Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Give the users in "auth.administrators" the member node admin privileges #1816

Closed
taojing2002 opened this issue Feb 29, 2024 · 4 comments
Closed

Give the users in "auth.administrators" the member node admin privileges #1816

taojing2002 opened this issue Feb 29, 2024 · 4 comments
Assignees
@doulikecookiedough
Milestone
3.0.0

Comments

@taojing2002
Copy link
Contributor

Now the users on dataone.subject have the member node admin privileges, such as delete, reindex. We decided that users in auth.administrators should have the same privileges besides configuring Metacat instances.

Matthew said they had now. But this morning, I found they didn't when I test the MN.delete method.
@taojing2002 taojing2002 added this to the 3.0.0 milestone Feb 29, 2024
@artntek
Copy link
Contributor

artntek commented Feb 29, 2024

Matthew said they had now. But this morning, I found they didn't when I test the MN.delete method.

I think this was a misunderstanding - what I meant was, the code already adds dataone.subject to the auth.administrators list at runtime. This means that dataone.subject would then have the same privileges as the auth admins currently do, but it appears the reverse is not true.

@taojing2002
Copy link
Contributor Author

taojing2002 commented Feb 29, 2024 via email

@doulikecookiedough
Copy link
Contributor

This has been completed via: Feature-1816: Metacat Admin MN Privileges (auth.administrators)

@doulikecookiedough
Copy link
Contributor

This has been completed via Feature-1816: Metacat Admin MN Privileges (auth.administrators) - Resolve Broken Tests. Note: The previous PR left MNodeAccessControlTest and CNodeAccessControlTest in a failing state due to null values relating to a session and its related subject values. This has been resolved by first checking for a valid session before attempting to check for authorization as a Local Node Admin, CN Admin or a Metacat Admin. Additionally, new junit tests were added.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@doulikecookiedough doulikecookiedough

Labels
None yet
Projects
None yet
Milestone
3.0.0
Development

No branches or pull requests
3 participants
@taojing2002 @doulikecookiedough @artntek