Uploaded image for project: 'StoRM'
  1. StoRM
  2. STOR-1600

WLCG scope "storage.modify" must grant stat permission

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Critical Critical
    • 1.12.0
    • 1.11.22
    • webdav
    • Security Level: Public (Visbile by non-authn users.)
    • None

      In order to avoid users to ask for read permissions in addiction to write ones just to check if a resource exists or not (that means granting stat permission), we need to review the 1-to-1 logic behind the storage.* matching with HTTP methods. Currently, each HTTP method requires a specific storage.* scope:

      • HEAD, OPTIONS, PROPFIND, GET require storage.read scope
      • PATCH, DELETE require storage.modify scope
      • PUT, MKCOL require storage.create scope if resource doesn't exist
      • PUT, MKCOL require storage.modify scope if resource exists

      In practice, removing the read permission for the HEAD method should fix all the problems.
      This task can be related to a more detailed review of this logic that must consider also the latency status of the resource (its online/nearline status).

            vianello Enrico Vianello
            vianello Enrico Vianello
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: