[ckan-dev] CKAN Sysadmin Users and Rights

Stefan Oderbolz stefan.oderbolz at liip.ch
Thu Feb 19 09:58:10 UTC 2015 

Hi David,

I think currently the best option is to use the "private" field. This
should be easy to implement and all the API calls should still work if
the user has the proper rights/permissions. Once a dataset is deleted,
it's basically gone (as far as the user is concerned). I think if you
actually want to re-vive a deleted dataset, you must save its
corresponding ID in you external system. Then you could directly set
the status value without having to query CKAN via the API before.

I've not tested this, so I'm not sure it works, but these are the two
options that come to mind.

- Stefan



On Tue, Feb 17, 2015 at 9:54 PM, Fawcett, David (MNIT)
<David.Fawcett at state.mn.us> wrote:
> We are using CKAN as the public interface to a larger data distribution
> system.  Because of this, we use the action API to push datasets into CKAN.
> We have a user in CKAN that is a ‘sysadmin’ and the credentials for that
> user are used in the API calls.
>
>
>
> In our primary system, a data manager can set a status on a dataset record
> that marks that dataset for publishing to our CKAN instance.  After that
> status is set, we have a script that will initially add the new record to
> CKAN and then update the record as the data changes in our primary system.
>
>
>
> I am now working out the logic for when a data manager decides to
> ‘unpublish’ a dataset from our CKAN instance.  My thought was that we could
> use the status or private attribute of the dataset to manage this.  So,
> after the dataset is marked as ‘don’t publish’, we use the API to update the
> dataset in CKAN and set the status to ‘deleted’.  This works, but we run
> into problems when that data manager wants to “re-publish” a formerly
> deleted dataset.
>
>
>
> Here is what I found:
>
>
>
> Our sysadmin user can change a dataset status to ’deleted’ or change private
> to ‘True’.
>
>
>
> That same user can’t get that dataset back via an API call to package_list
> or package_show.
>
>
>
> Because we can’t get a data object for that dataset, we can’t set the value
> of status or private without wiping out all of the attributes for that
> record.
>
>
>
>
>
> It seems strange that a sysadmin can delete a dataset, but then not access
> the dataset.  Is this consistent with the CKAN the authorization model?
> Does anyone have any suggestions on how a sysadmin user, via the API, can
> make a dataset ‘non-public’ and then make it ‘public’ again?
>
>
>
> We are currently at CKAN 2.1.
>
>
>
> Thank you,
>
>
>
> David.
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>



-- 
Liip AG  // Limmatstrasse 183 //  CH-8005 Zürich
Tel +41 43 500 39 80 // GnuPG 0x7B588C67 // www.liip.ch

More information about the ckan-dev mailing list