DMWMBot
commented
13 years ago rickw: Added entries in the table in https://twiki.cern.ch/twiki/bin/view/CMS/ReqMgrSystemDesign#REST_Interface Feel free to change.
Closed drsm79 closed 12 years ago
DMWMBot
commented
13 years ago rickw: Added entries in the table in https://twiki.cern.ch/twiki/bin/view/CMS/ReqMgrSystemDesign#REST_Interface Feel free to change.
drsm79
commented
13 years ago metson: Looks good. The only thing I'd change is all to authenticated (which probably just means a note at the top). ReqMgr is the kind of thing we've been asked to not give free access (world readable) to in the past.
DMWMBot
commented
13 years ago rickw: How do we define who goes in what role? In other words, how do we make me a reqmgr admin?
drsm79
commented
13 years ago metson: I set some flags in SiteDB for your account. Available roles: {{{
Admin
CRAB Server Operator
DBSExpert
DBSOperator
Data Manager
Developer
DocDB Admin
FTS Contact
Global Admin
GlobalTag Manager
PADA Admin
PhEDEx Contact
Production Manager
Production Operator
Results Service
Site Admin
Site Executive
StageManager
StageRequest
T0 Operator
_admin
}}}
Available groups:
{{{
AnalysisOps
CondDB
CouchDB
DBS
DataOps
DataQuality
FacOps
LCG production team 1
LCG production team 2
LCG production team 3
LCG production team 4
LCG production team 5
LCG production team 6
LCG production team 7
OSG production team 1
OSG production team 2
b-physics
b-tagging
e-gamma_ecal
ewk
exotica
forward
global
heavy-ions
higgs
jets-met_hcal
muon
phedex
qcd
site
susy
tau-pflow
top
tracker-dpg
tracker-pog
trigger
}}}
DMWMBot
commented
13 years ago rickw: OK. Making me developer is good enough. Then I'll restrict all the privileged operations, to Admin or Data Manager, and Developer. Later we can worry about restricting developers, but at least we've reduced the number of possible suspects to ten or so.
DMWMBot
commented
13 years ago rickw: Big problem. How do you decorate REST methods? I'd like this to block me, but it doesn't. {{{ @cherrypy.tools.secmodv2(role=['Honey Badger']) def getRequest(self, requestName=None): return "Welcome, honey badger" }}}
drsm79
commented
13 years ago metson: Replying to [comment:5 rickw]:
OK. Making me developer is good enough. Then I'll restrict all the privileged operations, to Admin or Data Manager, and Developer. Later we can worry about restricting developers, but at least we've reduced the number of possible suspects to ten or so.
Sounds good - I've set you up as a Data Ops:Developer (https://cmsweb.cern.ch/sitedb/people/?name=Rick%20Wilkinson)
DMWMBot
commented
12 years ago mnorman: Where are we in this? I notice this hasn't been touched in a while.
stuartw
commented
12 years ago swakef: I added a first pass at the relevant functions in #2397, not sure what the plan is there though...
DMWMBot
commented
12 years ago mnorman: I have no idea what this is on, so I'll probably close this at the end of the month unless someone complains.
sfoulkes
commented
12 years ago sfoulkes: You'll need to update Rick's twiki with the changes made in #3348.
DMWMBot
commented
12 years ago mnorman: Okay. Done (actually none of the Admin roles were listed, I guess he assumed people knew who they were). What else?
DMWMBot
commented
12 years ago mnorman: Updated again. Looks like the rest of this can probably go into #2863.
Admin group/roles are documented, so I'm going to close this eventually if there is no further information.
DMWMBot
commented
12 years ago mnorman: No further input, so I'm closing this. Other questions can go on the general documentation ticket (#2863)
Each REST method should have a clearly documented set of roles/groups that are allowed to call them, to make adding in the security simpler.