On Tuesday 14 July 2009 17:42:16 Greg Von Kuster wrote:
On Tuesday 14 July 2009 15:25:47 you wrote:
Hello Ido,
All roles are required because of the complication of derived
Ido M. Tamir wrote: permissions for datasets that are produced from running jobs on different input datasets. Take, for example, two datasets, DatasetA, and DatasetB. Access to DatasetA requires a user to be associated with RoleA, and access to DatasetB with RoleB. It follows that DatasetAB ( created by running a tool with DatasetA and DatasetB as inputs ) should have both RoleA and RoleB associated for the access permission. However, if ANY associated role was sufficient, this would allow users who are only associated either RoleA OR RoleB to view data which was originally not accessible to them.
That is an important point. But if this is the best solution I am not sure yet - first I would like to get my data in, then I can think on the effects of combining them. Could you show me how I could solve the problem I presented in my previous e-mail without creating ad-hoc roles for every user combination? thank your very much, ido