New Roles in GOCDB
The GOCDB role mechanism will be updated to better address the needs of our user community. We will update the name of some roles, add new roles and make changes to the actions each role grants the user. These changes will affect both the front end portal and information made available through our programmatic interface. The original request for these improvements was made by Vera Hansper and has been followed up by Peter Sologna. Thanks to both for their contributions so far.
- Agree on new roles + authorizations
- Notify PI users of changes to the PI
- Users of queries that will change
- Cyril - Central and Regional Ops Portal
- Emir - Nagios
- Accounting portal
- Deploy new roles
- Deploy code
- Switch old roles over to new
New Role Types
- A role: Unregistered users
- B role: Registered users with no role
- C role: Users with a role at site level (site admin)
- C' role: Users with a management role at site level (site operations manager, site security officer...)
- D role: Users with a role at regional level (regional staff support staff, ROD, 1st Line Support)
- D' role: Users with a management role at regional level (NGI manager or deputy, security officer)
- E role: Users with a role at project level
Changes to Roles
|Old Role Name||New Role Name||New Type of Role||Mandatory|
|Site Administrator||Site Administrator||C||No|
|Security Officer*||Site Security Officer||C'||Yes|
|(New Role)||Site Operations Deputy Manager||C'||No|
|(New Role)||Site Operations Manager||C'||Yes|
|(New Role)||Regional First Line Support||D||No|
|Regional Operations Staff||Regional Staff (ROD)||D||Strongly suggested|
|Deputy Regional Manager||NGI Operations Deputy Manager||D'||No|
|Regional Manager||NGI Operations Manager||D'||Yes|
|Security Officer*||NGI Security Officer||D'||Yes|
|COD Staff||COD Staff||E||Non NGI Role|
|COD Administrator||COD Administrator||E||Non NGI Role|
|Chief Operations Officer||Chief Operations Officer||E||Non NGI Role|
|Security Officer*||EGI CSIRT Officer||E||Non NGI Role|
\* This role name is duplicated at a site, NGI and project level. The new role names explicitly define which level the roles operate at.
The table below shows which actions the different roles allow. Users can have multiple roles. Important differences are highlighted:
- The only difference between C and C' users is that:
- C can NOT approve/reject role requests.
- C' can only approve/reject role requests for their SITE.
- The difference between D and D' users is that:
- D can NOT add/delete sites to/from their NGI.
- D can NOT update the certification status of member sites.
- D can NOT approve or reject role requests.
Assume 'group' means 'NGI':
When we change the name of roles and add new roles these new roles will be shown in our PI. We will need to contact other PI users (including operational tools) to ensure they're Ok with the changes we'll make.
When these changes are implemented, some people's roles will change (e.g. Site Administrator -> Site Operations Manager).
The following methods are affected by these changes:
The following spreadsheet provided by Peter Sologna and Vera Hansper further explains the new role types and changes to the old roles. (C' and D' have been added, others have had their permissions changed). File:FinerGrainedGOCDB rolesVeraProposal2.xls