Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

On the resource tool, access restrictions for groups on folders do not work

Description

sakai version 11.x, 11.4
On the resource tool, access restrictions for groups on folders do not work.
case 1: If we create or modify a restriction of access to a folder for a given group, while the display of the group restriction is correct, in fact: no restrictions are applied to this group.
The restriction is not effective.
case 2: if we want to re-authorize access, it does not work either

Impact: Group access filtering is not operational.

Details :

in the resource tool the filtering of the folders is effective only after having validated at first, then invalidated in the second time the permission "Access / create group resources"

Activity

Show:

Mark Golbeck August 22, 2024 at 4:54 PM

We're closing this Jira issue for now. We can reopen it if need be. Thank you.

Earle Nietzel September 17, 2018 at 9:58 AM

Nope you don't want to set this to 0 as it will create a lot of extra queries to the database. A TTL cache boosts database performance by fetching the last result from the cache vs asking the database. Once the TTL (time to live) has expired then it refetches from the database and caches again. The goal of a TTL cache is a compromise between performance and an allowance of time for accuracy.

So what this cache is saying is,

Were willing to sacrifice up to 10 minutes of inaccuracy for the sake of a database performance boost.

There are other caching strategies that can be used, but this describes a TTL cache.

Jacques Pignon September 14, 2018 at 10:27 AM

on sakai 11.x, I set the AUTHZ cache parameter in sakai.properties:

cacheMinutes@org.sakaiproject.authz.api.SecurityService=0

result: access restrictions for groups on folders now seem to work perfectly.

Does this mean that for versions higher than sakai 10, we need to set this cache to 0?

Regards,

Earle Nietzel September 13, 2018 at 4:42 PM

I believe what this user is seeing is the effects of the SecurityCache "org.sakaiproject.authz.api.SecurityService.contentCache" TTL where if an Instructor changes the Folders permissions and the Student had already visited the site and seen the Resource prior to the Instructor changing the group permissions then they are subject to the cache timeout on the Resource, which OTB is 600 seconds / 10 minutes. After the security check on the resource has exceed the TTL the Resource's permissions are then refetched and access to the Resource is removed.

 

 

Shawn Foster September 11, 2018 at 8:49 AM

Thanks,

Won't Fix

Details

Priority

Affects versions

Components

Assignee

Reporter

Labels

Environment

Linux 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 jvm : jdk1.8.0_162 tomcat : apache-tomcat-8.5.28 database : server Type : MariaDB Version du serveur : 10.2.17-MariaDB-10.2.17+maria~stretch-log - mariadb.org binary distribution Version du protocole : 10 Jeu de caractères du serveur : UTF-8 Unicode (utf8) JAVA_OPTS="-server -Xmx5120m -XX:MaxPermSize=320m" JAVA_OPTS="$JAVA_OPTS -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Djava.awt.headless=true -Dcom.sun.management.jmxremote -Dsun.lang.ClassLoader.allowArraySyntax=true" JAVA_OPTS="$JAVA_OPTS -DproxySet=true -DproxyHost=cache.univ-poitiers.fr -DproxyPort=3128 -Duser.language=fr -Duser.region=FR"
Created September 1, 2018 at 2:22 AM
Updated August 22, 2024 at 4:54 PM
Resolved August 22, 2024 at 4:54 PM