Hi Brian,
sorry for the delay in reacting to this email. Things overtook me last week.
It would be better not to use voms-proxy as we cannot really get the very long
proxies that we do require. Which reminds me that I will have to re-new my
robot proxy again some time soon, or could I now use my own proxy in a streaming
archive?
I could imagine scenarios where it would be required that one DiRAC site would
need to retrieve archives that other DiRAC sites have created. We are one DiRAC
facility but with different locations and users can move from one location to
the other. So I think that read access might be required.
Best wishes,
Lydia
On Wed, 18 May 2016, Brian Davies wrote:
>
> Rather than implementing groups inside the voms server and forcing sites to use voms-proxy-init rather than grid-proxy-init; I have the following suggestion.
>
> IF we know who (and that it will not change that much we can easily seperate sites write access by setting particular DNs to be associated with reach sub-repository.
>
> Is this do able?
>
> Also do you care require a user/site manager have no Read access for data from other sites?
>
> Brian
>
>
>
|