airavata-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Christie (JIRA)" <>
Subject [jira] [Commented] (AIRAVATA-2710) How to assign owner of "everyone" group in Sharing Registry?
Date Thu, 05 Apr 2018 21:10:00 GMT


Marcus Christie commented on AIRAVATA-2710:

Another idea: instead of baking the everyone group into the Sharing Registry, it might be
easier and cleaner to have the Profile Service create and maintain the everyone group.  The
Profile Service already knows who the admin user of the gateway is (and creates that user
in Keycloak when a gateway is created), so if the Profile Service created the everyone group
it could assign the admin user as the owner.

So the idea is when a new gateway is created in the TenantProfileService, create an everyone
group through the GroupManagerService and make the admin user the owner. For this to work
the TenantProfileService will need to create the admin user in the Sharing Registry first,
currently the admin user only gets added when its UserProfile is created (since that sends
a new user event which the Sharing Registry listens to).

Then whenever a new user is created in the UserProfileService, add that user to the everyone
group through the GroupManagerService. Again, this means instead of relying on the event based
synchronization the UserProfileService will have to proactively create the user in the Sharing
Registry first.

The main drawback if you will is the age old problem of distributed transactions: what to
do if the calls to the Sharing Registry fail to create the user and add the user to the group?
 I'm not sure we have a good answer to that.

> How to assign owner of "everyone" group in Sharing Registry?
> ------------------------------------------------------------
>                 Key: AIRAVATA-2710
>                 URL:
>             Project: Airavata
>          Issue Type: Bug
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>            Priority: Major
> in AIRAVATA-2662 the "everyone" group is being added to the Sharing Registry.  A UserGroup
in the Sharing Registry must have a owner. This presents a problem, the "everyone" group cannot
be created until there is a user who can be the owner, but createUser should add each user
to the "everyone" group.
> For now the implementation of createUser creates the "everyone" group if it doesn't already
exist and makes this user the owner of the group.  That's less than ideal since the first
user of a domain ends up the owner of the "everyone" group.
> Here are some possible alternatives:
> * create a dummy admin user for the domain that is made the owner of the everyone group
> * allow groups to not have an owner (make the OWNER_ID column nullable on USER_GROUP)

This message was sent by Atlassian JIRA

View raw message