VOMRS Recipes for VO/ROC/Site managers

 

What users filling the [VOname] VO Registration form should do:

Select the appropriate Representative and Group for themselves. The Representative corresponding to their region is offered in a drop-down menu. Example: CMS users from the USA should select Vijay Sekhri as their Representative and /cms/uscms as their Group.
Everybody is automatically registered under the root group /[VOname] in addition to any Group they might select. Nobody can de-assign them from this "root group" unless they get "Denied", in the first place or, later on, "Suspended", by the VO-Admin, in which case they can't run any Grid jobs and they get deleted from the VOMS database.
When users select additional Groups, the GroupOwners have nothing to do, if they have no objection.
Users may select GroupRoles within a given Group as well.

An example of the whole process is described in http://grid.cyfronet.pl/egee/tiki-index.php?page=CE+ROC+dteam+membership+service It can be applied to all VOs, Groups and sub_Groups by changing the names appropriately.

What the VO-Admin can do:

Everything including VO member suspension/removal that nobody else can do!
NB!!!If you try to remove a member and the box-to-tick is grey, this means that the member has some authority (GroupOwner/Manager or Representative). You 'll have to remove that funtion first from him/her via "Manage VO Admin Roles". To remove the GroupOwner/Manager autority, use control/click on the relevant Group/Role (it will be blue)!

What the Representative can do:

Approve Candidates during the initial registration and handle Expired users. To do this, the Representative should either click on the link (s)he got in the email notification or go to the web interface, open the "Members" sub-menu, click on "Set status", search for "New" candidates and approve those assigned to him/her.

The Representative selected by the user can assign another Representative before approving, as appropriate. Example: a DTEAM VO Candidate from a Russian LCG Site selected the SWE ROC manager as Representative. Gonzalo (SWE) can replace himself with Alexander (RDIG).

What the GroupOwners can do:

Group Owners can create groups/group roles and assign new Group Owner/Manager roles to member within the subgroups. If they decided that the user doesn't belong to their group(s) they can de-assign him/her at any time. Example: If Sven from DECH selects additional group /dteam/see, Kostas can move him out.

http://cern.ch/dimou/lcg/vomrs/Groups-Roles.doc contains the implementation details and plans on Groups/Roles.

Mini How-To:

VOMRS Tutorials: http://www.uscms.org/SoftwareComputing/Grid/VO/tutorials.html

VOMRS Online Documentation: http://computing.fnal.gov/docs/products/vomrs/


 

 

 

VO Admin

Representative  (chosen by Member)   

GroupOwner    (within the group ) 

GroupManger   (within the group ) 

Candidate

remove

 

 

 

Applicant

Remove/approve/deny

Assign/deassign  to/from group and group role

Approve/deny

assign/deassign to/from group and group role

assign/deassign to/from group and group role

Member

Remove/approve/suspend/expire

Assign/deassign  to/from group and  group role

expire from Institute but not from the VO

assign/deassign to/from group and group role

assign/deassign to/from group and group role

Member’s certificate

Remove/approve/deny/suspend

 

 

assign/deassign to/from group and group role

assign/deassign to/from group and group role

 

All material kindly offered by Tanya Levshina (VOMRS Project Leader and developer)

Editor: Maria Dimou, IT/GD, Grid Infrastructure Services