LDAP groups need to exist to control access to research VMs and to storage. As much as possible, this should be automated, as part of the service provision process.
Researcher will be able to self register a research project through a web form, which will register the project in the Project Database. Registering a project will allow users to request storage and/or request research VMs for the project.
Registering a research project will also trigger the automatic creation of 5 groups, in the LDAP (Via NetAccount, in the eresearch.auckland.ac.nz domain).
- <project_DB_code> + _rw (ACL for storage)
- <project_DB_code> + _ro (ACL for storage)
- <project_DB_code> + _vmadmin (ACL for Administrator/Sudo access on the VM)
- <project_DB_code> + _vmuser (ACL for login)
- <project_DB_code> + group_admin (ACL for administering these groups)
- <project_DB_code> + _t (All the other user groups get included in this)