User Tools

Site Tools


admin:users-and-groups

Managing users and groups

User registration

The Controller has three modes of handling the registration of new user accounts:

  • With open registration, everybody can create an account and use it without previous permission or notification, only email address validation is required.
  • With restricted registration, everybody can create an account but some operator should approve it before it can be used to log in.
  • With closed registration, only existing operators can create new accounts.

These modes are selectable via the USERS_REGISTRATION_MODE setting (see Controller configuration). See Registering in a controller for the user's perspective on account registration.

When restricted registration is active and someone registers an account, after validating its email address a notification is sent to the approval email address configured in the EMAIL_REGISTRATION_APPROVE setting. To approve (i.e. enable) the account:

  1. Follow the link contained in the email to the user page in the Controller web interface.
  2. Check the Is active box.
  3. Click on Save.

A message is sent to the approval address notifying the activation of the account. The new user is notified via email as well.

When closed registration is active, user accounts must be created manually:

  1. Log into the Controller web interface. You are presented with the dashboard.
  2. Click on the Users icon to get the list of users in the testbed.
  3. Click on the Add user button to register a new user.
  4. Provide an id-like user name, a password, a full name and an email address.
  5. Click on Save.

The user is created and activated, and no notifications are sent to operators or the user.

For more details on user registration, see Registration Application.

Managing superusers

Superusers are normal users which have been granted special administrative powers by other existing superusers. Superusers have unrestricted access to the testbed registry (e.g. they can grant node and slice management permissions to groups, see Roles and permissions for more details), and they can also administer the Controller itself (e.g. by uploading node base images or managing tasks).

To convert a normal user in a superuser:

  1. Log into the Controller web interface. You are presented with the dashboard.
  2. Click on the Users icon to get the list of users in the testbed. Look for the affected user and enter its page.
  3. Check the Is superuser box.
  4. Click on Save.

Removing superuser powers can be done in the same way by the user itself of by another superuser.

Please note that superusers do not get Controller error or account approval notifications by default. For that, use the ADMINS and EMAIL_REGISTRATION_APPROVE settings, respectively (see Controller configuration).

Group permissions

Although any registered user can create a group and automatically become its group administrator (see Creating a group), only groups with the proper permissions can create nodes or slices associated with them. In the Confined release of Controller software, these permissions are disabled by default for new groups and can only be granted by superusers.

When a group administrator requests node or slice creation permission for the group (see Applying for slice or node management for the user's perspective), an email message is sent to superusers notifying about the request for node or slice resources. To allow or decline the request:

  1. Follow the link contained in the email to the group page in the Controller web interface.
  2. Check or uncheck the Allow nodes or Allow slices box.
  3. Click on Save.

This resolves the requests. Granting group permissions can be undone in the same way only by superusers.

See Resource Management (only superusers) for more details on group permissions.

Customizing registration templates

The user registration procedure includes sending several emails (e.g. how to validate the user's email address, next steps, etc.). Although the Controller software provides a complete set of templates, you can customize them following these instructions:

  1. Log into the controller server (e.g. via SSH) as the system user and create a custom templates directory under your Controller deployment directory (e.g. ~confine/mytestbed/templates, use your own system user and testbed name if different).
  2. Write your customized templates. You can use the Controller default registration templates as examples.
  3. Put the customized templates in your custom templates directory. Please keep the directory structure and filenames of the default ones:
    $ ls -R1 ~/mytestbed/templates  # example with all templates customized
    /home/confine/mytestbed/templates/templates:
    registration
    
    /home/confine/mytestbed/templates/templates/registration:
    activation_email_subject.txt  # ask user for email validation (email subject)
    activation_email.txt          # ask user for email validation (email body)
    activation_complete.html      # user validated the email address, moderation pending
    registration_complete.html    # user completed the registration procedure
    registration_closed.html      # information page when registration is closed
  4. Extend your TEMPLATE_DIRS setting with the custom templates directory and restart testbed services (see Controller configuration):
    TEMPLATE_DIRS = ('/home/confine/mytestbed/templates', ) + TEMPLATE_DIRS
admin/users-and-groups.txt · Last modified: 2015/09/03 09:55 by ivilata