Notes from a meeting between Maria Dimou (LCG Registration), Isabel Fernandez Gonzales (PIE Technical contact), Ian Neilson (LCG Security Officer) and Chris Onions (User Office Head) on 2004-04-30.
Reminder:
The Experiments Database, known as PIE db, standing for Persons, Institutes, Experiments is, in fact, a web interface to the CERN HR database to facilitate update transactions by the Experiment secretariats (CERN staff) and the Users' Office (UO). A similar interface, called PAD is used by the Department secretariats to register people who are not related to an experiment. This registration in HR is a prerequisite for users of CERN computing resources. This prerequisite doesn't apply to grid users at the moment, i.e. accesses CERN computing resources attached to the Grid, in which case, different authorisation mechanisms are used (e.g. the grid-map file for LCG at present).
| QUESTION | ANSWER |
| What information is available for auditing purposes, e.g. containing signatures? | The person has to fill a form different to the one for obtaining a CERN computer account. |
| Who decides that a new Institute joins an experiment? | It is the experiment's management that announces the new Institute and its relevant Departments to the UO. |
| Are there any exceptions? | Unofficial institute participation is possible but, such institutes don't appear in the greybook. (See notes that explain what the greybook is). |
| Who else is missing from the greybook? | Institute employees who are non signatory experiment members, e.g. technicians. |
| Who can register a new Institute in the PIE db? | Is is only the UO that has exclusive rights to perform such transactions. |
| What information is available for auditing purposes e.g. holding Team Leader's (TL) signature? | A TL appointment form that holds his/her (manual) signature (plus an institute representative's) is used for all new TL appointments. Currently, the TLs appointed prior to the introduction of this form are being asked to sign to re-confirm their appointment. The TL *must* have a CERN ID. The existence of a Deputy TL is foreseen in the db but it is not mandatory. |
| What is the relevant LCG term for the TL in HR? | Although there is no complete function overlap, the TL can be considered the same person as the Institute Representative (IR) as defined in the LCG Registration Requirements document, but not necessarily. |
| Why should an experiment member, who never comes to CERN and needs no CERN computer account, be in the PIE db? | Just to be part of their experiment mailing lists, which are automatically extracted from the PIE database (See EXT2 below). |
| How many "categories" exist for People in PIE db? | USER (comes on the CERN site), STAFF, FELLOW (have relevant types of contracts), EXT (external). Isabel has commented on this |
| Who updates the Personal Information of People in the Oracle HR db? | Is is only the UO that has exclusive rights to perform such transactions. |
| Who updates EXT users? | The experiment secretariat. The UO doesn't get involved in such cases. |
| How many types of EXT users exist? | EXT1: Person comes on the CERN site for committee meetings etc. (S)He
should give the name of a CERN contact person when registering. EXT2:Person never comes on site but is associated with a CERN experiment. |
| What, in EXT users' registration, is a concern for LCG? |
|
| How is the data validity checked, i.e. who decides if a record is up-to-date? | Internal procedures for data validation vary across experiments. E.g.
CMS has the culture to inform its secretariat when a member leaves, wheras
the ATLAS secretariat sends yearly requests to TLs to review their team
members. Persons in the USER category have to be reviewed by the TL at most every 2 years via a paper check-list form which the TL signs. This procedure is strictly followed due to accident insurance coverage issues involved. |
| What are the plans for stricter update procedures? | The new CCDB project will foresee periodic (yearly?) email notification to EXT users with CERN computer accounts prompting them to re-confirm they should keep their accounts (procedure not yet defined). |
Maria Dimou, IT/GD, Grid Infrastructure Services