Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "GOCDB/Release4/Development/NewRoles"

From EGIWiki
Jump to navigation Jump to search
 
(32 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Template:Op menubar}}
{{Template:GOCDB_menubar}}
{{TOC_right}}
[[Category:GOCDB]]
<< Back to [[GOCDB/Release4/Development]]
= New Roles in GOCDB =
= New Roles in GOCDB =
== Introduction ==
== Introduction ==
Line 9: Line 14:
** Cyril - Central and Regional Ops Portal
** Cyril - Central and Regional Ops Portal
** Emir - Nagios
** Emir - Nagios
** pakiti.egi.eu?
** pakiti.ics.muni.cz
** Accounting portal
* Deploy new roles
* Deploy new roles
** Deploy code
** Deploy code
Line 14: Line 22:


== New Role Types ==
== New Role Types ==
* A users: Unregistered users
* A role: Unregistered users
* B users: Registered users with no role  
* B role: Registered users with no role  
* C users:  Users with a role at site level (site admin)  
* C role:  Users with a role at site level (site admin)  
* C' users: Users with a management role at site level (site operations manager, site security officer...)
* C' role: Users with a management role at site level (site operations manager, site security officer...)
* D users:  Users with a role at regional level (regional staff support staff, ROD, 1st Line Support)  
* D role:  Users with a role at regional level (regional staff support staff, ROD, 1st Line Support)  
* D' users: Users with a management role at regional level (NGI manager or deputy, security officer)
* D' role: Users with a management role at regional level (NGI manager or deputy, security officer)
* E users:  Users with a role at project level
* E role:  Users with a role at project level


== Changes to Roles ==
== Changes to Roles ==
{| {{egi-table}}
 
! Old Role Name !! New Role Name !! New Type of Role
{|
|-
|-
| Site Administrator || Site Administrator || C
| '''Old Role Name'''
| '''New Role Name'''
| '''New Type of Role'''
| '''Mandatory'''
|-
|-
| Security Officer* || Site Security Officer || C'
| (N/A)
| Site Administrator
| C
| No
|-
|-
| (New Role) || Site Deputy Manager || C'
| Security Officer*
| Site Security Officer
| C'
| Yes
|-
|-
| (New Role) || Site Operations Manager || C'
| (New Role)  
| Site Operations Deputy Manager  
| C'
| No
|-
|-
| (New Role) || Regional First Line Support || D
| Site Administrator
| Site Operations Manager
| C'
| Yes
|-
|-
| Regional Operations Staff || Regional Staff (ROD) || D
| (New Role)  
| Regional First Line Support
| D
| No
|-
|-
| Regional Manager || NGI Operations Manager || D'
| Regional Operations Staff
| Regional Staff (ROD)
| D
| Strongly suggested
|-
|-
| Deputy Regional Manager || NGI Deputy Manager || D'
| Deputy Regional Manager  
|-
| NGI Operations Deputy Manager  
| Security Officer* || NGI Security Officer || D'
| D'
| No
|-
|-
| COD Staff || COD Staff || E
| Regional Manager
| NGI Operations Manager
| D'
| Yes
|-
|-
| COD Administrator || COD Administrator || E
| Security Officer*
| NGI Security Officer
| D'
| Yes
|-
|-
| Chief Operations Officer || Chief Operations Officer || E
| COD Staff
| COD Staff
| E
| Non NGI Role
|-
|-
| Security Officer* || EGI CSIRT Officer || E
| COD Administrator
 
| COD Administrator
| E
| Non NGI Role
|-
| Chief Operations Officer
| Chief Operations Officer
| E
| Non NGI Role
|-
| Security Officer*  
| EGI CSIRT Officer  
| E
| Non NGI Role
|}
|}


\* This role name is duplicated at a site, NGI and project level. The new role names explicitly define which level the roles operate at.
\* This role name is duplicated at a site, NGI and project level. The new role names explicitly define which level the roles operate at.
== Role Actions/Permissions ==
The table below shows which actions the different roles allow.
Users can have multiple roles. Important differences are highlighted:
* The only difference between C and C' users is that:
** C can NOT approve/reject role requests. 
** C' can only approve/reject role requests for their SITE.
* The difference between D and D' users is that:
** D can NOT add/delete sites to/from their NGI.
** D can NOT update the certification status of member sites.
** D can NOT approve or reject role requests.
Assume 'group' means 'NGI':
[[File:NewRolesProposal.jpg]]


== PI Changes ==
== PI Changes ==
When we change the name of roles and add new roles this will be reflected through our PI. We will need to contact other PI users (including operational tools) to ensure they're Ok with the changes we'll make.
When we change the name of roles and add new roles these new roles will be shown in our PI. We will need to contact other PI users (including operational tools) to ensure they're Ok with the changes we'll make.
 
When these changes are implemented, some people's roles will change (e.g. Site Administrator -> Site Operations Manager).


The following methods are affected by these changes:
The following methods are affected by these changes:
Line 65: Line 134:


== Background Information ==
== Background Information ==
The following spreadsheet provided by Peter Sologna and Vera Hansper further explains the new role types and changes to the old roles. (C' and D' have been added, others have had their permissions changed). [[Media:FinerGrainedGOCDB_rolesVeraProposal2.xls]]
The following spreadsheet provided by Peter Sologna and Vera Hansper further explains the new role types and changes to the old roles. (C' and D' have been added, others have had their permissions changed). [[File:FinerGrainedGOCDB_rolesVeraProposal2.xls]]

Latest revision as of 12:31, 18 December 2012

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


GOC DB menu: Home Documentation Index


<< Back to GOCDB/Release4/Development

New Roles in GOCDB

Introduction

The GOCDB role mechanism will be updated to better address the needs of our user community. We will update the name of some roles, add new roles and make changes to the actions each role grants the user. These changes will affect both the front end portal and information made available through our programmatic interface. The original request for these improvements was made by Vera Hansper and has been followed up by Peter Sologna. Thanks to both for their contributions so far.

Plan

  • Agree on new roles + authorizations
  • Notify PI users of changes to the PI
    • Users of queries that will change
    • Cyril - Central and Regional Ops Portal
    • Emir - Nagios
    • pakiti.egi.eu?
    • pakiti.ics.muni.cz
    • Accounting portal
  • Deploy new roles
    • Deploy code
    • Switch old roles over to new

New Role Types

  • A role: Unregistered users
  • B role: Registered users with no role
  • C role: Users with a role at site level (site admin)
  • C' role: Users with a management role at site level (site operations manager, site security officer...)
  • D role: Users with a role at regional level (regional staff support staff, ROD, 1st Line Support)
  • D' role: Users with a management role at regional level (NGI manager or deputy, security officer)
  • E role: Users with a role at project level

Changes to Roles

Old Role Name New Role Name New Type of Role Mandatory
(N/A) Site Administrator C No
Security Officer* Site Security Officer C' Yes
(New Role) Site Operations Deputy Manager C' No
Site Administrator Site Operations Manager C' Yes
(New Role) Regional First Line Support D No
Regional Operations Staff Regional Staff (ROD) D Strongly suggested
Deputy Regional Manager NGI Operations Deputy Manager D' No
Regional Manager NGI Operations Manager D' Yes
Security Officer* NGI Security Officer D' Yes
COD Staff COD Staff E Non NGI Role
COD Administrator COD Administrator E Non NGI Role
Chief Operations Officer Chief Operations Officer E Non NGI Role
Security Officer* EGI CSIRT Officer E Non NGI Role

\* This role name is duplicated at a site, NGI and project level. The new role names explicitly define which level the roles operate at.

Role Actions/Permissions

The table below shows which actions the different roles allow. Users can have multiple roles. Important differences are highlighted:

  • The only difference between C and C' users is that:
    • C can NOT approve/reject role requests.
    • C' can only approve/reject role requests for their SITE.
  • The difference between D and D' users is that:
    • D can NOT add/delete sites to/from their NGI.
    • D can NOT update the certification status of member sites.
    • D can NOT approve or reject role requests.


Assume 'group' means 'NGI':

NewRolesProposal.jpg

PI Changes

When we change the name of roles and add new roles these new roles will be shown in our PI. We will need to contact other PI users (including operational tools) to ensure they're Ok with the changes we'll make.

When these changes are implemented, some people's roles will change (e.g. Site Administrator -> Site Operations Manager).

The following methods are affected by these changes:

Background Information

The following spreadsheet provided by Peter Sologna and Vera Hansper further explains the new role types and changes to the old roles. (C' and D' have been added, others have had their permissions changed). File:FinerGrainedGOCDB rolesVeraProposal2.xls