EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI New GOCDB roles schema OMB January 2012 Peter Solagna – EGI.eu 9/30/2016 1

EGI-InSPIRE RI Summary This proposal contains a fine grained permissions mapping to users roles, to reflect the actual meaning of the roles and the Operations Centers workflows. The main changes are: New role for Site Operations Manager and Site Operations Deputy Manager The different roles at NGI and site level have different permissions Currently all the roles at the same level have the same permissions 9/30/2016 2

EGI-InSPIRE RI Roles Role NameComments Site AdministratorOptional Site Security OfficerMandatory (1-n) Site Operations ManagerMandatory (1-n) Site Operations Deputy ManagerOptional Regional 1 st line supportOptional Regional staffOptional Regional Operations ManagerMandatory (1-n) Regional Security OfficerMandatory (1-n) EGI CSIRT OfficerNon NGI role COD StaffNon NGI role COD AdministratorNon NGI role COO OfficerNon NGI role

EGI-InSPIRE RI Roles differences Site Administrators Cannot approve roles at site level Site Operations Manager Can approve roles at site level Regional Staff, Regional 1 st line support Cannot approve role at regional level Cannot add sites/update status existing sites Regional Operations Manager & deputy, Regional Security officer Can add/update sites Can approve roles at regional level Can approve roles at site level Regional Operations Manager and Site Operations Manager are also responsible for accepting and enforcing the policies and OLAs within their domain Project level roles (EGI CSIRT Officers, COD Staff) can change site certification status

EGI-InSPIRE RI Conclusions All the roles resulted to be requested by at least on NGI The permissions-limited roles (e.g. Site Admin, ROC Staff, Deputies) are optional, NGIs who do not consider them useful do not have to use them. The other “higher level” roles can be assigned to many users, in order to register the whole staff without the need to split them into different groups