VOMS Groups, Roles, and Access Sample Clauses

VOMS Groups, Roles, and Access. Control Lists (1) DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=flavia/CN=388195/CN=Flavia Donno To define the privileges of a user at a given moment, groups, subgroups, and roles can be defined. In particular, a user can belong to multiple groups and sub-groups and have a number of roles at a given time. Example of groups and roles: (2) dteam/Role=lcgadmin (3) /dteam (4) dteam/cern Once the user presents his proxy to a Grid service, this typically maps the groups, subgroups, and roles to one or more GIDs (Group IDs) and the user DN to one specific UID (User ID). The privileges of the user on the resources managed by the contacted Grid service are therefore defined by the privileges of the n-tuple (UID, GIDs) in the system. LCMAPS mapping examples: (5) “/dteam/Role=lcgadmin” .dteamsgm (6) “/dteam” .dteam (7) “/dteam/cern” .dteamcern An Access Control List (ACL) is a list of entries defining the authorization on a given resource. ACLs can be positive, i.e. defining who is authorized to perform a given set of operations or access a given resource, or negative, negating permission to the service. Example of a DPM positive ACL: (8) file: /grid/dteam # owner: root # group: dteam user::rwx group:: rwx group:dteam/Role=lcgadmin:rwx group:dteam/Role=production:rwx mask::rwx other::r-x default:user::rwx default:group:rwx default:group:dteam/Role=lcgadmin:rwx default:group:dteam/Role=production:rwx default:mask::rwx default:other::r-x