Page tree
Skip to end of metadata
Go to start of metadata

This page describes the proposed evolution of cryogenics-group CERNBox project is structured and the adopted sharing policy 

Introduction

The project cryogenics-group has been created to replace DFS and could replace \\cern.ch\dfs\Departments\TE\Groups\CRG\ and hosts part  of the TE-CRG Technical Information

The project today can be find:

  • In CERNBox.cern.ch web interface within the "Your projects" folder
  • In /eos/project/c/cryogenics-group/  accessible on lxplus

Members** of the cryogenics-group project also have the option of going to their CERNBox (via a web browser) to see the project files
(go to 'Your projects' and select 'project cryogenics-group').


Attention !! The main difference between CERNBox et DFS is the rw right inheritance that can be blocked in DFS and not in CERNBox. 

This will imply a modification of the Admin and RW right 

Proposed Project Administration

The project is managed by a service account,  crgadmin@cern.chowned by TE-CRG-ML section. This service account can login into https://e-groups.cern.ch and add /modify the users space right within the project

This service account, has to be the only member of cernbox-project-cryogenics-group-admins in order to monitor easily the folder sharing of the Project

Members of cernbox-project-cryogenics-group-admins can configure* the following 2 e-groups which control access to the project space:

Initially 2 e-groups have been created

- cernbox-project-cryogenics-group-readers : anyone in this e-group can read in the project space)
- cernbox-project-cryogenics-group-writers : anyone in this e-group can read, write and delete in the project space)

The e-group cernbox-project-cryogenics-group-admins is also member of cernbox-project-cryogenics-group-writers

In addition, The following 2 folders were pre-created :
- /eos/project/c/cryogenics-group/www/ (folder for hosting an EOS-site-type website)
- /eos/project/c/cryogenics-group/public/ (public folder for all CERN authenticated users)

Proposed e-groups membership

cernbox-project-cryogenics-group-admins 

members:

  • crgadmin (Service account used to create the project)

all administrations will have to be done via the crgadmin service account.

This way the administrators will have an overview of which folders are shared, instead of having several persons able to share.

cernbox-project-cryogenics-group-writers

members:

  • te-dep-crg-admin (e-group)

cernbox-project-cryogenics-group-readers

members: No one

With this model, the folders of the project will have to be shared with specific e-groups in order manage a more granular access for everyone 


Proposed Project Structure

Today the project offer the following hierarchical folder distribution

  • CRG machine and activity oriented structure
  • Contractor workspace
    • S176
    • other...
  • Sections
    • DI
      • activity
      • Personal Folder
    • CE
      • activity
      • Personal Folder

    • CI
      • activity
      • Personal Folder
    • ME
      • activity
      • Personal Folder
    • ML
      • activity
      • Personal Folder
    • OP
      • activity
      • Personal Folder 


  • www for hosting an EOS-site-type website
  • public read sharing folder for all CERN authenticated users

Question :As the home directories have been migrated  toward CERNbox do we need to have personal folders in the cryogenic-group project and for which use? 

Of course addition folders or workspaces could be created with adapted access rights on request

Proposed Sharing Policy 

CRG machine and activity oriented structure (Optional as it will require to keep it in line with the EDMS structure ):

Shared with the egroup te-dep-crg:  read/write like in EDMS could be used for drafting documents before their transfer to EDMS

Question : Do we need to keep it

Contractor workspace

example : S176

Shared with:

  •  te-dep-crg-s176 : read/write (to be discussed with the contract management)
Other..
  • egroup to be defined with CERN contract manager

Sections folders

Read only shared with te-dep-crg in order to allow the information diffusion within the group

Read/write privileges shared with section members e-group to reduce the risk of unwilled modifications

www

Used for hosting websites components  Sharing on request

Public 

Read privilege for all CERN authenticated users




  • No labels