GridSafeDocumentation/UserAdministration/

User Administration

Grid-SAFE keeps a database table of all users of the system. The default PersonFactory? handler class relies on tomcat or the apache webserver to handle access control and will automatically create an entry for every user that connects to the system.

This class can be configured with a parser to allow User information to be uploaded from a file.For example the PasswdParser? will read user information in Unix passwd file format. If you are using a parser you can turn off automatic creation of user entries by setting the property service.feature.disable.createusers=true

If the user names in the accounting data match the usernames you are using for the accounting website, you cn use the Person table as a classifier table so that the accounting tables are linked to the Person table and are populated as accounting data is loaded.

There are also other handler classes that can be used for self registration using Email addresses and Certificate based authentication.

User roles

The permissions of a user of the accounting portal are controlled by a set of roles. These are stored in the role_table database table. You can edit the roles a user has using the Admin forms on the web-portal. You can change the set of roles settable by this form by setting the role_list configuration parameter.

If a role name appears in the list set by the toggle_roles list then a user with the role may enable/disable the role dynamically.

As well as supporting global roles a Relationship table can be used to define roles with respect to some other object in the database. For example to define mangers for particular projects.

 

Grid-SAFE was funded by JISC and is maintained, developed, and managed by EPCC at the University of Edinburgh