Changes between Version 5 and Version 6 of MultiUser


Ignore:
Timestamp:
Sep 20, 2011, 11:17:20 AM (14 years ago)
Author:
davea
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • MultiUser

    v5 v6  
     1[[PageOutline]]
     2
    13= Multi-user projects =
    24
    35This document describes a set of BOINC server features
    4 that support projects with multiple users (i.e., job submitters).
     6that support projects with multiple job submitters, or '''users'''.
    57A user may represent a single scientist, a research group, or some other organizational entity,
    68An example of a multi-user project is a science portal such as NanoHUB.org.
    79
    8 Such projects are typically structured so that users interact with the project through a web-based interface,
    9 possibly served on a computer other than the BOINC server.
    10 The BOINC server is accessible only to '''administrators'''.
     10Such projects are typically structured so that users
     11interact with the project through a web-based interface,
     12and only project admins have login access to the BOINC server.
    1113
    1214BOINC's design supports the following goals:
     
    1416 * The set of users may be large (1000s) and dynamic.
    1517 * The project's resources are shared fairly among users, based on quotas.
    16  * Users have privacy: a user cannot see the computational results of other users.
    17  * The access rights of a user (e.g., the applications to which they can submit jobs)
    18    can be limited by project administrators.
     18 * Privacy: users cannot in general see the computational results of other users.
     19 * Flexible access control.
    1920
    2021== User identity ==
    2122
    2223Users are identified by BOINC project accounts (same as volunteers).
    23 Users can supply computing resources to the project,
    24 and this may affect their quota (see below).
     24Users may also be volunteers; i.e. they may supply computing resources to the project.
     25(this may affect their quota; see below).
    2526
    2627== Access control ==
    2728
    28 To submit jobs, users must be given access by administrators.
    29 This can done via the '''User job submission permissions''' link in the project admin web interface.
    30 Users may be given permission to submit jobs only to specific applications,
    31 or to submit jobs to any current or future applications.
     29The following operations are subject to access control:
    3230
    33 In the future, we may provide mechanisms by which users can create applications,
    34 and the access control system would be extended to control this capability.
     31 * Submitting jobs
     32 * Creating and deprecating apps
     33 * Creating and deprecating app versions
     34 * Aborting jobs (possibly those submitted by other users)
     35 * Changing access rights
     36
     37For each user, the BOINC access control system defines a set
     38of '''global privileges''' and optionally a set of '''per-app privileges'''
     39for each app.
     40
     41The global privileges include
     42
     43 * '''submit_all_apps'''.
     44  If this flag is set, the user can submit jobs to any application,
     45  included those added in the future.
     46 * '''admin_all_apps'''.
     47  If this flag is set, the user
     48  * has admin privileges for all apps (see below)
     49  * can grant and revoke the privileges of any user
     50  * can create and deprecate apps
     51  * set user quotas (see below)
     52
     53The per-app privileges include
     54 * the ability to submit jobs to the app
     55 * '''admin''': if this flag is set, the user can
     56  * create and deprecate versions of the app
     57  * grant and revoke per-app permissions for this app
     58  * abort any job of this app
     59  * view the output files of any job of this app
     60
     61Users can be given '''admin_all_apps''' permission via the
     62'''User access control''' link in the project admin web interface.
     63All other access control is done via the submit_permissions.php page
     64on the main web site.
    3565
    3666== User quotas ==
     
    5282   e.g. by participating in the message boards.
    5383
    54 Quotas are set by administrators, via the admin web interface or other mechanism.
     84Quotas can be manually set by users with the '''admin_all_apps''' privilege,
     85via a web interface.
    5586
    5687== Implementation notes ==
     
    5889Two new DB tables support the multi-user features
    5990
    60  * '''user_submit''': access control and quota info for a user
     91 * '''user_submit''': per-user access control and quota info
    6192 * '''user_submit_app''':  per (user, app) access control info.