Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metadata Forms: access control and deletion behaviour #1541

Closed
SofiaSazonova opened this issue Sep 12, 2024 · 0 comments · Fixed by #1540
Closed

Metadata Forms: access control and deletion behaviour #1541

SofiaSazonova opened this issue Sep 12, 2024 · 0 comments · Fixed by #1540
Assignees
@SofiaSazonova

Comments

@SofiaSazonova
Copy link
Contributor

  1. If I attach a a MF Form to a dataset and then delete the dataset (without deleting the MF Form) - I will have stale MF Form record(s) in RDS? Same for Envs and Orgs. We need to delete all MFs upon deletion of parent org
  2. Access control: who can attach MFs and create MF with visibility inside the Orgs/Ens
@SofiaSazonova SofiaSazonova self-assigned this Sep 12, 2024
@SofiaSazonova SofiaSazonova mentioned this issue Sep 12, 2024
Merged
@SofiaSazonova SofiaSazonova linked a pull request Sep 12, 2024 that will close this issue
Metadata form 7: Access control and deletion behaviour #1540
Merged
SofiaSazonova added a commit that referenced this issue Sep 30, 2024
@SofiaSazonova
Metadata form 7: Access control and deletion behaviour (#1540)
1e2c388 
### Feature or Bugfix

- Feature


### Detail
- When entity is deleted all attached MF are deleted
- When Org or Env is deleted MF with visibility in this org|env is
deleted. And all connected attached MFs
- Resource policies: CREATE_METADATA_FORM (create MF with visibility
inside this entity), ATTACH_METADATA_FORM
- Migrations for entity owners to have all permissions 
- Triggers to delete dependencies for MF deletion and entity deletion

### Relates
- #1541

### Security
Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?


By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Co-authored-by: Sofia Sazonova <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SofiaSazonova SofiaSazonova

Labels
None yet
Projects
v2.7.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Metadata form 7: Access control and deletion behaviour SofiaSazonova/dataall
1 participant
@SofiaSazonova