Restrict a pool to one or several VOs/groups

By default, a pool is generic: users from all VOs/groups will be able to write in it.

But it is possible to restrict a pool to one or several VOs/groups. See the dpm-addpool and dpm-modifypool man pages.

For instance:

  • Possibility to dedicate a pool to several groups
       $ dpm-addpool --poolname poolA --group alice,cms,lhcb
       $ dpm-addpool --poolname poolB --group atlas

  • Add groups to existing list
       $ dpm-modifypool --poolname poolB --group +dteam

  • Remove groups from existing list
       $ dpm-modifypool --poolname poolA --group -cms

  • Reset list to new set of groups (= sign optional for backward compatibility)
       $ dpm-modifypool --poolname poolA --group =dteam

  • Add group and remove another one
       $ dpm-modifypool --poolname poolA --group +dteam,-lhcb

IMPORTANT:

Secondary groups are not supported at the pool level, so that the VOs / groups who actually use the space "get the bill at the end of the month". This is the same behaviour as in UNIX.

In other words, only the primary virtual gid of the user matters when writing. Thus, to dedicate a pool to an entire VO, you should add the VO subgroups and roles to the pool.

For instance:

$ dpm-addpool --poolname Pool-Ops --group ops,ops/Role=lcgadmin

When a pool explicitely dedicated to a virtual gid is full, the generic pool is then used (provided there is one).


-- SophieLemaitre - 17 Aug 2007

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r3 - 2007-08-17 - SophieLemaitre
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback