying for users to run the rule to assign the metadata to queue a data object for movement...
It is just returning the first user in the list, even if the user does not have write permission or greater on the data object that needs to have its AVU modified.
A workaround is to assign a query to the resource...
This works, but uses
DATA_OWNER_NAME
, which is the original uploader, who may no longer have permissions in the ACLs on the data object.A better way would be to ask for users who have enough permissions (greater than or equal to
modify object
).This returns users who have ACLs on the objects, who also have
modify_object
permission or greater (own
).