Bug 725805 - [RFE] Group Policy
Summary: [RFE] Group Policy
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Beaker
Classification: Retired
Component: scheduler
Version: 0.6
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: beaker-dev-list
QA Contact:
URL:
Whiteboard: GroupModel
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-26 15:48 UTC by Bill Peck
Modified: 2020-11-19 22:18 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2020-11-19 22:18:10 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 908183 0 high CLOSED Allow to submit a group job 2021-02-22 00:41:40 UTC

Internal Links: 908183

Description Bill Peck 2011-07-26 15:48:56 UTC 
Description of problem:

Current policy is hard coded and applies to *everyone*.  Group policy would put systems and users in Primary groups and those groups would be able to define their own policy.

Things that would be determined by group policy:

    System Behaviour for this Group
- Max watchdog reservation (for entire recipe) [One Day,Three days, Week, None]
- Max systems in use by one user for this group [ 0 = unlimited  ]
- Systems can be provisioned Manually
  (X) by owner
  ( ) by Site Administrators
  ( ) by Group Admins
  ( ) by Anyone in group
  ( ) by Anyone
- [ ] Allow loaning outside of Group
- Systems can be loaned 
  (X) by Owner
  ( ) by Site Administrators
  ( ) by Group Admins
  ( ) by Anyone in group
  ( ) by Anyone
- Systems can be power cycled 
  (X) by owner
  ( ) by Site Administrators
  ( ) by Group Admins
  ( ) by Anyone in group
  ( ) by Anyone

    Results Behaviour for this Group
- Retention tag can only be changed
  (X) by Owner
  ( ) by Site Administrators
  ( ) by Group Admins
  ( ) by Anyone in group
  ( ) by Anyone
- Ack/Nak Results
  (X) by Owner
  ( ) by Site Adminsitrators
  ( ) by Group Admins
  ( ) by Anyone in group
  ( ) by Anyone
- Results are viewable only 
  (X) by Owner
  ( ) by Site Administrators
  ( ) by Group Admins
  ( ) by Anyone in Group
  ( ) by Anyone

This list will grow and change over time..
Comment 1 Bill Peck 2011-08-16 13:41:12 UTC 
Password Policy
 [           ] Group Password
 [ ] Allow custom passwords
Comment 2 Jan Stancek 2012-10-11 06:46:41 UTC 
- Job/recipe can be cancelled by
  (X) by Owner
  ( ) by Site Adminsitrators
  ( ) by Group Admins
  ( ) by Anyone in group
  ( ) by Anyone
Comment 3 Nick Coghlan 2012-10-17 04:39:33 UTC 
Bulk reassignment of issues as Bill has moved to another team.
Comment 4 Nick Coghlan 2013-02-06 06:40:55 UTC 
While we do plan to do something along these lines in the 1.x series, the exact structure is going to be different.

1. As a starting point, user groups don't have fine-grained permissions enforced by Beaker. Instead, when an owner submits a job as a "group job" (by marking it as such in the XML), then the whole group gets full ownership privileges. Finer grained permissions can be handled by convention outside of Beaker, or by creating additional subgroups and making use of the system pool permissions planned for Beaker 1.1

2. Rather than having a preselected set of groups, the system pool permissions will each have a list of groups next to them, and systems will be able to be part of multiple pools. A user will be able to perform action <X> (e.g. loan, power cycle, manually provision, run recipes) on a system if they are a member of any group that has permission to do <X> on at least one pool that includes that system.
Comment 5 Min Shin 2013-02-12 06:57:32 UTC 
Related desgin proposals (work in progress)

http://beaker-project.org/dev/proposals/enhanced-user-groups.html
http://beaker-project.org/dev/proposals/system-pools.html
http://beaker-project.org/dev/proposals/event-driven-scheduler.html
http://beaker-project.org/dev/proposals/effective-job-priorities.html
Note You need to log in before you can comment on or make changes to this bug.