Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
rdms:data:permissions [2026/01/14 14:21] – [Example: Permission Inheritance - Disabled] rephrasing giuliordms:data:permissions [2026/01/15 14:49] (current) – formatting giulio
Line 43: Line 43:
 **Important Note:** The RDMS considers a file or folder **new** if you **upload** it to the RDMS or if you **copy** it from an existing RDMS location. A file or folder is **not** considered **new** if you **move** it from an existing RDMS location. In this second case, you will need to manually modify the permissions on the file or folder. We recommend you verify the permissions assigned to a file or folder after you moved it to a new location, regardless of whether permission inheritance is enabled or disabled. **Important Note:** The RDMS considers a file or folder **new** if you **upload** it to the RDMS or if you **copy** it from an existing RDMS location. A file or folder is **not** considered **new** if you **move** it from an existing RDMS location. In this second case, you will need to manually modify the permissions on the file or folder. We recommend you verify the permissions assigned to a file or folder after you moved it to a new location, regardless of whether permission inheritance is enabled or disabled.
  
-To display things more easily, we decided to use the CLI client [[..:access:linux:icommands|iCommands]] in the screenshots below. Please note that the behavior of the RDMS regarding permission inheritance is the same if the user uploads their data another way (e.g. [[..:access:windows:cyberduck|Cyberduck]] or [[..:access:windows:winscp|WinSCP]]). If you use Cyberduck or WinSCP to upload data to the RDMS, you can check or adjust permission inheritance either via iCommands or via the RDMS web interface. +To display things more easily, we decided to use the CLI client [[..:access:linux:icommands|iCommands]] in the examples below. Please note that the behavior of the RDMS regarding permission inheritance is the same if the user uploads their data another way (e.g. [[..:access:windows:cyberduck|Cyberduck]] or [[..:access:windows:winscp|WinSCP]]). If you use Cyberduck or WinSCP to upload data to the RDMS, you can check or adjust permission inheritance either via iCommands or via the RDMS web interface. 
  
 <code> <code>
-The 'rdms-testers@rug.nl' user has an already existing folder in the home collection.  +This is the folder with enabled inheritance that we use as destination. Note the permissions set on this folder (the part after 'ACL'). 
-Please look to the 'ACL' entry to see which permission 'rdms-testers' has in this folder. +$ ils -A /rug/home/Test_Team/folder_with_inheritance 
-# In this case, the permission level is 'own'.+        ACL - teamdrive-owner@rug.nl#rug:own   rdms-testers@rug.nl#rug:modify_object   g:Test_Team#rug:modify_object    
 +        Inheritance - Enabled 
 + 
 +# First, we we will show what happens if we copy the folder to the destination with enabled inheritance 
 +$ icp -r folder_test /rug/home/Test_Team/folder_with_inheritance 
 + 
 +Checking the permission shows that the permission of the parent folder are applied/inherited. Reason: Copy counts as new  
 +data --> Inheritance is applied.  
 +$ ils -A /rug/home/Test_Team/folder_with_inheritance/folder_test 
 +/rug/home/Test_Team/folder_with_inheritance/folder_test: 
 +        ACL - teamdrive-owner@rug.nl#rug:own   rdms-testers@rug.nl#rug:modify_object   g:Test_Team#rug:modify_object    
 +        Inheritance - Enabled 
 + 
 +# Now, we look at the permission of the second folder that we want to copy/move to show the effect of inheritance
 +# In this case, it is only a single user (rdms-testers@rug.nl) who has 'own' access on the folder
 $  ils -A folder_test $  ils -A folder_test
 /rug/home/rdms-testers@rug.nl/folder_test: /rug/home/rdms-testers@rug.nl/folder_test:
Line 55: Line 69:
  
 # The folder is now moved to a RDMS destination with permission inheritance enabled. # The folder is now moved to a RDMS destination with permission inheritance enabled.
-# The 'ACL' entry for this folder is: 
-#       ACL - teamdrive-owner@rug.nl#rug:own   rdms-testers@rug.nl#rug:modify_object   g:Test_Team#rug:modify_object 
-# So other users have permissions in this folder and 'rdms-testers' does not have 'own', but write permission (modify_object). 
 $  imv folder_test /rug/home/Test_Team/folder_with_inheritance $  imv folder_test /rug/home/Test_Team/folder_with_inheritance
  
-# We list the details of the folder again. See the 'ACL' entry to verify the permission level of 'rdms-testers'+# We check now the permissions again. Even with enabled inheritance, the permissions of the original folder are kept. ReasonMoving data does not count as new data --> Inheritance is not applied. Note that only rdms-testers@rug.nl has own permission. These are the original permissions before the move!
-Even with enabled inheritance, the permissions of the original folder are kept.  +
-# MoveDoes not count as new data --> Inheritance is not applied.+
 $ ils -A /rug/home/Test_Team/folder_with_inheritance/folder_test $ ils -A /rug/home/Test_Team/folder_with_inheritance/folder_test
 /rug/home/Test_Team/folder_with_inheritance/folder_test: /rug/home/Test_Team/folder_with_inheritance/folder_test:
         ACL - rdms-testers@rug.nl#rug:own            ACL - rdms-testers@rug.nl#rug:own   
         Inheritance - Disabled         Inheritance - Disabled
- 
-# Now we will show what happens if we copy the folder to the destination with enabled inheritance.  
-$ icp -r folder_test /rug/home/Test_Team/folder_with_inheritance 
- 
-# We list the details of the folder a third time. See the 'ACL' entry to verify the permission level of 'rdms-testers'. 
-# Checking the permission now shows that the inherited permission of the parent folder are applied.  
-# Copy: Counts as new data --> Inheritance is applied.  
-$ ils -A /rug/home/Test_Team/folder_with_inheritance/folder_test 
-/rug/home/Test_Team/folder_with_inheritance/folder_test: 
-        ACL - teamdrive-owner@rug.nl#rug:own   rdms-testers@rug.nl#rug:modify_object   g:Test_Team#rug:modify_object    
-        Inheritance - Enabled 
 </code> </code>
  
Line 94: Line 92:
         Inheritance - Enabled         Inheritance - Enabled
  
-# The 'rdms-testers@rug.nl' user uploads a new file from the local system to the RDMS folder+# The 'rdms-testers@rug.nl' user uploads a new file from the local system to the RDMS folder.
 $ iput test.txt /rug/home/Test_Team/folder_with_inheritance   $ iput test.txt /rug/home/Test_Team/folder_with_inheritance  
  
-# See the 'ACL' entry to verify the permission level of 'rdms-testers' +# See the 'ACL' entry to verify the permission level of 'rdms-testers'. 
-# Permissions on the newly uploaded file show that it inherited the permission from the parent collection automatically+# Permissions on the newly uploaded file show that it inherited the permission from the parent collection automatically.
 $ ils -A /rug/home/Test_Team/folder_with_inheritance/test.txt $ ils -A /rug/home/Test_Team/folder_with_inheritance/test.txt
   /rug/home/Test_Team/folder_with_inheritance/test.txt   /rug/home/Test_Team/folder_with_inheritance/test.txt
Line 121: Line 119:
         Inheritance - Disabled         Inheritance - Disabled
  
-# The 'rdms-testers@rug.nl' user uploads a new file from the local system to the RDMS folder +# The 'rdms-testers@rug.nl' user uploads a new file from the local system to the RDMS folder.
 $ iput test.txt /rug/home/Test_Team/folder_without_inheritance   $ iput test.txt /rug/home/Test_Team/folder_without_inheritance  
  
-# See the 'ACL' entry to verify the permission level of 'rdms-testers' +# See the 'ACL' entry to verify the permission level of 'rdms-testers'. 
-# Permissions on the newly uploaded file show that it only has one permission: own for the uploading user+# Permissions on the newly uploaded file show that it only has one permission: 'ownfor the uploading user (creator).
 $ ils -A /rug/home/Test_Team/folder_without_inheritance/test.txt $ ils -A /rug/home/Test_Team/folder_without_inheritance/test.txt
   /rug/home/Test_Team/folder_without_inheritance/test.txt   /rug/home/Test_Team/folder_without_inheritance/test.txt