[ARVADOS] updated: 1.3.0-2691-g95e79c507
Git user
git at public.arvados.org
Thu Jun 18 16:16:47 UTC 2020
Summary of changes:
doc/admin/upgrading.html.textile.liquid | 2 +-
doc/api/permission-model.html.textile.liquid | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
via 95e79c507c74ee2364a01b82c771495b91a6de0d (commit)
from 65e39827a56cab30d7c9fe526c5cfc23e5e930e8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 95e79c507c74ee2364a01b82c771495b91a6de0d
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Thu Jun 18 12:15:57 2020 -0400
16007: note about sharing with anonymous users, and renaming roles
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/doc/admin/upgrading.html.textile.liquid b/doc/admin/upgrading.html.textile.liquid
index 10877ec75..547a3419f 100644
--- a/doc/admin/upgrading.html.textile.liquid
+++ b/doc/admin/upgrading.html.textile.liquid
@@ -55,7 +55,7 @@ Some constraints on the permission system have been added, in particular @role@
# The @group_class@ field must be either @role@ or @project at . Invalid group_class are migrated to @role at .
# A @role@ cannot own things. Anything owned by a role is migrated to a @can_manage@ link and reassigned to the system user.
# Only @role@ and @user@ can have outgoing permission links. Permission links originating from projects are deleted by the migration.
-# A @role@ is always owned by the system_user. When a group is created, it creates a @can_manage@ link for the object that would have been assigned to @owner_uuid at . Migration adds @can_manage@ links and reassigns roles to the system user. This also has the effect of requiring that all @role@ groups have unique names on the system.
+# A @role@ is always owned by the system_user. When a group is created, it creates a @can_manage@ link for the object that would have been assigned to @owner_uuid at . Migration adds @can_manage@ links and reassigns roles to the system user. This also has the effect of requiring that all @role@ groups have unique names on the system. If there is a name collision during migration, roles will renamed to ensure they are unique.
# A permission link can have the permission level (@name@) updated but not @head_uuid@, @tail_uuid@ or @link_class at .
The @arvados-sync-groups@ tool has been updated to reflect these constraints, so it is important to use the version of @arvados-sync-groups@ that matches the API server version.
diff --git a/doc/api/permission-model.html.textile.liquid b/doc/api/permission-model.html.textile.liquid
index f6878c0c9..7f1052129 100644
--- a/doc/api/permission-model.html.textile.liquid
+++ b/doc/api/permission-model.html.textile.liquid
@@ -100,7 +100,9 @@ A privileged user account exists for the use by internal Arvados components. Th
h2. Anoymous user and group
-An Arvados site may be configured to allow users to browse resources without requiring a login. In this case, permissions for non-logged-in users are associated with the "anonymous" user. To make objects visible to the public, they can be shared with the "anonymous" role. The anonymous user uuid is @{siteprefix}-tpzed-anonymouspublic at . The anonymous group uuid is @{siteprefix}-j7d0g-anonymouspublic at .
+An Arvados site may be configured to allow users to browse resources without requiring a login. In this case, permissions for non-logged-in users are associated with the "anonymous" user. To make objects visible to anyone (both logged-in and non-logged-in users), they can be shared with the "anonymous" role. Note that objects shared with the "anonymous" user will only be visible to non-logged-in users!
+
+The anonymous user uuid is @{siteprefix}-tpzed-anonymouspublic at . The anonymous group uuid is @{siteprefix}-j7d0g-anonymouspublic at .
h2. Example
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list