CERN HR database(s) and possible use by LCG
DRAFT Notes from a meeting between Francois Briard, Maria Dimou, Wim van Leersum,
Ian Neilson, Nick Ziogas on 2004-04-22.
The inter-related CERN databases holding persons' information contain amongst
others:
| Dept. HR Secretariats (PAD) |
Experiment Secretariats (PIE) |
|
HR database |
FI database |
CERN Stores |
Foundation |
| new-CCDB |
greybook |
EDH |
HRT |
The Experiments Database, known as PIE, standing for Persons, Institutes,
Experiments is, in fact, a web interface to the CERN HR database to facilitate
update transactions by the Experiment secretariats and the Users' Office (UO).
A similar interface, called PAD is used by the Department secretariats to register
people
who are not related to an experiment. This registration in HR is a prerequisite
for users of CERN computing resources.
A view to the HR database containing experiment members
per experiment and per institute, including the name of the Team Leader (=
Institute Representative) is in http://graybook.cern.ch/ (=
http://greybook.cern.ch/). Certain flags
in PIE forbid some experiment collaborators to be displayed in the graybook.
The HR database contains around 160K records today, i.e. CERN staff, students,
fellows, associates, their family members and even external service suppliers
who need access to the laboratory premises.
Most snapshots of the HR database, e.g. EDH (salary, leave et al application),
come out of "Foundation". However, some part of the information concerning
a person's computer accounts and acceptance of the CERN
Computing Rules are extracted from the Computer Centre DataBase (CCDB).
Information LCG needs:
- Missing records: Typical LCG users will be (some, not all) experiment members
but not only. E.g. system administrators
in LCG
sites who install and test the middleware will need to be reliably authenticated
before they are authorised to use the grid computing resources. Other potential
LCG users will be non-physicists technicians and engineers as well
as limited
duration
students
who will need a secure but quick authentication and authorisation procedure
to run programs on the grid for a few weeks. Most of these people
are not in the CERN HR database today.
- User's Personal Information: FamilyName, GivenName, InstituteName, ContactPhoneNumber,
Email. This information already exists for those users who are registered
in the HR database.
- InstituteRepresentative (IR): The person at the user’s employer institute,
who can check the validity of his/her data and confirm the identity of the
user and his/her right to become or remain a member of a given experiment
Virtual Organisation (VO) and his/her role in it. This information exists
under the "Team Leader" label. The person's "Role" also exists but doesn't
map to the type of permissions
for usage of grid resources.
- Participation Start/End Date. This information already exists for those
users who are registered in the HR database. The values of the
Start/End Date for the person's participation to the experiment and the LCG
"Registration Start/End Date" as defined in the LCG
Registration and VO Management Requirements' document, will often be different.
- A mechanism for the LCG user to explicitely
sign a form declaring acceptance to the LCG
Usage
Rules.
A
flag
in the PIE/PAD
interface
could
be foreseen
to reflect this action as done. This information doesn't exist today
but could be foreseen in the framework of the new-CCDB project.
- A mechanism to capture the LCG user's certificate DistinguishedName (DN)
and add it in his/her HR record. This information doesn't exist today but
could be foreseen in the framework of the new-CCDB project.
- Automatic warnings issued from the database under certain conditions like
end of person's contract period, change of institute, institute withdrawal
from
an experiment, change of the LCG Usage Rules.
This
information
is now produced
by
PIE users
with SQL queries.
Contact people around HR-related applications:
- PIE Technical responsibles: Derek Mathieson, Isabel Fernandez Gonzales. (***
ACTION *** Discuss with Isabel the conditions and procedures by which people
get removed from the database).
- UO Head of: Chris Onions.
- Experiment Secretariats: List of authorised http://ais.cern.ch/apps/pie/Users.htm
- Organisational
Procedures: Jean-Claude GUIRAUD, Gabriele THIEDE (2-monthly regular meetins
with PIE users)
- New-CCDB: Due in 2005. Technical responsibles: Wim van Leersum,
Nick Ziogas.
- HR DBA: Andre Regelbrugge.
- Foundation responsible: Francois Briard.
- New role: "Institute Administrator", a term put forward by Tony Cass, discussed
with the new-CCDB developers. This person will have the right to
fire a person misusing
resources. (*** ACTION *** Discuss with Tony Cass the relevance
of this role to the term of IR inLCG?).
Maria Dimou, IT/GD,
Grid Infrastructure Services