[ckan-dev] Cascading permissions in hierarchical organizations

Ville Seppänen ville.seppanen at gofore.com
Tue Apr 1 09:23:23 UTC 2014


Hi,

I'm trying to enable hierarchical organizations using the ckanext-hierarchy extension and CKAN 2.2. We have a couple of requirements how the permissions should work in our case:

- When selecting a parent organization for an organization, a user should only be able to select organizations in which he/she is an admin.
- A user who is an admin in an organization, should also be an admin in all its child organizations.

However, currently neither is working and I'm not completely sure how this even should work by default. I looked at this issue https://github.com/ckan/ckan/issues/1038 and there's a comment that "cascading permissions has been done".

If I create a new organization with a fresh, non-sysadmin user, I can select any existing organization as the parent. Also, the admin of a parent organization does not seem to get any additional rights for child organizations created by someone else.

Any ideas how this should work by default, am I missing some configuration or is there a bug?

Best Regards,
Ville Seppänen


More information about the ckan-dev mailing list