iCAT 4 Authorization

Skip to first unread message


Mar 28, 2012, 8:48:49 AM3/28/12
to icatproje...@googlegroups.com, alistai...@stfc.ac.uk

From: Christian Felder [mailto:c.fe...@fz-juelich.de]
Sent: 28 March 2012 12:31
To: Mills, Alistair (STFC,RAL,ESC)
Subject: Re: iCAT 4 Authorization


Hello Alistair,


I have now registered an gmail account c.feld...@gmail.com

and would like to sign up for Google code project. Can you please register the address mentioned above

so I can write comments and post thinks in the discussion group. So I can avoid sending large number of

emails and maybe there are other people with similar problems. Maybe I can also commit some of my

first steps in Java or Python Code to deal with the ICAT WebService later.





Forschungszentrum Jülich GmbH
Jülich Centre for Neutron Science

Außenstelle am FRM II
Lichtenbergstraße 1
85747 Garching

Telefon: +49 - 89 289  10 773
Telefax: +49 - 89 289 10 799


Am 28.03.2012 um 11:46 schrieb <alistai...@stfc.ac.uk>:

Hello Christian


Last week I offered the services of a named mentor to people installing ICAT.  So, if you require help, can you please send an email to me, and I shall deal with it.  You should consider that I am your mentor!


I am pleased that you are working on this, and I want to encourage you.  However we do not want a large number of emails.  It is usual that people need help with ICAT.  So, do not be embarrassed to ask for help.  We shall improve the documentation when we know more about people’s needs.






From: Steve Fisher [mailto:dr.s.m...@gmail.com] 
Sent: 28 March 2012 09:40
To: Milan Prica
Cc: Wilson, Antony (STFC,RAL,ESC); Chahal, Harjinder (STFC,RAL,ESC); Phipps, Kevin (STFC,RAL,ESC); Mills, Alistair (STFC,RAL,ESC); Christian Felder
Subject: Re: iCAT 4 Authorization




The "root" user only has special rights to create users, groups and rules - for anything else you must use the authz mechanism.


If you look at the last section in http://www.icatproject.org/ICAT4API.pdf it gives as an example of defining a rule:


icat.addRule(sessionId, "user-office", "Investigation", "CRUD", null);


so to give somebody in group ops full access to create, read, update or delete a facility you need:


icat.addRule(sessionId, "ops", "Facility", "CRUD", null);


this assumes that you have already added the user to the group ops by:


icat.addUserGroupMember(sessionId, “ops”, “root”);


which adds user "root" to group "ops"




On 28 March 2012 08:11, Milan Prica <milan...@gmail.com> wrote:

Dear All,

I'm forwarding you Christian's mail. I'm sure you can help him.
Best regards,


---------- Forwarded message ----------
From: Christian Felder <c.fe...@fz-juelich.de>
Date: Tue, Mar 27, 2012 at 4:39 PM
Subject: iCAT 4 Authorization
To: milan...@gmail.com

Hello Milan,


as I told you at the Workshop in Grenoble I have set up a testing environment including the ICAT 4.0 WebService

and the TOPCAT Client on a CentOS 6 Server. Now,  I am trying to write a WebService Client to put some data into

the catalogue. During the install process just a user 'icat40' will be created using the usertable_init/usertable.sh script.

It seems that this one has not enough rights. When I was calling some WSDL Api functions I got the message that I have

to be logged in as the root user ('You must be logged in as root to do this'). For example when I have used the

listUserGroups function.

I think it was mentioned at the meeting that there is some hard coded stuff in the source which relies on a root user

so I've created one fiddling the database with sqlplus.



               VALUES ('root', 'root');


The 'listUserGroups' function works for example but I am not able

to create a new Facility. 

'{client.icat3.uk}InsufficientPrivilegesException:<message>CREATE access to this Facility is not allowed.</message>'


Maybe it is not enough to just create a user 'root' in the USER_TABLE. Do you know how to set up a user with sufficient rights?


I've searched for documentation but just found the pdf file (ICAT4 API) which was also presented at the workshop.

And the ICAT3 examples show more or less "just" read access.


I attached my Java Code where I tried to create a new Facility Object -> Entry in the Database.

I have first tried this in python but it is the same issue.


I would be grateful for any help.


Best wishes,

Christian Felder


Forschungszentrum Jülich GmbH
Jülich Centre for Neutron Science

Außenstelle am FRM II
Lichtenbergstraße 1
85747 Garching

Telefon: +49 - 89 289  10 773
Telefax: +49 - 89 289 10 799


Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt

Kennen Sie schon unsere app? http://www.fz-juelich.de/app




Scanned by iCritical.


Scanned by iCritical.

Reply all
Reply to author
0 new messages