You are here: Home Experiment Information US ATLAS Grid Operations BNL GUMS Setup for ATLAS VO Groups and Roles

BNL GUMS Setup for ATLAS VO Groups and Roles

by jhover — last modified Mar 10, 2015 02:26 PM
Contributors: John De Stefano

ATLAS VO structure

The ATLAS VO includes the following groups:

  • /atlas - Root group for the ATLAS VO, includes everybody.
  • /atlas/usatlas - Includes all US ATLAS members.
  • /atlas/usatlas/Role=production - Includes all US ATLAS members that are going to manage data production.
  • /atlas/usatlas/Role=software - Includes all US ATLAS members that are going to perform software install/remove and debug.

 

GUMS setup at BNL

We use a pool of accounts (gridxxxx) and groups for each Virtual Organization. When a new DN appears in any VO, GUMS permanently assigns an account to that DN, and changes the primary group to the specific group for that VO. For example, 'atlas' for ATLAS, 'ivdgl' for iVDGL. You can browse the LDAP server to check which group is assigned to which VO.

ATLAS members are assigned the 'gridgr07' primary group. US ATLAS members are also assigned the secondary group 'usatlas'. One can distinguish members of ATLAS and US ATLAS in that way.

There are the following cases:

  • If a US ATLAS member comes in with a production role, he is mapped to the 'usatlas1' account
  • If a US ATLAS member comes in with a software role, he is mapped to the 'usatlas2' account
  • If a US ATLAS member comes in with no role, he is given his account from the pool, with 'atlas' as primary group and 'usatlas' as secondary group
  • If an ATLAS member (who is not a US ATLAS member) comes in, he is given his account from the pool, with 'atlas' as primary group, and no secondary group
  • If someone from another VO comes in, he is given is account from the pool, with the primary group associated with his VO

BNL Accounts and ATLAS VO Interaction














Document Actions
Filed under: , ,