GOCDB/Release4/Development/NewRoles

From EGIWiki
< GOCDB‎ | Release4‎ | Development
Revision as of 12:31, 18 December 2012 by Krakow (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


GOC DB menu: Home Documentation Index


<< Back to GOCDB/Release4/Development

New Roles in GOCDB

Introduction

The GOCDB role mechanism will be updated to better address the needs of our user community. We will update the name of some roles, add new roles and make changes to the actions each role grants the user. These changes will affect both the front end portal and information made available through our programmatic interface. The original request for these improvements was made by Vera Hansper and has been followed up by Peter Sologna. Thanks to both for their contributions so far.

Plan

  • Agree on new roles + authorizations
  • Notify PI users of changes to the PI
    • Users of queries that will change
    • Cyril - Central and Regional Ops Portal
    • Emir - Nagios
    • pakiti.egi.eu?
    • pakiti.ics.muni.cz
    • Accounting portal
  • Deploy new roles
    • Deploy code
    • Switch old roles over to new

New Role Types

  • A role: Unregistered users
  • B role: Registered users with no role
  • C role: Users with a role at site level (site admin)
  • C' role: Users with a management role at site level (site operations manager, site security officer...)
  • D role: Users with a role at regional level (regional staff support staff, ROD, 1st Line Support)
  • D' role: Users with a management role at regional level (NGI manager or deputy, security officer)
  • E role: Users with a role at project level

Changes to Roles

Old Role Name New Role Name New Type of Role Mandatory
(N/A) Site Administrator C No
Security Officer* Site Security Officer C' Yes
(New Role) Site Operations Deputy Manager C' No
Site Administrator Site Operations Manager C' Yes
(New Role) Regional First Line Support D No
Regional Operations Staff Regional Staff (ROD) D Strongly suggested
Deputy Regional Manager NGI Operations Deputy Manager D' No
Regional Manager NGI Operations Manager D' Yes
Security Officer* NGI Security Officer D' Yes
COD Staff COD Staff E Non NGI Role
COD Administrator COD Administrator E Non NGI Role
Chief Operations Officer Chief Operations Officer E Non NGI Role
Security Officer* EGI CSIRT Officer E Non NGI Role

\* This role name is duplicated at a site, NGI and project level. The new role names explicitly define which level the roles operate at.

Role Actions/Permissions

The table below shows which actions the different roles allow. Users can have multiple roles. Important differences are highlighted:

  • The only difference between C and C' users is that:
    • C can NOT approve/reject role requests.
    • C' can only approve/reject role requests for their SITE.
  • The difference between D and D' users is that:
    • D can NOT add/delete sites to/from their NGI.
    • D can NOT update the certification status of member sites.
    • D can NOT approve or reject role requests.


Assume 'group' means 'NGI':

NewRolesProposal.jpg

PI Changes

When we change the name of roles and add new roles these new roles will be shown in our PI. We will need to contact other PI users (including operational tools) to ensure they're Ok with the changes we'll make.

When these changes are implemented, some people's roles will change (e.g. Site Administrator -> Site Operations Manager).

The following methods are affected by these changes:

Background Information

The following spreadsheet provided by Peter Sologna and Vera Hansper further explains the new role types and changes to the old roles. (C' and D' have been added, others have had their permissions changed). File:FinerGrainedGOCDB rolesVeraProposal2.xls