Hi Danushka, Although we do not have that many roles to ponder it is a good model to follow if someday we consider controlling gateway-user access to Airavata through a control model in Airavata. At the moment we trust the gateway would enforce the correct control.
At the moment we recognize 3 types of user roles. Airavata admin (responsible for creating/managing gateways and gateway admins), Gateway admin (managing his/her own gateway users/resources/workflows etc) and gateways user (eg: the scientist). Here it is necessary to identify the role at Airavata end to enable the use of specific thrift services because of the support for desktop and mobile apps. On Tue, Jun 24, 2014 at 11:16 PM, Danushka Menikkumbura < [email protected]> wrote: > Hi, > > I think the access control model needs to be flexible so that you can > define actions (operations) and attach them to roles as you wish {assuming > RBAC}. In that case, Admin is yet another role. Identifying potential > admin-level operations is fine but I think you get my point. > > Danushka > > > On Wed, Jun 25, 2014 at 2:13 AM, Eroma Abeysinghe < > [email protected]> wrote: > >> Hello Devs, >> >> Hello, >> >> Summarizing the offline discussion had with Saminda on Admin module of >> Airavata. >> *Open for discussion* >> Devs, please add anything i have missed out and we need to decide what we >> are going to add into the gateway admin API and provide UIs in PHP >> reference gateway in phase I (by the time for XSEDE). >> >> In Airavata there are two Admin levels; >> Airavata admin level & Gateway Admin level. >> >> Airavata admin level (user) being the highest level; should be able to >> create ; >> >> 1. Gateways in Airavata >> 2. Gateway admin users in Airavata >> >> for Airavata admin IMO we don't need to provide any UI but providing an >> API would be sufficient. >> >> For Gateway Admin users; >> >> 1. Create & maintain gateway users and user roles (e.g. Airavata >> admin, Gateway admin, standard user, etc...) >> 2. Create & manage resources >> 3. Create & manage resource level credentials >> 4. Create and manage projects >> 5. Create and manage applications (app catalog) - Assumption: App >> catalog is managed and records created at gateway admin level. >> 6. View all experiments in the gateway and their current statuses. >> Admin user should also be able to terminate/cancel experiments (manage >> experiments) created by other users. >> 7. View audit logs and other logs related to experiment executions >> 8. Statistical report generations - on experiments, users, projects, >> resources, applications,etc.... >> >> >> -- >> Thank You, >> Best Regards, >> Eroma >> > >
