[arvados] updated: 2.1.0-2787-g42b74d7df
git repository hosting
git at public.arvados.org
Thu Aug 25 19:48:23 UTC 2022
Summary of changes:
doc/api/permission-model.html.textile.liquid | 2 ++
1 file changed, 2 insertions(+)
via 42b74d7dfc9a3f49eef3af6fe3500acde2b9a6de (commit)
from e4c83a3ebe3b16c16f604b3b0968ce5600b7ab64 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 42b74d7dfc9a3f49eef3af6fe3500acde2b9a6de
Author: Tom Clegg <tom at curii.com>
Date: Thu Aug 25 15:47:43 2022 -0400
19269: Document that modifying a role requires can_manage.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>
diff --git a/doc/api/permission-model.html.textile.liquid b/doc/api/permission-model.html.textile.liquid
index faa160248..1b3b6bb86 100644
--- a/doc/api/permission-model.html.textile.liquid
+++ b/doc/api/permission-model.html.textile.liquid
@@ -103,6 +103,8 @@ A user can only read a container record if the user has read permission to a con
*can_manage* access to a user grants can_manage access to the user, _and everything owned by that user_ .
If a user A *can_read* role R, and role R *can_manage* user B, then user A *can_read* user B _and everything owned by that user_ .
+Modifying a role group requires *can_manage* permission (by contrast, *can_write* is sufficient to modify project groups and other object types).
+
h2(#system). System user and group
A privileged user account exists for the use by internal Arvados components. This user manages system objects which should not be "owned" by any particular user. The system user uuid is @{siteprefix}-tpzed-000000000000000 at .
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list