User Tools

Site Tools


usage:group-admin

Group administrator's guide

This guide covers all the operations related to the management of groups of users in the Community-Lab testbed.

Following we describe several operations required to manage users and groups in CONFINE, starting from the registration of a new user. This guide pretends to serve as a reference for group administrators on how to perform basic users and groups management operations.

A group administrator can perform the following operations:

  • Create a group.
  • Update the group info (except slices nodes allowance).
  • Add/remove registered users as members of the group.
  • Change roles of members in the group.
  • Remove the group.

Creating a group

Any Community-Lab registered user can create groups. When a user creates a group, he automatically becomes the “group administrator”. In order to create a group the user must go to the Administration → Groups menu.

 Creating a group

Following, click on the Add group button:

 Creating a group

Then, fill in the form with the name and description of the group and click the Save and continue editing button. At this point you can also apply for slice and node management permissions by selecting the checkboxes Request nodes and/or Request slices depending on the group requirements.

 Creating a group

You will see a message confirming that the group has been successfully created. You can also confirm that currently the only member of the group is the group administrator who was the user that created the group in question. From this view you can now continue editing the group settings by adding new users or managing join requests. You can also create more groups by clicking on the Save and add another button.

 Creating a group

If you go to the group administration view you will see the list of all the groups, including the recently created group “user_group”

 Creating a group

Managing users

Following we will explain the basic operations a group administrator can perform with users. We will show how to add and remove users from a group and how to assign user roles.

Adding new users to a group

A group administrator can add or remove users from the group. To become a member of a given group, the users must be authenticated and active.

For example, to add new users to the group created previously click on the group name in the groups administration view:

 Add users

Click next on Add another member

 Add users

Finally, you can select the user you want to become a member of the group by selecting it in the pull-down menu that has just appeared:

 Add users

You can add more members by clicking again add another member or save the changes made to the group by clicking the Save button instead.

 Add users

It is equally easy to remove users from the group. The group administrator must simply select to Delete checkbox of the user he wants to remove, and then click the Save button.

 Remove users

It is important to notice that users being added or removed from a group will not receive any kind of notification. For that reason, this procedure must be performed only when necessary.

User roles

Users within a group can have three different kinds of roles that only apply to the interactions of the user with the objects belonging to such group:

  1. Group administrators: This role allows user to perform all the operations explained in this manual.
  2. Node administrators or technicians: This role allows users to create, update and remove nodes in the group if nodes are allowed.
  3. Slice administrators or researchers: This role allows users to create, update and remove slices and slivers in the group if slices are allowed. It also allows users to log into slivers of the slices belonging to the group as root.

It is important to notice that any given group must have at least one group administrator. Only group administrators or testbed operators can assign or change user roles. In addition, in order to ensure that the members of a group can effectively carry out their roles it is necessary that the group has the appropriated permissions (read the “Applying for slice or node management” section for further details). For more information about user roles visit https://wiki.confine-project.eu/arch:roles-permissions.

When a new user is added to the group he has not any role assigned. The group administrators can assign roles to new users or change the roles of the existing ones just by clicking the corresponding checkboxes in the users list of the group, as shown in the image:

 Assigning and changing roles

Handling join requests

It is also possible for users to make a request to join an existing group and therefore become a group member. They can access the groups list through the Administration → Groups menu and then click the name of the group they want to become members (in our example, the “join_group”:

 Send join request

Once this is done, they will have access information about a specific group and also will be able to send a membership request by clicking the Join Request button as shown:

 Send join request

After sending the request they will see a confirmation message and the Join Request button will change and show the text You have a pending join request instead.

 Send join request

Now a testbed operator (in our case, the “vct” user) will see in the page of the “join_group” group a list of pending join requests from testbed users. The operator can accept, reject or ignore requests. If he decides to accept the requests, he can also assign roles to the users within the group.

 Send join request

Finally, the user will receive an email confirming his new membership to group “join_group”.

 Send join request

Applying for slice or node management

It is important to notice that every node and slice in the Community-Lab testbed must belong to a specific group. As mentioned previously, any testbed user can create groups, but only a testbed operator (superuser) can allow that the group members, including the group administrator, could create nodes and or slices belonging to the group. An operator can assign permissions independently of each other. That is, is it possible to allow both, the creation of nodes and slices, but is it also possible to allow only the creation of nodes but not of slices or vice versa. Also, you can have a group in which the users are not granted any of these permissions and therefore, can not create nodes or slices within the group.

The basic procedure to apply for slice or node creation permissions is the following:

  • One of the group administrators (in our example, the “New User” user) must make a request to the testbed operators. To do so, he can select in the change group view the Request Nodes and/or the Request Slices, checkboxes depending on the permissions needed and also click the Save button.

 Request permissions

  • The testbed operators (in our case, the “vct” user) will then receive a written notification of the request. They can grant or deny the request. As we can observe in the screenshot, when the testbed operators access a group view, they have two checkboxes to activate/deactivate permissions for the management of nodes and slices within such specific group.

 Activate permissions

  • After a request of permissions has been granted, the group administrators can check the available permissions in the corresponding group page. As we can see in the image, the group user_group” is now allowed to create nodes and slices. It is important to notice that no notification will be sent to the group administrators when the slice or node management permissions have been granted. Therefore, the group administrators are in charge of checking the state of their requests manually, by accessing to the corresponding group page as explained.

 check permissions

usage/group-admin.txt · Last modified: 2014/09/18 14:16 by ivilata