Ticket #1066 (closed enhancement: fixed)

Opened 3 years ago

Last modified 3 years ago

Default reader role too permissive

Reported by: dread Owned by: dread
Priority: major Milestone: ckan-v1.4-sprint-5
Component: ckan Keywords:
Cc: Repository: ckan
Theme: none

Description (last modified by dread) (diff)

The definition of the 'reader' role includes creating packages, which is too permissive for some CKAN instances (e.g. DGU). 'Reader' suggests only reading, so I think this role should avoid creating and editing.

All projects so far want all roles to be able to create users, so this stays as a Reader action for now, as a convenience.


  • Action.PACKAGE_CREATE removed from reader's default_role_actions
  • Visitor has a new default role, called 'anon_editor' which can edit packages, but not groups / auth groups - you have to log in for that.
  • Migration script not needed?
  • Code comments written, to make clear the suggested policy

Change History

comment:1 Changed 3 years ago by dread

  • Description modified (diff)

comment:2 Changed 3 years ago by dread

Need a new role 'ANON_EDITOR' which is the default role for Visitor, which can create packages, but not groups.

comment:3 Changed 3 years ago by dread

  • Description modified (diff)

comment:4 Changed 3 years ago by dread


  • Default (open) CKAN instances will have visitor as a reader on the system, and will have to upgrade them to anon_editor.
  • DGU & DataGM instances have visitor as a reader on system and must stay like that.
  • Pudo's specially locked instance, where editor has been changed to only read can now use the 'reader' role (assuming he's happy for them to create users)

Migration script (37) is designed to cope with the default (open) setup, and the other special cases must be dealt with using CLI at the time of upgrade:

DGU & DataGM must run:

paster rights remove visitor anon_editor system:
paster rights make visitor reader system:

comment:5 Changed 3 years ago by dread

  • Status changed from new to closed
  • Resolution set to fixed

Done on branch defect-1066-reader-too-permissive and merged into release-1.3.3

Note: See TracTickets for help on using tickets.