Manual pro spravce VO
VO manager is a person or group of people allowed to manipulate with VO data. First manager of particular VO must be created by Perun admin.Vo manager can utilize both CLI interface and web GUI to operate system entities. VO manager is responsible for following tasks:
- 1 Zasílání pozvánek do VO
- 2 Schvalování uživatelů
- 3 Mazání uživatelů
- 4 Prodloužení členství ve VO
- 5 Vytvoření servisního účtu
- 6 Změna hesla servisního účtu
- 7 Založení skupiny
- 8 Nastavení kvót na úložišti
- 9 Adding users among VO members
- 10 Creating a VO manager from VO member
- 11 Group administration
- 12 Creating group manager from VO member
- 13 Adding VO members into group
- 14 Creating resource tags
- 15 Resource utilization
- 16 Managing an application form
- 17 Creating rules to account extensions
- 18 More tasks
Adding users among VO members
VO manager is allowed to select user that will become a member of the VO from external identity resources or resources available to the VO. Choosing your VO from the VO list in GUI, you will see not only details about VO but also menu items in left part. VO manager uses menu to administer VO. Button Members serves to list all VO members. Button Add enables to select new user from list of candidates. Button Search is used to search for the user. User detail is shown by clicking the user in the list of members. Button Remove serves to remove member from VO.
Creating a VO manager from VO member
VO manager is allowed to create a VO manager from any other VO member. Detailed tutorial how to add VO manager.
VO inner structure can be enhanced by hierarchy of groups. Every group has an access rights to particular resources in VO. Group administration is described in a detail in Group manager's manual.
Creating group manager from VO member
VO manager can create a group manager from VO member. How to create a Group manager is described in Group manager's manual.
Adding VO members into group
VO manager and Group manager can add a VO member into group. Whole process is described in the Group manager's manual.
VO manager can create tags for resources. Detailed tutorial: how to create resource tag.
Resource is part of Facility that can VO utilize. It is created by Facility manager, but only VO manager is allowed to manipulate with it.
First, select particular VO in GUI. Button Resources shows list of resources in VO. Button Remove removes selected Resources.
By clicking the row with name of Resource, the detailed information appears. By clicking the tab Assigned groups, the list of assigned groups is listed. Tab Assigned services shows list of assigned services. By clicking on the button Service settings, page with attributes' settings is shown. These attributes are necessary to proper functionality of services.
- Add member to resource
- Remove member from resource
- Assign group to resource
- Assign service to resource
- Assign tag to resource
Managing an application form
Creating rules to account extensions
It is necessary to set attribute membershipExpirationRules for VO. Attribute can be added in Settings in VO. Its items can be:
- doNotAllowLoa - list of LoAs separated by comma, which won't be allowed in VO (users can't become members).
- period - time period to extend membership. It can be set as fixed date (without year), e.g. 1.1 or as number of days/months/years with prefix "+" that defines time period that extends membership. Units are d = day, m = month, y = year, e.g. +128d extends account to 128 days. +6m, + 1y.
- doNotExtendLoa - list of LoAs separated by comma, that are not extensible.
- gracePeriod - when present date of initial application or extending request equels extension date minus gracePeriod then user account is extended to the next time period (period date in next year). Value is in format number days/months/years. Units are d = day, m = month, y = year, e.g. 128d, 6m, 1y
- periodLoa - an exception in period for given LoA. Format of value is: LoA|period[.]. LoA is given Loa number and period is in same format as a period. Optional dot at the end means whether extend an account to user with filled membershipExpiration or not. If dot is present, user with filled membershipExpiration is not allowed to extend an account.