VO manager is a person or group of people allowed to manipulate with VO data. The first manager of particular VO must be created by Perun admin. VO manager can utilize both CLI interface and web GUI to operate system entities. VO manager is responsible for the following tasks:
Adding users among VO members
VO manager is allowed to select the user that will become a member of the VO from external identity resources or resources available to the VO. Choosing your VO from the VO list in GUI, you will see not only details about VO but also menu items in the left part. VO manager uses a menu to administer VO. Button Members serves to list all VO members. Button Add enables to select a new user from the list of candidates. Button Search is used to search for the user. User detail is shown by clicking the user in the list of members. Button Remove serves to remove a member from VO.
Creating a VO manager from VO member
VO manager is allowed to create a VO manager from any other VO member. A detailed tutorial on how to add VO manager.
VO inner structure can be enhanced by a hierarchy of groups. Every group has access rights to particular resources in VO. Group administration is described in a detail in Group manager's manual.
Creating a group manager from VO member
VO manager can create a group manager from VO member. How to create a Group manager is described in Group manager's manual.
Adding VO members into the group
VO manager and Group manager can add a VO member into the group. The whole process is described in the Group manager's manual.
VO manager can create tags for resources. Detailed tutorial: how to create a resource tag.
Resource is part of Facility that can VO utilize. It is created by the Facility manager, but only the VO manager is allowed to manipulate with it. First, select particular VO in GUI. Button Resources shows a list of resources in VO. Button Remove removes selected Resources. By clicking the row with the name of Resource, the detailed information appears. By clicking the tab Assigned groups, the list of assigned groups is listed. Tab Assigned services show a list of assigned services. By clicking on the button Service settings, a page with attributes' settings is shown. These attributes are necessary for the proper functioning of services.
- Add a member to resource
- Remove a member from resource
- Assign the group to the resource
- Assign service to the resource
- Assign a tag to the resource
Managing an application form
Creating rules to account extensions
It is necessary to set attribute membershipExpirationRules for VO. The attribute can be added in Settings in VO. Its items can be:
doNotAllowLoa - list of LoAs separated by comma, which won't be allowed in VO (users can't become members).
period - time period to extend membership. It can be set as fixed date (without year), e.g. 1.1 or as number of days/months/years with prefix "+"
that defines time period that extends membership. Units are d = day, m = month, y = year, e.g. +128d extends account to 128 days. +6m, +1y.
doNotExtendLoa - list of LoAs separated by comma, that are not extensible.
gracePeriod - when present date of initial application or extending request equels extension date minus gracePeriod then user account is extended to the next time period
(period date in next year). Value is in format number days/months/years. Units are d = day, m = month, y = year, e.g. 128d, 6m, 1y
periodLoa - an exception in period for given LoA. Format of value is: LoA|period[.]. LoA is given Loa number and period is in same format as a period.
Optional dot at the end means whether extend an account to user with filled membershipExpiration or not. If dot is present, user with filled membershipExpiration is not allowed to extend an account.