Menu
▾
▴
Re: [Unity-idm-discuss] Group administrator role
|
From: Sander A. <sa....@fz...> - 2020-08-27 08:09:39
|
Dear Krzysztof, I try to explain it. We start with one group, let's call them HIP. Within this group several projects are funded and the projects have different lifetimes and different resources. The people who are working in the projects are very volatile, that there is an ongoing adding and removing users from the projects. The projects are subgroups in unity. So the idea is to have a HIP-manager who creates the subgroups (projects in HIP) within the HIP group. The information about the funded projects, e.g. lifetime, or PI, is only known within the HIP group for this reason the handling of the subgroups should be handled to the HIP-group. Because the HIP-manager is not involved in the daily project work and membership updates are delayed if the HIP-manager needs to update it, the plan is to have project-managers that do the membership-management in their own projects (unity subgroups). Because different resources are bounded to (sub-)group membership we want to prohibit the manipulation of other subgroups where the project-manager is not member or the parent group we want to have the hierarchical administration permission. The GDPR is another issue why project- managers should not have access to the full tree. The process of creating and deleting projects within HIP (subgroups in unity) is ongoing. For this reason we can't do an initial delegation to HIP to create the subgroups, revoke revoke the delegation after it and delegate the subgroup management. The HIP-group is only one, we will have multiple of such groups. The manual subgroup creation and delegation creation does not scale very well for the unity administrators. The fast increasing number of registration and enquiry forms is another issue. If unity can handle this can be estimated by you much better. Hopefully this explains why the suggestion to delegate the subgroups does not fit for our use case. Cheers, Sander On Mon, 2020-08-24 at 09:58 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 24.08.2020 o 07:43, Sander Apweiler pisze: > > Good morning Krzysztof, > > than you very much for the explanation. I understood the problem. > > This > > will sadly not work for us because we expect much usage of > > subgroups > > and we do not want to manage the tree by the unity administrators. > > hmm, can you elaborate a bit more? I.e. what precisely would not work > as > expected (feature-wise)? > > Cheers, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ---------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
