Changes between Version 2 and Version 3 of Internal/Rbac/OrbitRbacDesign/ResourcesRoles


Ignore:
Timestamp:
Oct 2, 2006, 9:17:02 PM (18 years ago)
Author:
anonymous
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Internal/Rbac/OrbitRbacDesign/ResourcesRoles

    v2 v3  
    88
    99ORBIT Resources
    10   internal databases:  create, rename, delete, read and update
    11   external databases:  create, rename, delete, read and update;  see "An introduction to MySQL permissions" [[http://www.databasejournal.com/features/mysql/article.php/10897_3311731_2 Gil04]] or Chapter 5 "Database Administration" in the ''MySQL 3.23, 4.0, 4.1 Reference Manual'' [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/konquerorh9E2Ta.1-en.pdf MyS06a]].
    12   Linux File System:  create, rename, delete, read from, write to, and execute Linux files.
    13   Chassis Manager Service: complete access to it
    14   Aruba Sniffer:  complete access to it or just use of captured packets
    15   Noise Generator Access:  complete access to  it or just use of it
    16   Grid Authentication: 
    17   Internal Servers:  create, rename, delete, read and update
    18   Remote Data Acquisition: 
    19   Applications:  where?
    20   SandBoxes:  complete or by component
    21   Grid:  via scheduler
    22   Network Devices: 
     10 1. internal databases:  create, rename, delete, read and update
     11 1. external databases:  create, rename, delete, read and update;  see "An introduction to MySQL permissions" [[http://www.databasejournal.com/features/mysql/article.php/10897_3311731_2 Gil04]] or Chapter 5 "Database Administration" in the ''MySQL 3.23, 4.0, 4.1 Reference Manual'' [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/konquerorh9E2Ta.1-en.pdf MyS06a]].
     12 1. Linux File System:  create, rename, delete, read from, write to, and execute Linux files.
     13 1. Chassis Manager Service: complete access to it
     14 1. Aruba Sniffer:  complete access to it or just use of captured packets
     15 1. Noise Generator Access:  complete access to  it or just use of it
     16 1. Grid Authentication: 
     17 1. Internal Servers:  create, rename, delete, read and update
     18 1. Remote Data Acquisition: 
     19 1. Applications:  where?
     20 1. SandBoxes:  complete or by component
     21 1. Grid:  via scheduler
     22 1. Network Devices: 
    2323
    2424Is it expected that there will be any project-specific resources?
    2525
    2626ORBIT Roles
    27   ORBIT Administrator:  browse, add, modify and delete ORBIT users; browse, add, modify and delete ORBIT projects;  browse, add, modify and delete Project Leaders and Project Administrators; set logging options and audit ORBIT logs; can delegate to Designated ORBIT Administrator; cardinality = 1.
    28   Designated ORBIT Administrator:  same privileges as ORBIT Administrator except cannot delegate role; cardinality = 1.
    29   Experimenter:  all privileges to run an ORBIT experiment and analyze results, but not modify or delete results.
    30   Analyst:  can only analyze results of an ORBIT experiment, not run one.
    31   Project Administrator:  browse selected fields of and add ORBIT users;  add and delete users to and from roles in his or her project;  can delegate role to Designated Project Administrator; cardinality = 1 per project.
    32   Designated Project Administrator:  same privileges as Project Administrator except cannot delegate; cardinality = 1 per project.
    33   Project Leader:  can modify or delete results of any of the project's experiments; complete access to any project-specific resources;  can delegate to Designated Project Leader; cardinality = 1 per project.
    34   Designated Project Leader:  same privileges as Project Leader except cannot delegate;  cardinality = 1 per project.
    35   Developer:  not sure what the scope of a developer's privileges should be.  Does a developer become and Experimenter to run a test?
     27 * ORBIT Administrator:  browse, add, modify and delete ORBIT users; browse, add, modify and delete ORBIT projects;  browse, add, modify and delete Project Leaders and Project Administrators; set logging options and audit ORBIT logs; can delegate to Designated ORBIT Administrator; cardinality = 1.
     28 * Designated ORBIT Administrator:  same privileges as ORBIT Administrator except cannot delegate role; cardinality = 1.
     29 * Experimenter:  all privileges to run an ORBIT experiment and analyze results, but not modify or delete results.
     30 * Analyst:  can only analyze results of an ORBIT experiment, not run one.
     31 * Project Administrator:  browse selected fields of and add ORBIT users;  add and delete users to and from roles in his or her project;  can delegate role to Designated Project Administrator; cardinality = 1 per project.
     32 * Designated Project Administrator:  same privileges as Project Administrator except cannot delegate; cardinality = 1 per project.
     33 * Project Leader:  can modify or delete results of any of the project's experiments; complete access to any project-specific resources;  can delegate to Designated Project Leader; cardinality = 1 per project.
     34 * Designated Project Leader:  same privileges as Project Leader except cannot delegate;  cardinality = 1 per project.
     35 * Developer:  not sure what the scope of a developer's privileges should be.  Does a developer become and Experimenter to run a test?
    3636
    3737If there are different types of ORBIT experiments, may want more than one Experimenter role.