Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [geclipse-dev] Gria registry info system problem 
Hi Nick,

This is correct behaviour for the service, and is how the security
works.

In order to let people access the resources in your registry resource
you must go to the Access Control area on the registry service.
In order that people can call getRegisteredResources() on you registry
they must have the either the 'member' role or the 'owner' role.
You will want to give people the 'member' role, and shouls set up a
rule(s) to do this.
Either you can add all people explicitly by adding their certificate and
CA certificate or by adding an 'all' rule for a CA.

User 'Bob' signed by 'Some Trusted CA' is Allowed role 'member' on
resource 'your registry'

OR

* signed by 'Another Trusted CA' is Allowed role 'member' on resource
'your registry'


So I seem to remember there is a few CA's in the scenario, so a rule
will be needed for each. (Polish CA, Cypriot CA...
Users can still submitJobs and run them if know the endpoint of the
JobService, the registry is just an information point, as you say, and
they have independant access control lists.


Mark McArdle
IT Innovation Centre
2 Venture Road
Chilworth Science Park
Southampton, SO16 7NP, UK

tel: +44 23 8076 0834
fax: +44 23 8076 0833

mailto:mm@xxxxxxxxxxxxxxxxxxxxxxxxx
http://www.it-innovation.soton.ac.uk  

> -----Original Message-----
> From: geclipse-dev-bounces@xxxxxxxxxxx 
> [mailto:geclipse-dev-bounces@xxxxxxxxxxx] On Behalf Of Nick Tsioutsias
> Sent: 25 January 2008 10:50
> To: Developer mailing list
> Subject: [geclipse-dev] Gria registry info system problem
> 
> Hello everyone.
> 
> There seems to have some problems when people are trying to 
> access the 
> registry service. They get an exception that they don't have 
> the right 
> to access it. It can only be accessed with my keystore. I 
> remember that 
> when we were in Linz, Mark did something to the gria server 
> in order for 
> me to access it with my keystore.
> 
> So, the problem is that even though people can access the 
> services and 
> submit jobs, they cannot access the registry that we have set 
> up and get 
> the services from there. Why is that happening? In order for the gria 
> registry to be useful everyone that can submit a job should 
> be able to 
> access the "geclipse" registry.
> 
> In order to see if you can access the registry you should check the 
> Storage under a gria VO in the Grid projects view. If you get an 
> exception in the error view then you can not access it.
> 
> So, can this problem be solved by setting the right 
> permissions in the 
> gria server?
> 
> Thanks,
> Nick.
> 
> _______________________________________________
> geclipse-dev mailing list
> geclipse-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/geclipse-dev
>

Back to the top