Select the appropriate Representative and Group for
themselves. The Representative corresponding to their region is offered
in a drop-down menu. Example: CMS users from the USA should select Vijay
Sekhri as their Representative and /cms/uscms as their Group.
Everybody
is automatically registered under the root group /[VOname] in addition
to any Group they might select. Nobody can de-assign them from this "root
group" unless they get "Denied", in the first place or,
later on,
"Suspended", by the VO-Admin,
in which
case they can't
run any Grid jobs and they get deleted from the VOMS database.
When users select
additional Groups, the GroupOwners have nothing to do,
if they have no objection.
Users may select GroupRoles within a given Group as well.
An example of the whole process is described in http://grid.cyfronet.pl/egee/tiki-index.php?page=CE+ROC+dteam+membership+service It can be applied to all VOs, Groups and sub_Groups by changing the names appropriately.
Everything including VO member
suspension/removal that nobody else can do!
NB!!!If you try to remove a member and the box-to-tick is
grey, this means that the member has some authority
(GroupOwner/Manager or Representative). You 'll have to remove that
funtion first from him/her via "Manage VO Admin Roles". To remove the
GroupOwner/Manager autority, use control/click on the relevant
Group/Role (it will be blue)!
Approve Candidates during the initial registration and handle Expired users. To do this, the Representative should either click on the link (s)he got in the email notification or go to the web interface, open the "Members" sub-menu, click on "Set status", search for "New" candidates and approve those assigned to him/her.
The Representative selected by the user can assign another Representative before approving, as appropriate. Example: a DTEAM VO Candidate from a Russian LCG Site selected the SWE ROC manager as Representative. Gonzalo (SWE) can replace himself with Alexander (RDIG).
Group Owners can create groups/group roles and assign new Group Owner/Manager roles to member within the subgroups. If they decided that the user doesn't belong to their group(s) they can de-assign him/her at any time. Example: If Sven from DECH selects additional group /dteam/see, Kostas can move him out.
http://cern.ch/dimou/lcg/vomrs/Groups-Roles.doc contains the implementation details and plans on Groups/Roles.
VOMRS Tutorials: http://www.uscms.org/SoftwareComputing/Grid/VO/tutorials.html
VOMRS Online Documentation: http://computing.fnal.gov/docs/products/vomrs/
|
VO Admin |
Representative (chosen by Member) |
GroupOwner (within the group ) |
GroupManger (within the group ) |
Candidate |
remove |
|
|
|
Applicant |
Remove/approve/deny Assign/deassign to/from group and group role |
Approve/deny |
assign/deassign to/from group and group role |
assign/deassign to/from group and group role |
Member |
Remove/approve/suspend/expire Assign/deassign to/from group and group role |
expire from Institute but not from the VO |
assign/deassign to/from group and group role |
assign/deassign to/from group and group role |
Member’s certificate |
Remove/approve/deny/suspend
|
|
assign/deassign to/from group and group role |
assign/deassign to/from group and group role |
Editor: Maria Dimou, IT/GD, Grid Infrastructure Services