That's quite true but I assume the idea is that there is authorization that is stacked behind the SciToken auth plug-in. We could set an envar indicating that this is actually the case and then the code could set the username if further user-based authorization exists and not so otherwise. On Thu, 9 Dec 2021, Brian P Bockelman wrote: > Hi Elvin, > > Isn't this related to the other ticket? Default user is only set when there's scope-based mapping... otherwise you end up with quite broad permissions if there's no storage authorizations. > > https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/XrdSciTokensAccess.cc#L398-L401 > > Brian > > -- > You are receiving this because you are subscribed to this thread. > Reply to this email directly or view it on GitHub: > https://github.com/xrootd/xrootd/issues/1567#issuecomment-989921379 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1567#issuecomment-990082582 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1