UtrechtUniversity
[FEATURE] Group ACLs
Is your feature request related to a problem? Please describe.
Yoda v.1.9.0
Collections and data objects belonging to a group have the following ACLs
ACL - g:read-<group_name>#<zone>:read object g:research-<group_name>#<zone>:own
Inheritance - Enabled
This results in any member of the research-<group_name> to be able to modify any other member's (meta)data.
Describe the solution you'd like
ACL own should only be assigned to the group member who uploaded the data. The data owner could then
give write access to other members only consciously and if needed.
Thank you for your feedback.
One of the fundamental design principles of Yoda is that access to data is managed at the group level. Data objects are therefore owned by the group, and access is managed by the group's managers.
Changing this principle in a way that does not break functionality can only be done as part of a complete redesign of Yoda group management, as well as how it interacts with other parts of the application. We currently don't have sufficient stakeholder support for such a major change. I don't expect we'll be able to accommodate this use case in the forseeable future.
