Hello everyone.
At the moment it is only possible to link an object (add parent/child) if one has at least user rights for the Space/Project the object is in. Linking is not possible with observer rights.
However, many of our departments (multigroup instance) have e.g. samples in the inventory that should be linkable by normal lab members, but not editable.
So normal lab members should be able to link objects from the inventory to their experiments in ELN, however registration and editing of objects in the inventory should only be allowed for group admins.
How can we achieve this?
To the developers: Or maybe an intermediate role would be useful?
Many thanks
Thank you for the message.
The current system setup doesn’t support the specific functionality.
We will create a ticket in our JIRA system to document and track this request. However, while your feedback is very valuable to us, I cannot guarantee when this will be implemented.
Thank you in advance for your understanding.
Thank you very much. For us it is a very important issue
3 Likes
+1 This would be a very important feature for our multi-group instance as well.
@rostyslav.kuzyakiv: Has there been any decision made concerning this request?
I understand the logic why it is not possible with the current roles (observers cannot change the metadata of an object and a parent/child relationship counts as metadata).
But especially in a multi-group instance, it is a common use case that users have an observer instead of a user role in the Space of another group because they need to link to a commonly used object (e.g. a measuring device that is used by several groups) as a parent but they shouldn’t be able to change the other metadata properties of this object (because they device belongs to the other group).
3 Likes
As discussed here and in the last community meeting, it would be important to have this feature. After learning about the capabilitiy-role map I tested the following:
I’m ADMIN for object A and just OBSERVER for object B. With the default settings I will not be able to set object B as a parent or as a child of A.
I add the following lines to the capabilities file:
ADD_PARENT_TO_SAMPLE: PROJECT_OBSERVER
ADD_PARENT_TO_SAMPLE: SPACE_ETL_SERVER
REMOVE_PARENT_FROM_SAMPLE: PROJECT_OBSERVER
REMOVE_PARENT_FROM_SAMPLE: SPACE_ETL_SERVER
ADD_PARENT_TO_DATASET: PROJECT_OBSERVER
ADD_PARENT_TO_DATASET: SPACE_ETL_SERVER
REMOVE_PARENT_FROM_DATASET: PROJECT_OBSERVER
REMOVE_PARENT_FROM_DATASET: SPACE_ETL_SERVER
Now I can set B as the child of A, and remove the relationship as well. But I still can’t set B as the parent of A, which would be more important for our use case.
If it works children, is there an equivalent ADD_CHILD_TO_SAMPLE? If not, could this be implemented? If I understood @juanf correctly, either both or none of the directions should work, based on my role for B?
Thank you!
1 Like
Hi everyone.
Is there any news on this very important topic?
Is there a way around the problem?
We have departments that do not make their bacteria databases available to other departments or even to their own members for this reason alone.
Was there an answer to the questions?
Dear All,
Given:
- SAMPLE_A in SPACE_A
- SAMPLE_B in SPACE_B
- user X
Goal:
- user X should be able to edit SAMPLE_A
- user X should NOT be able to edit SAMPLE_B
- user X should be able to create/remove parent/child relationship between SAMPLE_A and SAMPLE_B
Configuration needed:
- user needs to be at least SPACE_USER in SPACE_A and just a SPACE_OBSERVER in SPACE_B
- capabilities file should contain the following lines:
ADD_PARENT_TO_SAMPLE: SPACE_OBSERVER, SPACE_ETL_SERVER
ADD_PARENT_TO_SAMPLE: SAMPLE = SPACE_OBSERVER, SPACE_ETL_SERVER
ADD_PARENT_TO_SAMPLE: PARENT = SPACE_OBSERVER, SPACE_ETL_SERVER
REMOVE_PARENT_FROM_SAMPLE: SPACE_OBSERVER, SPACE_ETL_SERVER
REMOVE_PARENT_FROM_SAMPLE: SAMPLE = SPACE_OBSERVER, SPACE_ETL_SERVER
REMOVE_PARENT_FROM_SAMPLE: PARENT = SPACE_OBSERVER, SPACE_ETL_SERVER
Java code example:
OpenBIS openBIS = new OpenBIS("http://localhost:8888");
openBIS.login("x", "password");
ISampleId sampleAId = new SampleIdentifier("/SPACE_A/PROJECT_A/SAMPLE_A");
ISampleId sampleBId = new SampleIdentifier("/SPACE_B/PROJECT_B/SAMPLE_B");
SampleUpdate sampleAUpdate = new SampleUpdate();
sampleAUpdate.setSampleId(sampleAId);
sampleAUpdate.getParentIds().add(sampleBId); // or sampleAUpdate.getChildIds().set(sampleBId);
openBIS.updateSamples(List.of(sampleAUpdate));
This also applies to ELN UI.
More info on the capabilities: Optional Application Server Configuration — Python documentation
Hope that helps 
1 Like
A thousand thanks.
We will try it out this week and give you feedback.
It would help us so much.
Result of testing: It works! Thank you.
Important for multi-group instances:
In a multi-group instance, you must also adjust the roles for the Common Spaces in the User Management Config.
1 Like
Works for us as well. Thank you very much!