VOMSSecurityManager class implements access permissions based on VOMS roles

class DIRAC.DataManagementSystem.DB.FileCatalogComponents.SecurityManager.VOMSSecurityManager.VOMSSecurityManager(database=False)

Bases: SecurityManagerBase

This class implements a 3-level POSIX permission, wrapping up the DIRAC group into VOMS roles

getPathPermissions(paths, credDict)

This method is meant to disappear, hopefully soon, but as long as we have clients from versions < v6r14, we need a getPathPermissions method. Since it does not make sense with that kind of fine grain policy, we return what used to be returned…

hasAccess(opType, paths, credDict)

Checks whether a given operation on given paths is permitted

  • opType – name of the operation (the FileCatalog methods in fact…)

  • paths – list/dictionary of path on which we want to apply the operation

  • credDict – credential of the users (with at least username, group and properties)


Successful dict with True or False, and Failed dict. In fact, it is not neccesarily a boolean, rather an int (binary operation results)