• Sign In
  1. Messages

Store permissions in XML file to load at build or boot?

LabKey Support Forum (Inactive)

View Message

view list print
Store permissions in XML file to load at build or boot? balter  2016-08-22 12:32
Status: Closed
 
Hi Jon,

I appreciate you clarifying the information you need to answer the question. I'll do my best to explain. The overarching concern is to be able to create reproducible, easily deployable environments, but not necessarily identical data. For instance, a different instance of an identical environment would not have the same users, or data, but would ideally have the exact same roles and groups defined, as well as the permissions they have on particular tables, views, wikis, graphs and other elements.

Based on LK documentation, the admin usually sets permission through the GUI interface. However, you can export the definitions in an XML file. You can also import an XML file. One way to create reproducibility would be to document a series of steps to reproduce the series of steps, boxes filled out, buttons clicked etc. to reproduce a certain setup. Another would be to export the permissions from a model installation, and import those permissions into the others.

We are trying to set up a working practice to minimize configuration steps done through the GUI. Rather we want to have as much as possible in the versioned code base. For instance, we are not creating any tables or lists through the GUI. That all takes place on build. Many of our static pages, views, graphs etc. are also defined in the code base rather than the GUI.

In a similar way, we would like to have the following setup:
1) There is a file *somewhere* in the code base called "roles.xml" or "roles.sql" if it is a query. This would define the roles at build.
2) There is a file *somewhere* in the code base called "groups.xml" or "groups.sql" if it is a query. This would define the groups and their roles at build.
3) There is a file *somewhere* in the code base called "permissions.xml" or "permissions.sql" if it is a query.
4) This last document would define the permissions the various roles and groups have on tables, views, pages etc. These tables and views are already defined at build time. So there will be a hook for the permissions at build.
5) These documents would be versioned in the git repository for our module. We can clone our module into any LK install, and all of these roles, groups and permissions will be identically set along with the tables, views, pages, graphs and other elements that are defined in our code base.

I hope this is a better explanation. Please let me clarify any points if they are still cloudy.

Thanks much,

Ariel