Granular access to Gramps database

Hello,

in recent times I had many situations where I wanted to give people viewing access to parts of my database. The Problem is that all users can see the whole Tree and all people that are not private.

My request/question is: Is it possible or planned to add granular access to the database?

In granularity I mean that the admin can control access from the whole database, to descendants of a Person or Family and even down to a single person.

Regards
Nathan

Hi,

it depends on what you mean by “planned” - it’s definitely a much needed feature and it’s on the roadmap, but what’s missing at the moment is a good idea how to realize this a) technically in the backend (object attributes? Access control lists? Filters?) and b) from a user facing perspective (frontend).

For instance, Gramps has 10 different primary object types and “Person” is just one of them. The degree of relationship is highly problematic as being what determines access because it is 1) slow to compute, so would have to be continually recomputed and cached and 2) it does not uniquely determine the access rights for other object types like media objects, sources, citations, places, events etc. One could argue that objects linked to a person I cannot view should not be visible, but what is the exact criterion? What about places linked to an event I cannot view? What about notes linked to sources linked to people I can view as well as people I cannot view?

If somebody has ideas how to solve this in a clean and, most importantly, intuitive manner, please let me know.

Here is the feature request (please comment if you have concrete suggestions, not for +1):

And by the way this has been discussed several times before:

Thank You for your quick response. I must have overlooked the GitHub Suggestion.
I didnt know the deph of my Question. Thanks for clarifying.

This Thread can be closed, because of the existing GitHub and Discouse Thread.

Just a thought:

Could you use a custom attribute for this, something like “Access Permission: ‘User 1’, ‘User 2’, etc.”

It will be up to the people using Gramps Web to actually add this, for example, by using filters in Gramps and setting the attributes.

Those attributes could then be extracted into an Access List or Permission List in the database and updated upon sync or changes.
I’m not sure if you have any extra database fields for the web version, but updates could perhaps be automatically monitored by a function or stored procedure in the database/backend?

A major problem with attributes is that - for whatever reason! - notes and repositories don’t have attributes in the Gramps data model.

That’s why I’m suspecting that tags might be more suitable. An object with a tag named SomeFamily could be viewed by everyone if it’s not private, but only by users belonging to the SomeFamily group if it’s private.

1 Like

Yeh, I see the problem…

So you are thinking that “somefamily” can be multiple tags e.g. “family 1”, “family 2” etc.?
Shouldn’t you have some type of a trigger key for the tag, så that you only search for those specific tags? e.g. “sec_somefamily” or “perm_somefamily”?
Or was you thinking about a matched pair tags, so that the tags must match a security group in the gramps web?

I’m thinking about when we have multiple families and want them to see different branches and records…

I ask because i am curious how different solutions can work…

Yes the tag would match the group.

So if I want my own family to see my siblings and my wife’s family to see my wife’s siblings (stupid example I know), I would

  • mark them all as private
  • apply the MyOwnFamily tag to my siblings, the MyWifesFamily tag to her siblings
  • Assign the users to the respective tags

Yes, I think this is a good solution, it was something similar I was thinking regarding the attributes, but I forgot that there is Gramps Objects/Items that doesn’t have the Attribute feature…

Thanks for the answer :slight_smile: