[gold-users] Gold user privileges

Steve Crusan scrusan at ur.rochester.edu
Mon Jun 14 10:41:11 MDT 2010


Hi,

    I¹m trying to modify the gold objects so that most users cannot see
other user¹s balances, unless they are given the admin role (in fact I¹d
like to only allow project admins to login anyways, but that¹s something
else)...

   I¹ve tried a few things so far.

>From this thread:
http://www.supercluster.org/pipermail/gold-users/2007-March/000029.html

In the interim, I¹ve tried to change the RoleAction for Balance to SELF,
which I believe would solve most of the problems, but users can still view
other project balancers (the projects and public and such either).

If I fully delete the RoleAction Name==Balance attributes, it still allows
users to use the commandline, or other parts of the web interface to see
user¹s balances (transaction logs, reservations, allocations, etc). I¹d
guess that requires heavily customizing the install using goldsh, but I
really don¹t want to break any important functionality.

I see this is part of a larger issue where I¹d like to setup a hierarchy of
permissions so that there are system admins, project admins, and then normal
users really should only be able to show their own balance, and maybe some
project listings.

Does anyone else have a similar setup, or is this even possible?


----------------------
Steve Crusan
System Administrator
Center for Research Computing
University of Rochester
(585) 276-5599
https://www.crc.rochester.edu/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.supercluster.org/pipermail/gold-users/attachments/20100614/602be617/attachment.html 


More information about the gold-users mailing list