Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optimize permission lookups for a user #6467

Open
scolapasta opened this issue Dec 17, 2019 · 5 comments · May be fixed by #10906
Open

Optimize permission lookups for a user #6467

scolapasta opened this issue Dec 17, 2019 · 5 comments · May be fixed by #10906
Labels
Feature: Permissions FY25 Sprint 7 FY25 Sprint 7 (2024-09-25 - 2024-10-09) Size: 30 A percentage of a sprint. 21 hours. (formerly size:33)

Comments

@scolapasta
Copy link
Contributor

scolapasta commented Dec 17, 2019
edited by jggautier
Loading

When we recently added the ability to modify the "Host Dataverse" upon creating a dataverse / dataset, we ran into the "what dataverses does User x have Permission y on" challenge (in this case add dataverse/ dataset permission).

Because of how our permission system* works with groups, there is currently no straightforward way to start from the user and get the dataverses for which that user has a certain permission, without having to get all dataverses and check each one (though we mitigated some for this by filtering the list with an autocomplete and only checking a subset of all dataverses).

*if we ever allowed permissions to cascade from one dataverse to its child, that would also present a challenge

@landreev and I discussed at the time that it would be nice to be able to start from the user direction, so this issue is to track the investigation / solution for how to make that work.

related #784
@TaniaSchlatter TaniaSchlatter mentioned this issue Dec 17, 2019
Closed
@scolapasta
Copy link
Contributor Author

The basic idea here will be to create a simple method that takes in a user and a permission and returns a List of Dataverses. We'll want it in a performant way, so will want to query the db directly as much as possible. (for direct assignments easy, we also need to determine groups the user is in...)

@scolapasta scolapasta removed their assignment Nov 17, 2020
@djbrooke
Copy link
Contributor

djbrooke commented Nov 18, 2020
edited
Loading

  • Do we do something in MyData that we could leverage here? Not sure if we do, but let's check. MyData may not account for groups (or groups within groups)
  • Possible solution: get user, figure groups they are in, get list of roles for that user groups
  • What speed(s) should constitute success here? Some powerusers may take longer. Some benchmarking would be helpful here.
  • We've optimized the other way (object to user) so there may be something to be learned there

@sekmiller sekmiller self-assigned this Feb 10, 2021
@sekmiller sekmiller removed their assignment Feb 11, 2021
@scolapasta scolapasta self-assigned this Feb 12, 2021
This was referenced Jun 24, 2021
Closed
Closed
@mreekie mreekie removed the sz.Medium label Jan 11, 2023
@cmbz cmbz moved this to SPRINT- NEEDS SIZING in IQSS Dataverse Project Mar 14, 2024
@scolapasta scolapasta removed their assignment Mar 14, 2024
@cmbz cmbz added the Size: 10 A percentage of a sprint. 7 hours. label Mar 14, 2024
@cmbz
Copy link

cmbz commented Mar 14, 2024

2024/03/14

  • sized at 10 for investigation, might be larger. @scolapasta may have insight.

@cmbz cmbz moved this from SPRINT- NEEDS SIZING to SPRINT READY in IQSS Dataverse Project Mar 14, 2024
@sbarbosadataverse sbarbosadataverse mentioned this issue Apr 3, 2024
Open
@ekraffmiller ekraffmiller mentioned this issue Apr 30, 2024
Open
This was referenced Apr 30, 2024
Open
Open
@cmbz
Copy link

cmbz commented Aug 20, 2024

To focus on the most important features and bugs, we are closing issues created before 2020 (version 5.0) that are not new feature requests with the label 'Type: Feature'.

If you created this issue and you feel the team should revisit this decision, please reopen the issue and leave a comment.

@cmbz cmbz closed this as completed Aug 20, 2024
@scolapasta scolapasta reopened this Sep 25, 2024
@stevenwinship stevenwinship self-assigned this Sep 30, 2024
@stevenwinship stevenwinship moved this from SPRINT READY to In Progress 💻 in IQSS Dataverse Project Sep 30, 2024
@cmbz cmbz added the FY25 Sprint 7 FY25 Sprint 7 (2024-09-25 - 2024-10-09) label Oct 2, 2024
@stevenwinship stevenwinship added Size: 30 A percentage of a sprint. 21 hours. (formerly size:33) and removed Size: 10 A percentage of a sprint. 7 hours. labels Oct 3, 2024
@stevenwinship stevenwinship linked a pull request Oct 3, 2024 that will close this issue
Open
@stevenwinship stevenwinship removed their assignment Oct 3, 2024
@stevenwinship
Copy link
Contributor

@scolapasta @pdurbin @landreev
Is this API being called as a User with their credentials to get their accessible collections or is it being called by an Administrator?
The main reason for the ask is around IPgroups and ShibGroup. Neither of these would allow an admin to figure out the access since the user is not connected with an IP address or logged in with Shibboleth.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature: Permissions FY25 Sprint 7 FY25 Sprint 7 (2024-09-25 - 2024-10-09) Size: 30 A percentage of a sprint. 21 hours. (formerly size:33)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Optimize permission lookups for a user IQSS/dataverse
6 participants
@sekmiller @scolapasta @djbrooke @cmbz @stevenwinship @mreekie