Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
rdms:data:permissions [2023/05/11 14:26] – Correct behaviour of 'write' vs 'own' jelterdms:data:permissions [2024/11/15 14:59] (current) – [Inheritance] Correction for inheritance jelte
Line 1: Line 1:
 ====== Permissions and Inheritance====== ====== Permissions and Inheritance======
  
-Within the RDMS, there are four levels of **permissions** or user privileges to files and folders.+Within the RDMS, we support **four levels of permissions** or user privileges to files and folders that can be defined by the users. 
 + 
 +In an order of ascending privileges, these permissions are 'Null', 'Read', 'Read/Write' and 'Own'
 + 
 +Please see the following table for a summary of what these different permissions allow within the RDMS: 
 + 
 +^  Permission Level      ^  Read        Modify          ^   Create New     Delete     Share   ^ 
 +|  **Null**    |  {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}}       {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}}  |   {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}}  |  {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}}    {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}}        | 
 +|  **Read**    |  {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}}       {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}}  |   {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}}  |  {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}}    {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}}        | 
 +|  **Write**  |  {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}}      {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}}    {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}}  |  {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}}    {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}}        | 
 +|  **Own**    |  {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}}      {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}}    {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}}  |  {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}}    |  {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}}   | 
 + 
 + 
 +And for a more detailed explanation of what this permissions mean: 
  
 **Own**: The user owns the data object (file) or the collection (folder) and has the full permission on reading, modifying (including deletion), and sharing. **Own**: The user owns the data object (file) or the collection (folder) and has the full permission on reading, modifying (including deletion), and sharing.
Line 9: Line 22:
 **Read**: The user can only read the object or its content. This also allows to make a (editable) copy of the file/folder. **Read**: The user can only read the object or its content. This also allows to make a (editable) copy of the file/folder.
  
-**None**: The user does not have any permission on the object. One can use 'none' when removing the previously assigned permissions to a user. When you are the owner of an object and accidentally set your own permissions to 'none', you will internally still remain the owner and you can recover your privileges by again assigning another permission level+**Null**: The user does not have any permission on the object. One can use 'none' when removing the previously assigned permissions to a user. **Important**: If you accidentally remove your own permissions, you will no longer be able to restore them even if you were the original owner of the object
  
 **Important Note** **Important Note**
  
-  * While 'write' permissions allow to create new objects and modify existing ones, it does not allow for the deletion of objects +  * While 'write' permissions allow to create new objects and modify existing ones, it does not allow for the deletion of objects 
 +  * Previously, it was possible to restore your own permissions to an object, if you were owner of the object before. With the new update of the iRODS system, this is no longer possible. 
  
 ===== Inheritance ===== ===== Inheritance =====
Line 19: Line 33:
 Inheritance means that the permissions set on a collection/folder are also propagated to its subfolders and files. Also, with activated inheritance, newly created files and folder inherit the permission of the main folder.  Inheritance means that the permissions set on a collection/folder are also propagated to its subfolders and files. Also, with activated inheritance, newly created files and folder inherit the permission of the main folder. 
  
-By default, permission inheritance is active within the RDMS, but it can also be disabled on a per folder/collection basis. +By default, permission inheritance is active within the RDMS for [[rdms:solution:team|RDMS Team Drives]] and [[rdms:solution:projects|RDMS Projects]], but it can also be disabled on a per folder/collection basis. 
 Users who decide to disable permission inheritance should be aware that this means that permissions on all (sub)folders and files have to be set individually.  Users who decide to disable permission inheritance should be aware that this means that permissions on all (sub)folders and files have to be set individually. 
  
 Also, it should be noted that it is also possible to modify user permissions on specific subfolders or files when permission inheritance is activated on the main folder.  Also, it should be noted that it is also possible to modify user permissions on specific subfolders or files when permission inheritance is activated on the main folder.