Details
-
Type:
RFC
-
Status: Implemented
-
Resolution: Done
-
Component/s: Infrastructure
-
Labels:None
Description
LSST can enforce data access rights through group membership. Furthermore, LSST intends to enforce L3 data access rights through group membership. Since we intend on using LSST groups membership to determine data access rights and access to other LSST resources and services, a group naming convention must be established.
Since we intend on enforcing access, data rights, etc. through group membership it would be prudent to have a group naming policy that reflects LSST's information classification policy and account roles within the organization.
The proposed group naming policy:
https://confluence.lsstcorp.org/display/LAAIM/LSST+IaM+Group+Naming+and+Auditing+Policy
We would like to link this up with the Data Access Working Group - I see you mention it in a related page. Also I am not sure we want level 3 groups to be the same mechanism as this - for me the l3 groups could be quite dynamic and created by the users themselves. We should have a call on the topic perhaps easiest.