Ignore EML access control blocks that use denyFirst permOrder
Because DataONE access control only uses "allow" rules (and implicitly "allowFirst" processing), we have decided not to support EML-defined "denyFirst" access blocks.
Existing denyFirst rules will be converted to use allowFirst (see related task) and new EML documents that use the denyFirst permOrder will not have access control set on them other than full control by the owner.
#1 Updated by Ben Leinfelder over 8 years ago
- Status changed from New to Closed
When an access block in EML has a "denyFirst" permOrder we ignore it and do not record it in the Metacat DB.
Also modified the AccessControlTest to reflect this change in Metacat behavior.
Unfortunately we cannot raise an error when these documents are parsed since existing EML documents housed in Metacat deployments still need to be replicated to other Metacat instances.