How to set default permission for object created by specific action?

[link89]

Hi, I have a question about permission of object.

I have create a create sample anction named Substance, and I hope that all samples created by this action should be able to read by everyone, or at least of a specific group. Is there an option to make it? Thank you.

[FlorianRhiem]

Hey @link89,

not really, each user controls the permissions for their objects, so when an object is created, the creating user's default permissions are applied (or they can chose to instead give permissions to a group they are a member of or copy the permissions from an existing object). There are a few possible workarounds:

• Users could set their default permissions to allow everyone (or that group) to view their objects. This solution has the drawback of requiring user action, so user error may occur. Also it would apply to all created objects.
• You could assign the action to an instrument and put the users from that group into the list of instrument scientists. This is a rather "dirty" solution, as it'd be visible in the UI and the users would also get grant permissions, not just read permissions.
• You could write a script that uses an admin bot account to set the permissions appropriately, by checking for new objects for that action and giving users from that group read permissions. This would introduce a slight delay (e.g. up to 10 minutes if you use a cronjob to run that script every 10 minutes) but is otherwise probably the cleanest solution.

[link89]

I see. I think that would be a popular scenario to allow object created by specific actions to be public. For example, the reason we create a Substance action is to maintain a table of all kinds of substances, which includes their name, formula, CAS number, etc, so that other object can just reference them. It would be great to allow such objects to be public by default.

[FlorianRhiem]

I can see why this would be useful for such a use case. I think something like this might be useful as an additional option for the initial permissions settings when creating an object (so that users can disable it if they want, but it'd be checked by default for actions with this setting), but as the permissions system is rather complex and this feature would need to be intuitively understandable for users, I'll have to see how to best implement this. Until then, I suggest you use one of the workarounds.

[FlorianRhiem]

If you use the current development version (e.g. by using the sciapp/sampledb:develop Docker image), there is a new checkbox when creating an object, that will grant read permissions to all signed-in users in addition to the default permissions:

Also, there is now a checkbox when creating or editing actions, which allows you to set the default for that checkbox:

So if you check that box for your action, all signed-in users will get read permissions by default for objects created with that action.