Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @

Difference between revisions of "GOCDB/Release4/Development/NewRoles"

From EGIWiki
Jump to navigation Jump to search
Line 103: Line 103:

Assume 'group' means 'NGI':  
Assume 'group' means 'NGI':  

Revision as of 18:25, 15 December 2011

<< Back to GOCDB/Documentation_Index
<< Back to GOCDB/Release4/Development

New Roles in GOCDB


The GOCDB role mechanism will be updated to better address the needs of our user community. We will update the name of some roles, add new roles and make changes to the actions each role grants the user. These changes will affect both the front end portal and information made available through our programmatic interface. The original request for these improvements was made by Vera Hansper and has been followed up by Peter Sologna. Thanks to both for their contributions so far.


  • Agree on new roles + authorizations
  • Notify PI users of changes to the PI
    • Users of queries that will change
    • Cyril - Central and Regional Ops Portal
    • Emir - Nagios
    • Accounting portal
  • Deploy new roles
    • Deploy code
    • Switch old roles over to new

New Role Types

  • A role: Unregistered users
  • B role: Registered users with no role
  • C role: Users with a role at site level (site admin)
  • C' role: Users with a management role at site level (site operations manager, site security officer...)
  • D role: Users with a role at regional level (regional staff support staff, ROD, 1st Line Support)
  • D' role: Users with a management role at regional level (NGI manager or deputy, security officer)
  • E role: Users with a role at project level

Changes to Roles

Old Role Name New Role Name New Type of Role
Site Administrator Site Administrator C
Security Officer* Site Security Officer C'
(New Role) Site Operations Deputy Manager C'
(New Role) Site Operations Manager C'
(New Role) Regional First Line Support D
Regional Operations Staff Regional Staff (ROD) D
Regional Manager NGI Operations Manager D'
Deputy Regional Manager NGI Operations Deputy Manager D'
Security Officer* NGI Security Officer D'
COD Staff COD Staff E
COD Administrator COD Administrator E
Chief Operations Officer Chief Operations Officer E
Security Officer* EGI CSIRT Officer E

\* This role name is duplicated at a site, NGI and project level. The new role names explicitly define which level the roles operate at.

Role Actions/Permissions

The table below shows which actions the different roles allow. Users can have multiple roles. Important differences are highlighted:

  • The only difference between C and C' users is that:
    • C can NOT approve/reject role requests.
    • C' can only approve/reject role requests for their SITE.
  • The difference between D and D' users is that:
    • D can NOT add/delete sites to/from their NGI.
    • D can NOT update the certification status of member sites.
    • D can NOT approve or reject role requests.

Assume 'group' means 'NGI':


PI Changes

When we change the name of roles and add new roles these new roles will be shown in our PI. We will need to contact other PI users (including operational tools) to ensure they're Ok with the changes we'll make.

When these changes are implemented, some people's roles will change (e.g. Site Administrator -> Site Operations Manager).

The following methods are affected by these changes:

Background Information

The following spreadsheet provided by Peter Sologna and Vera Hansper further explains the new role types and changes to the old roles. (C' and D' have been added, others have had their permissions changed). File:FinerGrainedGOCDB rolesVeraProposal2.xls