Difference: SystemAdministratorGuideForEMI1 (22 vs. 23)

Revision 232011-05-19 - MassimoSgaravatto

Line: 1 to 1
 
META TOPICPARENT name="SystemAdministratorDocumentation"

System Administrator Guide for CREAM for EMI-1 release

Line: 683 to 683
 

0.1 Security related operations

Added:
>
>

0.0.1 How to enable a certain VO for a certain CREAM CE in Argus

Let's consider that a certain CREAM CE has been configured to use ARGUS as authorization system.

Let's suppose that the id of the CREAM CE in the ARGUS box (yaim variable CREAM_PEPC_RESOURCEID is http://pd.infn.it/cream-18).

On the ARGUS box (identified by the yaim variable ARGUS_PEPD_ENDPOINTS) to enable the VO XYZ, it is necessary to define the following policy:

resource "http://pd.infn.it/cream-18" {
    obligation "http://glite.org/xacml/obligation/local-environment-map" {}
    action ".*" {
        rule permit { vo = "XYZ" }
    }
}

 

0.0.1 Security recommendations

Security recommendations relevant for the CREAM CE is available in http://wiki.italiangrid.org/twiki/bin/view/CREAM/ServiceReferenceCard#Security_recommendations

 
This site is powered by the TWiki collaboration platformCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback