Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "GOCDB/Release4/Development/NewRoles"

From EGIWiki
Jump to navigation Jump to search
 
(47 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Template:Op menubar}}
{{Template:GOCDB_menubar}}
{{TOC_right}}
[[Category:GOCDB]]
<< Back to [[GOCDB/Release4/Development]]
= New Roles in GOCDB =
= New Roles in GOCDB =
== Introduction ==
== Introduction ==
Line 5: Line 10:
== Plan ==
== Plan ==
* Agree on new roles + authorizations
* Agree on new roles + authorizations
* Agree on changes to the PI
* Notify PI users of changes to the PI
** '''Users of queries that will change'''
** '''Users of queries that will change'''
** Cyril - Central and Regional Ops Portal
** Cyril - Central and Regional Ops Portal
** Emir - Nagios
** Emir - Nagios
** pakiti.egi.eu?
** pakiti.ics.muni.cz
** Accounting portal
* Deploy new roles
* Deploy new roles
** Deploy code
** Deploy code
** Switch old roles over to new
** Switch old roles over to new


== Changes to Roles ==
== New Role Types ==
{| {{egi-table}}
* A role: Unregistered users
! Method name !! type !! description !! Protection level
* B role: Registered users with no role
* C role:  Users with a role at site level (site admin)
* C' role: Users with a management role at site level (site operations manager, site security officer...)
* D role:  Users with a role at regional level (regional staff support staff, ROD, 1st Line Support)
* D' role: Users with a management role at regional level (NGI manager or deputy, security officer)
* E role:  Users with a role at project level
 
== Changes to Roles ==
 
{|
|-
| '''Old Role Name'''
| '''New Role Name'''
| '''New Type of Role'''
| '''Mandatory'''
|-
| (N/A)
| Site Administrator
| C
| No
|-
| Security Officer*
| Site Security Officer
| C'
| Yes
|-
| (New Role)
| Site Operations Deputy Manager
| C'
| No
|-
| Site Administrator
| Site Operations Manager
| C'
| Yes
|-
|-
|[[GOCDB/PI/get_site_method|get_site]] || read - generic || Returns site information including contacts, grouped by site || 2
| (New Role)
| Regional First Line Support
| D
| No
|-
|-
|[[GOCDB/PI/get_site_list_method|get_site_list]] || read - generic || Returns a list of sites with minimal associated information || 1
| Regional Operations Staff
| Regional Staff (ROD)
| D
| Strongly suggested
|-
|-
|[[GOCDB/PI/get_site_contacts_method|get_site_contacts]] || read - generic || Returns a list of persons (and associated info) having a role at site level, grouped per site ||2
| Deputy Regional Manager
| NGI Operations Deputy Manager
| D'
| No
|-
|-
|[[GOCDB/PI/get_site_security_info_method|get_site_security_info]] || read - generic || Returns security contact information for sites || 3
| Regional Manager
| NGI Operations Manager
| D'
| Yes
|-
|-
|[[GOCDB/PI/get_roc_list_method|get_roc_list]] || read - generic || Returns a list of NGIs with minimal associated information || 1
| Security Officer*
| NGI Security Officer
| D'
| Yes
|-
|-
|[[GOCDB/PI/get_subgrid_list_method|get_subgrid_list]] || read - generic || Returns a list of Subgrids (i.e. registered sub-parts of an NGI) with minimal associated information || 1
| COD Staff
| COD Staff
| E
| Non NGI Role
|-
|-
|[[GOCDB/PI/get_roc_contacts_method|get_roc_contacts]] || read - generic || Returns NGI contact details, including NGI contact mail address and list of NGI staff || 2
| COD Administrator
| COD Administrator
| E
| Non NGI Role
|-
|-
|[[GOCDB/PI/get_egee_contacts_method|get_egee_contacts]] || read - generic || Returns a list of contacts for staff that have a role a EGI level || 2
| Chief Operations Officer
| Chief Operations Officer
| E
| Non NGI Role
|-
|-
|[[GOCDB/PI/get_downtime_method|get_downtime]] || read - generic || Returns a list of EGI downtimes for sites and nodes || 1
| Security Officer*
| EGI CSIRT Officer
| E
| Non NGI Role
|}
 
\* This role name is duplicated at a site, NGI and project level. The new role names explicitly define which level the roles operate at.
 
== Role Actions/Permissions ==
The table below shows which actions the different roles allow.
Users can have multiple roles. Important differences are highlighted:
* The only difference between C and C' users is that:
** C can NOT approve/reject role requests. 
** C' can only approve/reject role requests for their SITE.
* The difference between D and D' users is that:
** D can NOT add/delete sites to/from their NGI.
** D can NOT update the certification status of member sites.
** D can NOT approve or reject role requests.


|}


== Access Levels ==
Assume 'group' means 'NGI':
The following spreadsheet further explains the new role types and changes to the old roles. (C' and D' have been added, others have had their permissions changed). [[Media:FinerGrainedGOCDB_rolesVeraProposal2.xls]]
 
[[File:NewRolesProposal.jpg]]


== PI Changes ==
== PI Changes ==
When we change the name of roles and add new roles this will be reflected through our PI. We will need to contact other PI users (including operational tools) to ensure they're Ok with the changes we'll make.
When we change the name of roles and add new roles these new roles will be shown in our PI. We will need to contact other PI users (including operational tools) to ensure they're Ok with the changes we'll make.
 
When these changes are implemented, some people's roles will change (e.g. Site Administrator -> Site Operations Manager).


The following methods are affected by these changes:
The following methods are affected by these changes:
Line 47: Line 132:
* https://goc.egi.eu/gocdbpi/private/?method=get_roc_contacts
* https://goc.egi.eu/gocdbpi/private/?method=get_roc_contacts
* https://goc.egi.eu/gocdbpi/private/?method=get_user
* https://goc.egi.eu/gocdbpi/private/?method=get_user
== Background Information ==
The following spreadsheet provided by Peter Sologna and Vera Hansper further explains the new role types and changes to the old roles. (C' and D' have been added, others have had their permissions changed). [[File:FinerGrainedGOCDB_rolesVeraProposal2.xls]]

Latest revision as of 12:31, 18 December 2012

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


GOC DB menu: Home Documentation Index


<< Back to GOCDB/Release4/Development

New Roles in GOCDB

Introduction

The GOCDB role mechanism will be updated to better address the needs of our user community. We will update the name of some roles, add new roles and make changes to the actions each role grants the user. These changes will affect both the front end portal and information made available through our programmatic interface. The original request for these improvements was made by Vera Hansper and has been followed up by Peter Sologna. Thanks to both for their contributions so far.

Plan

  • Agree on new roles + authorizations
  • Notify PI users of changes to the PI
    • Users of queries that will change
    • Cyril - Central and Regional Ops Portal
    • Emir - Nagios
    • pakiti.egi.eu?
    • pakiti.ics.muni.cz
    • Accounting portal
  • Deploy new roles
    • Deploy code
    • Switch old roles over to new

New Role Types

  • A role: Unregistered users
  • B role: Registered users with no role
  • C role: Users with a role at site level (site admin)
  • C' role: Users with a management role at site level (site operations manager, site security officer...)
  • D role: Users with a role at regional level (regional staff support staff, ROD, 1st Line Support)
  • D' role: Users with a management role at regional level (NGI manager or deputy, security officer)
  • E role: Users with a role at project level

Changes to Roles

Old Role Name New Role Name New Type of Role Mandatory
(N/A) Site Administrator C No
Security Officer* Site Security Officer C' Yes
(New Role) Site Operations Deputy Manager C' No
Site Administrator Site Operations Manager C' Yes
(New Role) Regional First Line Support D No
Regional Operations Staff Regional Staff (ROD) D Strongly suggested
Deputy Regional Manager NGI Operations Deputy Manager D' No
Regional Manager NGI Operations Manager D' Yes
Security Officer* NGI Security Officer D' Yes
COD Staff COD Staff E Non NGI Role
COD Administrator COD Administrator E Non NGI Role
Chief Operations Officer Chief Operations Officer E Non NGI Role
Security Officer* EGI CSIRT Officer E Non NGI Role

\* This role name is duplicated at a site, NGI and project level. The new role names explicitly define which level the roles operate at.

Role Actions/Permissions

The table below shows which actions the different roles allow. Users can have multiple roles. Important differences are highlighted:

  • The only difference between C and C' users is that:
    • C can NOT approve/reject role requests.
    • C' can only approve/reject role requests for their SITE.
  • The difference between D and D' users is that:
    • D can NOT add/delete sites to/from their NGI.
    • D can NOT update the certification status of member sites.
    • D can NOT approve or reject role requests.


Assume 'group' means 'NGI':

NewRolesProposal.jpg

PI Changes

When we change the name of roles and add new roles these new roles will be shown in our PI. We will need to contact other PI users (including operational tools) to ensure they're Ok with the changes we'll make.

When these changes are implemented, some people's roles will change (e.g. Site Administrator -> Site Operations Manager).

The following methods are affected by these changes:

Background Information

The following spreadsheet provided by Peter Sologna and Vera Hansper further explains the new role types and changes to the old roles. (C' and D' have been added, others have had their permissions changed). File:FinerGrainedGOCDB rolesVeraProposal2.xls