[gold-users] Gold user privileges

Scott Jackson scottmo at adaptivecomputing.com
Mon Jun 14 12:05:27 MDT 2010


Steve,

There is no simple way to do this with Balance because it is a complex 
command composed of several separate subqueries that touch other 
objects. Because of this, the RoleAction is set to Override and the 
authorization logic is embedded in the Gold::Bank->balance subroutine 
itself. I believe you would have to modify the authorization logic in 
Gold::Bank->balance to make it behave according to your preferences.

Scott


Steve Crusan wrote:
> Hi,
>
> I’m trying to modify the gold objects so that most users cannot see 
> other user’s balances, unless they are given the admin role (in fact 
> I’d like to only allow project admins to login anyways, but that’s 
> something else)...
>
> I’ve tried a few things so far.
>
> >From this thread:
> http://www.supercluster.org/pipermail/gold-users/2007-March/000029.html
>
> In the interim, I’ve tried to change the RoleAction for Balance to 
> SELF, which I believe would solve most of the problems, but users can 
> still view other project balancers (the projects and public and such 
> either).
>
> If I fully delete the RoleAction Name==Balance attributes, it still 
> allows users to use the commandline, or other parts of the web 
> interface to see user’s balances (transaction logs, reservations, 
> allocations, etc). I’d guess that requires heavily customizing the 
> install using goldsh, but I really don’t want to break any important 
> functionality.
>
> I see this is part of a larger issue where I’d like to setup a 
> hierarchy of permissions so that there are system admins, project 
> admins, and then normal users really should only be able to show their 
> own balance, and maybe some project listings.
>
> Does anyone else have a similar setup, or is this even possible?
>
>
> ----------------------
> Steve Crusan
> System Administrator
> Center for Research Computing
> University of Rochester
> (585) 276-5599
> https://www.crc.rochester.edu/
> ------------------------------------------------------------------------
>
> _______________________________________________
> gold-users mailing list
> gold-users at supercluster.org
> http://www.supercluster.org/mailman/listinfo/gold-users
>   


More information about the gold-users mailing list