DRAFT Notes from a meeting between Maria Dimou (LCG Registration), Isabel Fernandez Gonzales (PIE Technical contact), Ian Neilson (LCG Security Officer) and Chris Onions (User Office Head) on 2004-04-30.
Reminder:
The Experiments Database, known as PIE db, standing for Persons, Institutes, Experiments is, in fact, a web interface to the CERN HR database to facilitate update transactions by the Experiment secretariats (CERN staff) and the Users' Office (UO). A similar interface, called PAD is used by the Department secretariats to register people who are not related to an experiment. This registration in HR is a prerequisite for users of CERN computing resources. This prerequisite doesn't apply to grid users at the moment, i.e. accesses CERN computing resources attached to the Grid, in which case, different authorisation mechanisms are used (e.g. the grid-map file for LCG at present).
QUESTION | ANSWER |
What information is available for auditing purposes, e.g. containing signatures? | The person has to fill a form different to the one for obtaining a CERN computer account. |
Who decides that a new Institute joins an experiment? | It is the experiment's Executive Board that announces the new Institute and its relevant Departments to the UO. |
Are there any exceptions? | Unofficial institute participation is possible but, such institutes don't appear in the greybook. (See notes that explain what the greybook is). |
Who else is missing from the greybook? | Institute employees who are non signatory experiment members, e.g. technicians. |
Who can register a new Institute in the PIE db? | Is is only the UO that has exclusive rights to perform such transactions. |
What information is available for auditing purposes e.g. holding Team Leader's (TL) signature? | A TL-specific form that will hold his/her (manual) signature is under preparation. The TL *must* have a CERN ID. The existence of a Deputy TL is foreseen in the db but it is not mandatory. |
What is the relevant LCG term for the TL in HR? | Although there is no complete function overlap, the TL can be considered the same person as the Institute Representative (IR) as defined in the LCG Registration Requirements document. |
Why should an experiment member, who never comes to CERN and needs no CERN computer account, be in the PIE db? | Just to be part of their experiment mailing lists, which are automatically extracted from the PIE database (See EXT2 below). |
How many "categories" exist for People in PIE db? | USER (comes on the CERN site), STAFF, FELLOW (have relevant types of contracts), EXT (external). |
Who updates the Personal Information of People in PIE db? | Is is only the UO that has exclusive rights to perform such transactions. |
Who updates EXT users? | The experiment secretariat. The UO doesn't get involved in such cases. |
How many types of EXT users exist? | EXT1: Person comes on the CERN site for committee meetings etc. (S)He
should give the name of a CERN contact person at the entrance gate. EXT2:Person never comes on site but is associated with a CERN experiment. |
What, in EXT users' registration, is a concern for LCG? |
|
How is the data validity checked, i.e. who decides if a record is up-to-date? | Internal procedures for data validation vary across experiments. E.g.
CMS has the culture to inform its secretariat when a member leaves, wherelse
the ATLAS secretariat sends yearly reports to TLs for reviewing users in
their team. Persons in the USER category have to be reviewed by the TL every 2 years via a paper check-list form which the TL signs. This procedure is strictly followed due to accident insurance coverage issues involved. |
What are the plans for stricter update procedures? | The new CCDB project will foresee periodic (yearly?) email notification to users with CERN computer accounts prompting them to re-confirm they should keep their accounts (procedure not yet defined). |
Maria Dimou, IT/GD, Grid Infrastructure Services