I should have explained this a bit better. There are 2 levels of
authorization here. 1) access to the services in a container 2)
access to the WSRF job resources being processed by the
managedExecutionJobService in the container. For #1, I want to allow
many users to use the services. That makes sense, this is the typical
setup/use of the gridmap file. But for #2, (typically) users do not
want other users to be able to affect their jobs. To handle #2, a new
temp gridmap file is created per job that contains only the DN of the
user that submitted the job. GRAM does not provide anything more
sophisticated than that at the moment.
-Stu
On Apr 21, 2008, at Apr 21, 2:15 PM, Silviu Popescu wrote:
Hi Stuart,
Thanks for the quick response.
I'm not sure yet if I'll need this functionality, I was just curious
if it is possible. Actually, in gridmap file I have more DNs mapped
to same local user and I thought job access is possible to all DNs .
Regards,
Silviu
Stuart Martin <[EMAIL PROTECTED]> wrote: Hi Silviu,
Currently only the DN of the user that submitted the job request is
allowed to access that job "resource". GRAM creates a one entry
gridmapfile for each job submitted and that temp gridmapfile is used
to authorize users, thus limiting access the job to just the
submitter.
Can you describe the functionality you would like to have? Would you
like to pass in a list of DNs on the createManagedJob operation that
you would want to have access to a specific job? Or does this fall
into the VO management methods like VOMS and GridShib that are
designed to provide to group affiliation and authorization?
Thanks,
-Stu
On Apr 21, 2008, at Apr 21, 3:51 AM, Silviu Popescu wrote:
> Hi,
>
> What do I have to do to allow all users to query the status of a
> submitted job ?
>
> I submitted a job with user [EMAIL PROTECTED]
> [EMAIL PROTECTED] globusrun-ws -submit -b -o job.epr -c /bin/sleep 200
> Submitting job...Done.
> Job ID: uuid:3b41a688-0f7f-11dd-9f38-000f2034b443
> Termination time: 04/22/2008 08:45 GMT
> [EMAIL PROTECTED] globusrun-ws -status -j job.epr
> Current job state: Active
> [EMAIL PROTECTED] scp job.epr silviup-laptop:/home/user/job.epr
>
> [EMAIL PROTECTED] globusrun-ws -status -j job.epr -F c14
> globusrun-ws: Error querying job state
> globus_soap_message_module: SOAP Fault
> Fault code: soapenv:Server.userException
> Fault string:
> org
> .globus
> .wsrf.impl.security.authorization.exceptions.AuthorizationException:
> "/O=Grid/OU=GlobusTest/OU=simpleCA-portal.tech.pub.ro/CN=User" is
> not authorized to use operation:
{http://www.globus.org/namespaces/2004/10/gram/job/exec
> }getMultipleResourceProperties on this service
>
> When I submit from silviup-laptop the query works fine.
> [EMAIL PROTECTED] globusrun-ws -submit -o job.epr -F c14 -b -
> c /bin/sleep 200
> Submitting job...Done.
> Job ID: uuid:13a06b6e-0f7f-11dd-ab7b-0018f39fc34f
> Termination time: 04/22/2008 08:43 GMT
> [EMAIL PROTECTED] globusrun-ws -status -j job.epr -F c14
> Current job state: Active
>
> Thanks,
> Silviu
