This guide covers all the operations related to the management of groups of users in the Community-Lab testbed.
Following we describe several operations required to manage users and groups in CONFINE, starting from the registration of a new user. This guide pretends to serve as a reference for group administrators on how to perform basic users and groups management operations.
A group administrator can perform the following operations:
Any Community-Lab registered user can create groups. When a user creates a group, he automatically becomes the “group administrator”. In order to create a group the user must go to the
Administration → Groups menu.
Following, click on the
Add group button:
Then, fill in the form with the name and description of the group and click the
Save and continue editing button. At this point you can also apply for slice and node management permissions by selecting the checkboxes
Request nodes and/or
Request slices depending on the group requirements.
You will see a message confirming that the group has been successfully created. You can also confirm that currently the only member of the group is the group administrator who was the user that created the group in question. From this view you can now continue editing the group settings by adding new users or managing join requests. You can also create more groups by clicking on the
Save and add another button.
If you go to the group administration view you will see the list of all the groups, including the recently created group “user_group”
Following we will explain the basic operations a group administrator can perform with users. We will show how to add and remove users from a group and how to assign user roles.
A group administrator can add or remove users from the group. To become a member of a given group, the users must be authenticated and active.
For example, to add new users to the group created previously click on the group name in the groups administration view:
Click next on
Add another member
Finally, you can select the user you want to become a member of the group by selecting it in the pull-down menu that has just appeared:
You can add more members by clicking again
add another member or save the changes made to the group by clicking the
Save button instead.
It is equally easy to remove users from the group. The group administrator must simply select to
Delete checkbox of the user he wants to remove, and then click the
It is important to notice that users being added or removed from a group will not receive any kind of notification. For that reason, this procedure must be performed only when necessary.
Users within a group can have three different kinds of roles that only apply to the interactions of the user with the objects belonging to such group:
It is important to notice that any given group must have at least one group administrator. Only group administrators or testbed operators can assign or change user roles. In addition, in order to ensure that the members of a group can effectively carry out their roles it is necessary that the group has the appropriated permissions (read the “Applying for slice or node management” section for further details). For more information about user roles visit https://wiki.confine-project.eu/arch:roles-permissions.
When a new user is added to the group he has not any role assigned. The group administrators can assign roles to new users or change the roles of the existing ones just by clicking the corresponding checkboxes in the users list of the group, as shown in the image:
It is also possible for users to make a request to join an existing group and therefore become a group member. They can access the groups list through the
Administration → Groups menu and then click the name of the group they want to become members (in our example, the “join_group”:
Once this is done, they will have access information about a specific group and also will be able to send a membership request by clicking the
Join Request button as shown:
After sending the request they will see a confirmation message and the
Join Request button will change and show the text
You have a pending join request instead.
Now a testbed operator (in our case, the “vct” user) will see in the page of the “join_group” group a list of pending join requests from testbed users. The operator can accept, reject or ignore requests. If he decides to accept the requests, he can also assign roles to the users within the group.
Finally, the user will receive an email confirming his new membership to group “join_group”.
It is important to notice that every node and slice in the Community-Lab testbed must belong to a specific group. As mentioned previously, any testbed user can create groups, but only a testbed operator (superuser) can allow that the group members, including the group administrator, could create nodes and or slices belonging to the group. An operator can assign permissions independently of each other. That is, is it possible to allow both, the creation of nodes and slices, but is it also possible to allow only the creation of nodes but not of slices or vice versa. Also, you can have a group in which the users are not granted any of these permissions and therefore, can not create nodes or slices within the group.
The basic procedure to apply for slice or node creation permissions is the following:
Request Nodesand/or the
Request Slices, checkboxes depending on the permissions needed and also click the