Feature #17859

Define roles into POMS

Added by Anna Mazzacane about 3 years ago. Updated over 2 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


We need to define different roles in POMS. Permissions will be different for different roles.


#1 Updated by Anna Mazzacane about 3 years ago

  • Description updated (diff)
  • Assignee set to Yuyi Guo

#2 Updated by Marc Mengel almost 3 years ago

  • % Done changed from 0 to 50

#3 Updated by Anna Mazzacane almost 3 years ago

From Steve summary and Anna and Marc's comments (in bold)

Steve: Currently:
root and coordinator cannot compose layouts, job types or campaign stages.
They must become analysis if they are creating an analysis campaign or production if they are creating a production campaign.

Anna: That's right. If they want, they need to choose one of the roles.

Steve: Analysis can only clone an analysis campaign (from anyone, not just theirs).

Anna: That's right. They cannot edit a campaign from another analysis user by mistake. Only clone.

Steve: Production can clone any campaign.

Anna: Production can clone AND edit any PRODUCTION campaign.

Steve: What am I not seeing here?
  1. In production, I see campaigns.vo_roles of analysis – see nova. Shouldn’t all the vo_roles for every experiment be production as we do not yet support analysis.

Anna: Production campaign must have role production, not because we do not support analysis now.
If 1 is true, I’m not sure we need both vo_role and creator_role in campaigns Given the above constraints: they always be the same.

Anna: In production the role is "production" and the creator can be a person of the production team.
There is also a request (Feature #18731) to track the submitter of any submission of the production campaign that can be manually or through the crontab. If it is the latter, we should track who setup the crontab.

Marc: POMS "production" role campaigns may run with VOMS Role="Calibration" or Role="DataQuality" or some such,
to let them have different permissions into DCache, etc. so we still need a vo_role for the actual job submission.

Steve: And Note:
In our analysis of roles, we currently treating the root “role” wrong. It is not a role, it is a flag allowing the choice of any role. This will be corrected in the upcoming release.

Anna: That's right. This is what we discussed: root is a flag not a role.
I opened the task #18772 and assigned to you.

#4 Updated by Anna Mazzacane over 2 years ago

  • Status changed from Assigned to Work in progress

#5 Updated by Stephen White over 2 years ago

  • Status changed from Work in progress to Resolved
  • % Done changed from 50 to 100

#6 Updated by Anna Mazzacane over 2 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF