search

irods / irods_rule_engine_plugin_logical_quotas

BSD 3-Clause "New" or "Revised" License
1 stars 9 forks source link

CAT_NO_ACCESS_PERMISSION error when using LQ operations on a group collection #35

Closed mstfdkmn closed 2 years ago

mstfdkmn commented 3 years ago 
irods@irods$ irule -r irods_rule_engine_plugin-logical_quotas-instance '{"operation": "logical_quotas_start_monitoring_collection", "collection": "/tempZone/home/test"}' null ruleExecOut
remote addresses: 10.0.2.100 ERROR: rcExecMyRule error.  status = -1205000 RE_RUNTIME_ERROR
Level 0: cannot set metadata: Unknown error -818000

logs:

Feb 11 16:19:04 pid:135329 NOTICE: rsModAVUMetadata: rcModAVUMetadata failed
Feb 11 16:19:04 pid:135329 remote addresses: 10.0.2.100, ::1 ERROR: cannot set metadata: Unknown error -818000
Feb 11 16:19:04 pid:135329 remote addresses: 10.0.2.100, ::1 ERROR: rsExecMyRule : -1205000, [-]        /irods_plugin/src/handler.cpp:529:irods::error irods::handler::logical_quotas_count_total_number_of_data_objects(const std::string &, const irods::instance_configuration_map &, std::list<boost::any> &, irods::callback &) :  status [RE_RUNTIME_ERROR]  errno [] -- message [cannot set metadata: Unknown error -818000]
trel commented 3 years ago

What is a group collection?

Can you share the permissions on /tempZone/home/test?

$ ils -A /tempZone/home/test
mstfdkmn commented 3 years ago

A group collection is an irods group created by iadmin mkgroup test The permission is "own" only for the group/collection itself, not for the rodsadmin which you suspect/I think explains the error.

irods:/$ ils -A /tempZone/home/test
/tempZone/home/test:
        ACL - g:test#tempZone:own
        Inheritance - Disabled

As a rodsadmin the user "rods" cannot modify access to the group collection in this case the "test" because it is not member of the group yet.

irods:/$ ichmod own rods /tempZone/home/test
remote addresses: 10.0.2.100 ERROR: rcModAccessControl failure  status = -818000 CAT_NO_ACCESS_PERMISSION

After iadmin atg test rods, the user rods can modify by doing ichmod own rods /tempZone/home/test Then starts monitoring.

trel commented 3 years ago

Okay, so this is working as expected?

Or since logical quotas are defined and run only by admins (I think this is a true statement)... are we missing an ADMIN_KW somewhere? @korydraughn

trel commented 3 years ago

Need to make this run for rodsadmins without them having to manually update ACLs in the system.