[gold-users] limit user to query only accounts he is connected to

Alexander Oltu Alexander.Oltu at uni.no
Thu Sep 16 08:15:31 MDT 2010


Hi all,

We will need to change our security model for queries in our gold setup.

I think now we have default behavior which is that the regular user can
do queries on all objects. 
We will need something like: user can check project usage and available
resources only for the accounts which he has access to.

I looked in to RoleAction and tried to replace 

Anonymous    ANY            Query   ANY
to 
Anonymous    ANY            Query   SELF

but this results in that the user can only perform glsuser -u $USER ;
commands like gbalance and gstatment are not working...

From manual looks like the Instance SELF will allow operations only
on objects identified with $USER.

I wonder if there is an easy solution to our problem?

Thanks,
Alex.


More information about the gold-users mailing list