Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ACL minimization or filtering #27

Open
karlcz opened this issue May 17, 2016 · 0 comments
Open

ACL minimization or filtering #27

karlcz opened this issue May 17, 2016 · 0 comments
Assignees
Labels

Comments

@karlcz
Copy link
Contributor

karlcz commented May 17, 2016

@ljpearlman @carlkesselman @bugacov @hongsudt @akumar03

In our projects that use the "subtree" ACL modes for Hatrac, it seems we could simplify our ACLs stored in the DB. By storing fewer ACLs, we will have some performance benefit but more importantly it will be easier to review or export large object stores in the future and understand which ACLs are truly significant if there are not many redundant ones generated by every resource creation event.

I am wondering if any of these should be new modes of Hatrac either all the time, by configuration switches, and/or by new query parameters:

  1. When creating resources, don't set the resource-level "owner" ACL to the requesting client if they already are granted owner-level privileges due to a "subtree-owner" ACL in an ancestor node of the resource hierarchy. Just leave the resource-level ownership blank.
  2. When managing ACLs via REST API, apply the same optimization to skip or prune "redundant" entries.
  3. Reject removal of a subtree-owner ACL entry if it would orphan any descendent resources.

In past projects, we've even seen a need for even more controlled rights. These might also be served by new deployment settings. For example, the whole store is governed by a curator class and regular clients can do more limited data operations but do not gain full ownership-level rights even on resources they created, meaning a curator may need to be involved to adjust policies or retract content. For example, you might be able to use chunked upload to create an object but once it is created, you can only read it and only the curator can remove it or reassign it to another consumer.

@karlcz karlcz self-assigned this Jul 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant