New role - ManageFilePermissions but not Curator oder Admin

90 views
Skip to first unread message

Maylein, Leonhard

unread,
May 26, 2023, 4:45:50 AM5/26/23
to dataverse...@googlegroups.com

Dear Dataverse community,


we are struggling a bit with the fact that only users with the Curator or Admin role get the "MangageFilePermissions". We don't give our authors/submitters the role "Curator" because we do the curation ourselves and there are too many rights associated with this role. However, the authors/suppliers (role = "Contributor") should be able to handle access requests to restricted files themselves. Apparently, the "ManageFilePermissions" permission is necessary for this. We would like to see another role that has the same rights as "Contributor", just extended by this right.


Are we the only ones who have this need?

Or is there the possibility to define roles yourself?


Leonhard Maylein


Heidelberg University Library


Philip Durbin

unread,
May 26, 2023, 9:33:43 AM5/26/23
to dataverse...@googlegroups.com
Hi Leonhard,

You are not the only one.

In fact, Jim split off that ManageFilePermissions from ManageDatasetPermissions in https://github.com/IQSS/dataverse/pull/8174 because of a use case from DANS in https://github.com/IQSS/dataverse/issues/8109

That feature landed in Dataverse 5.19 and here's how it's described in the release notes at https://github.com/IQSS/dataverse/releases/tag/v5.9

---
New ManageFilePermissions Permission

Dataverse can now support a use case in which an Admin or Curator would like to delegate the ability to grant access to restricted files to other users. This can be implemented by creating a custom role (e.g. DownloadApprover) that has the new ManageFilePermissions permission. This release introduces the new permission, and a Flyway script adjusts the existing Admin and Curator roles so they continue to have the ability to grant file download requests.
---

So, in short, you would need to manually create a new role, as described above. However, if this is a common use case perhaps Dataverse should ship with this role. I scanned through the pull request and didn't find a JSON file to load up a DownloadApprover role. Please feel free to create an issue about this.

I hope this helps,

Phil


--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/d98d94f212f14d44b3abd9d4a2477b5d%40ub.uni-heidelberg.de.


--

Dario Basset

unread,
May 26, 2023, 9:42:23 AM5/26/23
to Dataverse Users Community
Leonhard,
Did you try to build a custom role? We understand that you could try to create a global new custom role giving it the permissions of the contributor + ManageFilePermissions; it should work.

We tried something similar (for a different need), but we failed because we need a role with all the permission but the publishing dataset one, and it results in a role that can assign all the roles (including the ones that can publish) to other users...

You can find our issue (including how to create a global role) here: https://groups.google.com/g/dataverse-community/c/2M9A7uo4KpM/m/6v3VyE_QAgAJ
Best regards

Dario Basset

unread,
May 26, 2023, 9:49:59 AM5/26/23
to Dataverse Users Community
I also add this pull request to let you know that e're looking for a more "atomic" permission management:

Maylein, Leonhard

unread,
May 27, 2023, 11:15:38 AM5/27/23
to dataverse...@googlegroups.com

Hi Phil,


thank you very much, this helps me a lot. I am probably just being too clumsy. But I can't find the documentation on how to create custom roles with the appropriate permissions.


Leonhard Maylein



Von: dataverse...@googlegroups.com <dataverse...@googlegroups.com> im Auftrag von Philip Durbin <philip...@harvard.edu>
Gesendet: Freitag, 26. Mai 2023 15:33
An: dataverse...@googlegroups.com
Betreff: Re: [Dataverse-Users] New role - ManageFilePermissions but not Curator oder Admin
 

Philip Durbin

unread,
May 30, 2023, 4:06:31 PM5/30/23
to dataverse...@googlegroups.com
Hi Leonhard,

I somewhat regret even mentioning custom roles. I don't think they're fully baked.

Here's a report of being unable to delete roles: https://github.com/IQSS/dataverse/issues/2927#issuecomment-1403756052


I'd recommend steering clear of custom roles until the feature has matured. Pull requests are welcome to fix up custom roles, of course!

Sorry I can't help more,

Phil

Maylein, Leonhard

unread,
Jun 9, 2023, 4:40:22 AM6/9/23
to Dataverse Users Community

Many thanks,


I have now tried to import a new role based on https://guides.dataverse.org/en/latest/api/native-api.html#create-global-role. Unfortunately my attempts fail. I do not get an error message (the api response is "{}"), but the new role is not available.


The documentation says: "The data POSTed are assumed to be a role JSON."

However, it is not clear to me what exactly such a JSON looks like.


I tried the following (based on what "List Global Roles" gives me):


curl -H 'Content-Type: application/json' -X POST -F 'file=@dv_role_FilePermissionManager.json' "http://localhost:8080/api/admin/roles"


with dv_role_FilePermissionManager.json containing either


{"data":[{"alias":"contribAndFilePermission","name":"FilePermissionManager","permissions":["ViewUnpublishedDataset","DownloadFile","EditDataset","ManageFilePermissions","DeleteDatasetDraft"],"description":"For datasets, a person who can edit License + Terms, and then submit them for review and who can also alter the file permissions.","id":100}]}


or


{"data":[{"alias":"contribAndFilePermission","name":"FilePermissionManager","permissions":["ViewUnpublishedDataset","DownloadFile","EditDataset","ManageFilePermissions","DeleteDatasetDraft"],"description":"For datasets, a person who can edit License + Terms, and then submit them for review and who can also alter the file permissions.","id":100}]}


Both variants also without the id attribute, because I'm not sure if Dataverse assigns it automatically.

Can someone tell me what I am doing wrong?


Leonhard Maylein



Von: dataverse...@googlegroups.com <dataverse...@googlegroups.com> im Auftrag von Dario Basset <dario....@gmail.com>
Gesendet: Freitag, 26. Mai 2023 15:42
An: Dataverse Users Community

Betreff: Re: [Dataverse-Users] New role - ManageFilePermissions but not Curator oder Admin

James Myers

unread,
Jun 9, 2023, 5:04:51 AM6/9/23
to dataverse...@googlegroups.com

My guess would be to unwrap the JSON and only send the object in the data array, e.g. JSON starting with{'alias':  .  I'd also guess no id as that would get assigned.

  How that helps, 
 Jim
From: dataverse...@googlegroups.com <dataverse...@googlegroups.com> on behalf of Maylein, Leonhard <May...@ub.uni-heidelberg.de>
Sent: Friday, June 9, 2023 9:40:18 AM
To: Dataverse Users Community <dataverse...@googlegroups.com>
Subject: AW: [Dataverse-Users] New role - ManageFilePermissions but not Curator oder Admin
 

Philip Durbin

unread,
Jun 12, 2023, 2:44:49 PM6/12/23
to dataverse...@googlegroups.com
You can see how roles are added by the installer here: https://github.com/IQSS/dataverse/blob/v5.13/scripts/api/setup-builtin-roles.sh

For example:

echo "Setting up full contributor role"
curl -H "Content-type:application/json" -d @data/role-fullContributor.json http://localhost:8080/api/admin/roles/
echo


Here's the content of that file:

{
  "alias": "fullContributor",
  "name": "Dataverse + Dataset Creator",
  "description": "A person who can add subdataverses and datasets within a dataverse.",
  "permissions": [
    "AddDataverse",
    "AddDataset"
  ]
}

I hope this helps!

Phil

p.s. Jim and I are saying the same thing. Please try again without the JSON wrapped in a "data" object.

Maylein, Leonhard

unread,
Jun 13, 2023, 3:54:20 AM6/13/23
to dataverse...@googlegroups.com

Dear Phil, Dear Jim,


I have made one step further. I'm sorry to have to ask again.


This is my role json, now:


{"alias":"contribAndFilePermission","name":"Contributor + FilePermissionManager","description":"For datasets, a person who can edit License + Terms, and then submit them for review and who can also alter the file permissions.","permissions":["ViewUnpublishedDataset","DownloadFile","EditDataset","ManageFilePermissions","DeleteDatasetDraft"]}


All permissions seem to me to be spelled correctly.


The request now results in:


{"status":"ERROR","message":"Exception thrown from bean: javax.validation.ConstraintViolationException: One or more Bean Validation constraints were violated while executing Automatic Bean Validation on callback event: prePersist for class: edu.harvard.iq.dataverse.authorization.DataverseRole. Please refer to the embedded constraint violations for details."}


The server log says:


javax.ejb.TransactionRolledbackLocalException: Exception thrown from bean: javax.validation.ConstraintViolationException: One or more Bean Validation constraints were violated while executing Automatic Bean Validation on callback event: prePersist for class: edu.harvard.iq.dataverse.authorization.DataverseRole. Please refer to the embedded constraint violations for details.
    at com.sun.ejb.containers.EJBContainerTransactionManager.checkExceptionClientTx(EJBContainerTransactionManager.java:615)
    at com.sun.ejb.containers.EJBContainerTransactionManager.postInvokeTx(EJBContainerTransactionManager.java:485)
    at com.sun.ejb.containers.BaseContainer.postInvokeTx(BaseContainer.java:4601)
    at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:2134)
    at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:2104)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:220)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90)
    at com.sun.proxy.$Proxy327.save(Unknown Source)
    at edu.harvard.iq.dataverse.__EJB31_Generated__DataverseRoleServiceBean__Intf____Bean__.save(Unknown Source)
    at edu.harvard.iq.dataverse.api.Admin.createNewBuiltinRole(Admin.java:991)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:588)
    at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:408)
    at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4835)
    at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:665)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:834)
    at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
    at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
    at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
    at jdk.internal.reflect.GeneratedMethodAccessor273.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
    at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
    at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
    at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
    at jdk.internal.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
    at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:375)
    at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4807)
    at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4795)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90)
    at com.sun.proxy.$Proxy409.createNewBuiltinRole(Unknown Source)
    at edu.harvard.iq.dataverse.api.__EJB31_Generated__Admin__Intf____Bean__.createNewBuiltinRole(Unknown Source)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.jboss.weld.util.reflection.Reflections.invokeAndUnwrap(Reflections.java:410)
    at org.jboss.weld.module.ejb.EnterpriseBeanProxyMethodHandler.invoke(EnterpriseBeanProxyMethodHandler.java:134)
    at org.jboss.weld.bean.proxy.EnterpriseTargetBeanInstance.invoke(EnterpriseTargetBeanInstance.java:56)
    at org.jboss.weld.module.ejb.InjectionPointPropagatingEnterpriseTargetBeanInstance.invoke(InjectionPointPropagatingEnterpriseTargetBeanInstance.java:68)
    at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106)
    at edu.harvard.iq.dataverse.api.Admin$Proxy$_$$_Weld$EnterpriseProxy$.createNewBuiltinRole(Unknown Source)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
    at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81)
    at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
    at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
    at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234)
    at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
    at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
    at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
    at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1637)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:331)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:211)
    at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:253)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:211)
    at edu.harvard.iq.dataverse.api.ApiBlockingFilter$3.doBlock(ApiBlockingFilter.java:66)
    at edu.harvard.iq.dataverse.api.ApiBlockingFilter.doFilter(ApiBlockingFilter.java:158)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:253)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:211)
    at edu.harvard.iq.dataverse.api.ApiRouter.doFilter(ApiRouter.java:30)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:253)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:211)
    at org.apache.catalina.core.ApplicationDispatcher.doInvoke(ApplicationDispatcher.java:816)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:683)
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:527)
    at org.apache.catalina.core.ApplicationDispatcher.doDispatch(ApplicationDispatcher.java:497)
    at org.apache.catalina.core.ApplicationDispatcher.dispatch(ApplicationDispatcher.java:379)
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:329)
    at edu.harvard.iq.dataverse.api.ApiRouter.doFilter(ApiRouter.java:34)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:253)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:211)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:257)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:757)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:577)
    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:158)
    at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:372)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:239)
    at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:520)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:217)
    at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:182)
    at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:156)
    at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:201)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:95)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:260)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:177)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:109)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:88)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:53)
    at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:524)
    at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:89)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:94)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:33)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:114)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:569)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:549)
    at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.validation.ConstraintViolationException: One or more Bean Validation constraints were violated while executing Automatic Bean Validation on callback event: prePersist for class: edu.harvard.iq.dataverse.authorization.DataverseRole. Please refer to the embedded constraint violations for details.
    at org.eclipse.persistence.internal.jpa.metadata.listeners.BeanValidationListener.validateOnCallbackEvent(BeanValidationListener.java:124)
    at org.eclipse.persistence.internal.jpa.metadata.listeners.BeanValidationListener.prePersist(BeanValidationListener.java:86)
    at org.eclipse.persistence.descriptors.DescriptorEventManager.notifyListener(DescriptorEventManager.java:746)
    at org.eclipse.persistence.descriptors.DescriptorEventManager.notifyEJB30Listeners(DescriptorEventManager.java:689)
    at org.eclipse.persistence.descriptors.DescriptorEventManager.executeEvent(DescriptorEventManager.java:233)
    at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.registerNewObjectClone(UnitOfWorkImpl.java:4468)
    at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.registerNotRegisteredNewObjectForPersist(UnitOfWorkImpl.java:4445)
    at org.eclipse.persistence.internal.sessions.RepeatableWriteUnitOfWork.registerNotRegisteredNewObjectForPersist(RepeatableWriteUnitOfWork.java:523)
    at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.registerNewObjectForPersist(UnitOfWorkImpl.java:4387)
    at org.eclipse.persistence.internal.jpa.EntityManagerImpl.persist(EntityManagerImpl.java:601)
    at com.sun.enterprise.container.common.impl.EntityManagerWrapper.persist(EntityManagerWrapper.java:289)
    at edu.harvard.iq.dataverse.DataverseRoleServiceBean.save(DataverseRoleServiceBean.java:52)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:588)
    at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:408)
    at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4835)
    at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:665)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:834)
    at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
    at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
    at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
    at jdk.internal.reflect.GeneratedMethodAccessor273.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
    at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
    at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
    at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
    at jdk.internal.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
    at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:375)
    at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4807)
    at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4795)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
    ... 121 more
]]


Leo



Von: dataverse...@googlegroups.com <dataverse...@googlegroups.com> im Auftrag von Philip Durbin <philip...@harvard.edu>
Gesendet: Montag, 12. Juni 2023 20:44
An: dataverse...@googlegroups.com

James Myers

unread,
Jun 13, 2023, 12:00:48 PM6/13/23
to dataverse...@googlegroups.com

Maylein, Leonhard

unread,
Jun 14, 2023, 2:24:01 AM6/14/23
to dataverse...@googlegroups.com

Yes, that was the problem. Thank you very much.


Leo



Von: dataverse...@googlegroups.com <dataverse...@googlegroups.com> im Auftrag von James Myers <qqm...@hotmail.com>
Gesendet: Dienstag, 13. Juni 2023 18:00
An: dataverse...@googlegroups.com
Betreff: RE: [Dataverse-Users] New role - ManageFilePermissions but not Curator oder Admin
 
Reply all
Reply to author
Forward
0 new messages