Manual pro spravce VO

From MetaCentrum
Jump to: navigation, search

Back to Perun main page

VO manager is a person or group of people allowed to manipulate with VO data. First manager of particular VO must be created by Perun admin.Vo manager can utilize both CLI interface and web GUI to operate system entities. VO manager is responsible for following tasks:

Zasílání pozvánek do VO

Schvalování uživatelů

Mazání uživatelů

Prodloužení členství ve VO

Vytvoření servisního účtu

Změna hesla servisního účtu

Založení skupiny

Nastavení kvót na úložišti

Adding users among VO members

VO manager is allowed to select user that will become a member of the VO from external identity resources or resources available to the VO. Choosing your VO from the VO list in GUI, you will see not only details about VO but also menu items in left part. VO manager uses menu to administer VO. Button Members VO serves to list all VO members. Button Add enables to select new user from list of candidates. Button Search is used to search for the user. User detail is shown by clicking the user in the list of members. Button Remove serves to remove member from VO.

Creating a VO manager from VO member

VO manager is allowed to create a VO manager from any other VO member. Detailed tutorial how to add VO manager.

Group administration

VO inner structure can be enhanced by hierarchy of groups. Every group has an access rights to particular resources in VO. Group administration is described in a detail in Group manager's manual.

Creating group manager from VO member

VO manager can create a group manager from VO member. How to create a Group manager is described in Group manager's manual.

Adding VO members into group

VO manager and Group manager can add a VO member into group. Whole process is described in the Group manager's manual.

Creating resource tags

VO manager can create tags for resources. Detailed tutorial: how to create resource tag.

Resource utilization

Resource is part of Facility that can VO utilize. It is created by Facility manager, but only VO manager is allowed to manipulate with it.

First, select particular VO in GUI. Button Resources resource shows list of resources in VO. Button Remove removes selected Resources.

By clicking the row with name of Resource, the detailed information appears. By clicking the tab Assigned groups, the list of assigned groups is listed. Tab Assigned services shows list of assigned services. By clicking on the button Service settings, page with attributes' settings is shown. These attributes are necessary to proper functionality of services.

How to:

Managing an application form

Tutorial to create basic application form.

Approve application to VO.

Creating rules to account extensions

It is necessary to set attribute membershipExpirationRules for VO. Attribute can be added in Settings in VO. Its items can be:

  • doNotAllowLoa - list of LoAs separated by comma, which won't be allowed in VO (users can't become members).
  • period - time period to extend membership. It can be set as fixed date (without year), e.g. 1.1 or as number of days/months/years with prefix "+" that defines time period that extends membership. Units are d = day, m = month, y = year, e.g. +128d extends account to 128 days. +6m, + 1y.
  • doNotExtendLoa - list of LoAs separated by comma, that are not extensible.
  • gracePeriod - when present date of initial application or extending request equels extension date minus gracePeriod then user account is extended to the next time period (period date in next year). Value is in format number days/months/years. Units are d = day, m = month, y = year, e.g. 128d, 6m, 1y
  • periodLoa - an exception in period for given LoA. Format of value is: LoA|period[.]. LoA is given Loa number and period is in same format as a period. Optional dot at the end means whether extend an account to user with filled membershipExpiration or not. If dot is present, user with filled membershipExpiration is not allowed to extend an account.

More tasks

Full list of all VO manager tasks