coldfront icon indicating copy to clipboard operation
coldfront copied to clipboard

Published 20 hours ago verified publisher icon ubccr

Link user associations across allocations

Open kayleanelson opened this issue 2 years ago • 3 comments

It would be very useful to be able to link or lock user associations across sets of allocations. For example, in reality our storage permissions is governed by LDAP group membership which is global across not only a given storage device, but all our storage devices. So anywhere the group has an storage allotment, the same set of users will have access. Currently in Coldfront, PIs manage users associated with each allocation separately, exposing or suggesting a granularity of permissioning we cannot support.

Instead, it would be extremely useful if user associations could be linked across a set of allocations. Such as

  • a change on one reflects changes on the other
  • or, there is a "primary" allocation, where the PI/manager can change users, and other allocations can be marked as a "secondary" allocation and don't allow changes to users at all

kayleanelson avatar Feb 24 '23 02:02 kayleanelson

@kayleanelson Thanks for the suggestion. I know exactly what you're talking about because we have this issue too and need to be careful with explaining that to faculty. I'm not yet sure how to implement something like this but we'll discuss and keep you posted.

dsajdak avatar Feb 24 '23 17:02 dsajdak

Sounds like what we are after as well. @kayleanelson is the ColdFront project name matching the LDAP group name?

thomasbergernz avatar Mar 16 '23 22:03 thomasbergernz

At the moment the project name does match the LDAP group name, but that seems a bit brittle (since that is a user defined field). Maybe that's a use case for the new Project Attributes.

kayleanelson avatar Mar 17 '23 17:03 kayleanelson