Child pages
  • Group Management
Skip to end of metadata
Go to start of metadata

LDAP groups need to exist to control access to research VMs and to storage. As much as possible, this should be automated, as part of the service provision process. 

Researcher will be able to self register a research project through a web form, which will register the project in the Project Database. Registering a project will allow users to request storage and/or request research VMs for the project. 

Registering a research project will also trigger the automatic creation of 5 groups, in the LDAP (Via NetAccount, in the domain). 

  1. <project_DB_code> + _rw (ACL for storage)
  2. <project_DB_code> + _ro (ACL for storage)
  3. <project_DB_code> + _vmadmin (ACL for Administrator/Sudo access on the VM)
  4. <project_DB_code> + _vmuser (ACL for login)
  5. <project_DB_code> + group_admin (ACL for administering these groups)
  6. <project_DB_code> + _t (All the other user groups get included in this)



  • No labels