You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@airavata.apache.org by "Marcus Christie (JIRA)" <ji...@apache.org> on 2018/08/13 20:54:00 UTC

[jira] [Commented] (AIRAVATA-2866) Remove write access to projects from the group based auth migration script

    [ https://issues.apache.org/jira/browse/AIRAVATA-2866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16578897#comment-16578897 ] 

Marcus Christie commented on AIRAVATA-2866:
-------------------------------------------

Ran following in our dev environment:
{code:sql}
MariaDB [sharing_catalog]> delete from SHARING where ENTITY_ID in (select ENTITY_ID from ENTITY where ENTITY_TYPE_ID = 'seagrid:PROJECT') and GROUP_ID = 'Admin_Users_dc813afe-d39d-4eb9-8723-0e46357a582d' and DOMAIN_ID = 'seagrid';

MariaDB [sharing_catalog]> delete from SHARING where ENTITY_ID in (select ENTITY_ID from ENTITY where ENTITY_TYPE_ID = 'seagrid:PROJECT') and GROUP_ID = 'Read_Only_Admin_Users_38ef7c60-bd89-476e-9e36-3491e02c296b' and DOMAIN_ID = 'seagrid';

delete from SHARING where ENTITY_ID in (select ENTITY_ID from ENTITY where ENTITY_TYPE_ID = 'scigap:PROJECT') and GROUP_ID = 'Read_Only_Admin_Users_7c33a791-f4c1-4210-a110-dce84dac6653';

delete from SHARING where ENTITY_ID in (select ENTITY_ID from ENTITY where ENTITY_TYPE_ID = 'scigap:PROJECT') and GROUP_ID = 'Admin_Users_546376b4-d50a-425d-9964-d4dfd5159a07';

MariaDB [sharing_catalog]> delete from SHARING where ENTITY_ID in (select ENTITY_ID from ENTITY where ENTITY_TYPE_ID = 'default:PROJECT') and GROUP_ID = 'Read_Only_Admin_Users_b9beda12-d42c-4034-80e0-bc1ca82dd742';

MariaDB [sharing_catalog]> delete from SHARING where ENTITY_ID in (select ENTITY_ID from ENTITY where ENTITY_TYPE_ID = 'default:PROJECT') and GROUP_ID = 'Admin_Users_f479c6f9-2d74-4585-b21e-c975cbee4aae';

MariaDB [sharing_catalog]> delete from SHARING where ENTITY_ID in (select ENTITY_ID from ENTITY where ENTITY_TYPE_ID = 'AccordGateway:PROJECT') and GROUP_ID = 'Admin_Users_671725ad-c3f2-4415-a145-dd1a4310bef3';

MariaDB [sharing_catalog]> delete from SHARING where ENTITY_ID in (select ENTITY_ID from ENTITY where ENTITY_TYPE_ID = 'AccordGateway:PROJECT') and GROUP_ID = 'Read_Only_Admin_Users_6e1ac312-7a99-4a22-adb2-98cc1774526a';

{code}

> Remove write access to projects from the group based auth migration script
> --------------------------------------------------------------------------
>
>                 Key: AIRAVATA-2866
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2866
>             Project: Airavata
>          Issue Type: Story
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>            Priority: Major
>
> Admins don't need read or write access to users projects so that can be removed. It is cluttering up the list of projects for admin users.
> TODO
> * [x] Remove admin access from the sharing database (manual, one-time thing)
> * [ ] Remove sharing projects with admins in the data migration script
> * [ ] Remove sharing projects with admins in API server



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)