Link user associations across allocations

[kayleanelson]

It would be very useful to be able to link or lock user associations across sets of allocations. For example, in reality our storage permissions is governed by LDAP group membership which is global across not only a given storage device, but all our storage devices. So anywhere the group has an storage allotment, the same set of users will have access. Currently in Coldfront, PIs manage users associated with each allocation separately, exposing or suggesting a granularity of permissioning we cannot support.

Instead, it would be extremely useful if user associations could be linked across a set of allocations. Such as

• a change on one reflects changes on the other
• or, there is a "primary" allocation, where the PI/manager can change users, and other allocations can be marked as a "secondary" allocation and don't allow changes to users at all

[dsajdak]

@kayleanelson Thanks for the suggestion. I know exactly what you're talking about because we have this issue too and need to be careful with explaining that to faculty. I'm not yet sure how to implement something like this but we'll discuss and keep you posted.

[thomasbergernz]

Sounds like what we are after as well. @kayleanelson is the ColdFront project name matching the LDAP group name?

[kayleanelson]

At the moment the project name does match the LDAP group name, but that seems a bit brittle (since that is a user defined field). Maybe that's a use case for the new Project Attributes.