Ok, I think I have an approach here. - Introduce two now `Access_Operation` values, `AOP_Excl_Create` and `AOP_Excl_Insert`. - If the user has authorization for the respective full-power operations (`AOP_Create` and `AOP_Insert`), then proceed as normal. - Otherwise, refuse to overwrite data in `XrdOfsFile::open` and `XrdOfs::rename`. Doing this in `XrdOfsFile::open` is easy given it already has the concept of `O_EXCL`. I _think_ we can handle `XrdOfs::rename` by internally creating a file with `O_EXCL`; if the thread successfully creates the file, then it is permitted to rename. With this, all existing authorizations happen as normal (providing backward compatibility with existing operations) -- but any plugin aware of the newly-introduced operation can give a user additional authorization that wasn't there before. -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1655#issuecomment-1114063813 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1