Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
G
gracedb
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 99
    • Issues 99
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
    • Iterations
  • Merge Requests 1
    • Merge Requests 1
  • Requirements
    • Requirements
    • List
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Security & Compliance
    • Security & Compliance
    • Dependency List
    • License Compliance
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Code Review
    • Insights
    • Issue
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • lscsoft
  • gracedb
  • Issues
  • #15

Closed
Open
Opened Jul 11, 2018 by Tanner Prestegard@tanner.prestegardMaintainer

Rework permissions structure

We need to define a permissions structure for controlling superevent actions, as well as upgrade the old one for events. Here is a proposal for how to define this structure going forward.

Update (6 Sept 2018): this issue is no longer going to cover redoing the events permission structure; it will only focus on creating the superevents permission structure.

Creation

Action Allowed users Comments
create event Specific LVK users only Currently allowed for pipeline accounts and specific users; remove individual users?
create test event All LVK users
create superevent emfollow/superevent manager
create test superevent All LVK users
create MDC superevent emfollow/superevent manager

Updates

Action Allowed users Comments
update/replace event Only the user who originally submitted the event Or should it be anyone who is allowed to submit events for the given pipeline?
update/replace test event All LVK users
update superevent emfollow/superevent manager Applies to production and MDC superevents
update test superevent All LVK users
add/remove event from superevent emfollow/superevent manager Production and MDC
add/remove event from test superevent All LVK users
confirm superevent as gw Some special people Should emfollow/superevent manager be on this list?
confirm test superevent as gw All LVK members
confirm mdc superevent as gw emfollow/superevent manager

Annotations

Action Allowed users Comments
add log message/file All LVK (all events/superevents); LV-EM (only exposed events/superevents) Not allowed for public users (?)
tag log message/file All LVK (all event/superevent logs) Not allowed for LV-EM or public
untag log message/file All LVK (all event/superevent logs) Not allowed for LV-EM or public
add label Specific LVK members can add specific labels Needs some thought and a finalized list of labels to define this
remove label Specific LVK members can remove the same specific labels
create voevent emfollow Are others needed?
create emobservation All LVK (all events/superevents) and all LV-EM (all exposed events/superevents) This is a little weird because as far as I know, only LV-EM people should be uploading EM observations
add/update/remove operator signoff LVK members in control rooms Control room groups controlled by IP address
add/update/remove advocate signoff LVK members in em_advocates group

Viewing

Action Allowed users Comments
view event All LVK (all events/superevents); LV-EM/Public (exposed events/superevents? Or just superevents?) Applies equally to production and test events. Note to self: need to consider event subtypes and permissions on those as well
view logs All LVK (all event/superevent logs); LV-EM/Public (exposed logs only) Logs will be exposed via a tag ('lv-em' or 'public'); files associated with exposed logs will also be exposed
view voevents All LVK (all voevents); not sure about LV-EM or public Currently, all VOEvents are viewable to anyone who can view the event
view emobservations All LVK (all emobservations); not sure about LV-EM or public Currently, all EMObservations are viewable to anyone who can view the event

Main questions

  1. Who can add/remove which labels? Or should all LVK users be able to add/remove all labels?
  2. Who can expose/hide events and superevents?
  3. Who can expose/hide logs with the 'lv-em' and 'public' tags?
  4. Does exposing a superevent to external users mean that we should expose all of the individual events as well?
  5. Who can confirm superevents as GWs?
Edited Sep 06, 2018 by Tanner Prestegard
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
Move superevents branch onto production GraceDB
Milestone
Move superevents branch onto production GraceDB (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: lscsoft/gracedb#15