@bbockelm Many thanks, that was fast! I rebuilt out test instance from your PR. Indeed, I can confirm that an upload with `storage.create` is now prevented if it would clobber an existing file. It also does not allow clobbering a file by renaming (`MOVE`ing to an already existing file. So I think the major part is done :+1: . I think my tests covered everything the WLCG JWT acceptance tests cover (I replicated things with `curl` manually). However, I found one detail of the WLCG JWT specification which is not honoured yet (the acceptance tests do not seem to test it) — the spec says:` > note the server implementation MUST NOT automatically create directories for a client However, this currently happens (both with `create` or `modify`) when using `PUT`. Arguably, this is not so much an authorization thing, since of course `create` and `modify` should to create directories, but the spec seems to ask for `PUT`, `MOVE` and other operations not creating directories automatically. -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1655#issuecomment-1114283585 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1