Cargando…

Role Based Access Control System in the ATLAS Experiment

The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructu...

Descripción completa

Detalles Bibliográficos
Autores principales: Valsan, M L, Dobson, M, Lehmann Miotto, G, Scannicchio, D A, Schlenker, S, Filimonov, V, Khomoutnikov, V, Dumitru, I, Zaytsev, A S, Korol, A A, Bogdantchikov, A, Avolio, G, Caramarcu, C, Ballestrero, S, Darlea, G L, Twomey, M, Bujor, F
Lenguaje:eng
Publicado: 2010
Materias:
Acceso en línea:http://cds.cern.ch/record/1299916
_version_ 1780921031780728832
author Valsan, M L
Dobson, M
Lehmann Miotto, G
Scannicchio, D A
Schlenker, S
Filimonov, V
Khomoutnikov, V
Dumitru, I
Zaytsev, A S
Korol, A A
Bogdantchikov, A
Avolio, G
Caramarcu, C
Ballestrero, S
Darlea, G L
Twomey, M
Bujor, F
author_facet Valsan, M L
Dobson, M
Lehmann Miotto, G
Scannicchio, D A
Schlenker, S
Filimonov, V
Khomoutnikov, V
Dumitru, I
Zaytsev, A S
Korol, A A
Bogdantchikov, A
Avolio, G
Caramarcu, C
Ballestrero, S
Darlea, G L
Twomey, M
Bujor, F
author_sort Valsan, M L
collection CERN
description The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Servers offering remote access to the Detector Control System (DCS) and to Windows machines inside ATCN, the PVSS SCADA software, the distributed file system, the central network attached file system. The RBAC implementation uses a directory service based on Lightweight Directory Access Protocol to store the users (~3000), roles (~320), groups (~80) and access policies. The information is kept in sync with various other databas es and directory services: human resources, central CERN IT, CERN Active Directory and the Access Control Database used by DCS.
id cern-1299916
institution Organización Europea para la Investigación Nuclear
language eng
publishDate 2010
record_format invenio
spelling cern-12999162019-09-30T06:29:59Zhttp://cds.cern.ch/record/1299916engValsan, M LDobson, MLehmann Miotto, GScannicchio, D ASchlenker, SFilimonov, VKhomoutnikov, VDumitru, IZaytsev, A SKorol, A ABogdantchikov, AAvolio, GCaramarcu, CBallestrero, SDarlea, G LTwomey, MBujor, FRole Based Access Control System in the ATLAS ExperimentDetectors and Experimental TechniquesThe complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Servers offering remote access to the Detector Control System (DCS) and to Windows machines inside ATCN, the PVSS SCADA software, the distributed file system, the central network attached file system. The RBAC implementation uses a directory service based on Lightweight Directory Access Protocol to store the users (~3000), roles (~320), groups (~80) and access policies. The information is kept in sync with various other databas es and directory services: human resources, central CERN IT, CERN Active Directory and the Access Control Database used by DCS.ATL-DAQ-SLIDE-2010-391oai:cds.cern.ch:12999162010-10-14
spellingShingle Detectors and Experimental Techniques
Valsan, M L
Dobson, M
Lehmann Miotto, G
Scannicchio, D A
Schlenker, S
Filimonov, V
Khomoutnikov, V
Dumitru, I
Zaytsev, A S
Korol, A A
Bogdantchikov, A
Avolio, G
Caramarcu, C
Ballestrero, S
Darlea, G L
Twomey, M
Bujor, F
Role Based Access Control System in the ATLAS Experiment
title Role Based Access Control System in the ATLAS Experiment
title_full Role Based Access Control System in the ATLAS Experiment
title_fullStr Role Based Access Control System in the ATLAS Experiment
title_full_unstemmed Role Based Access Control System in the ATLAS Experiment
title_short Role Based Access Control System in the ATLAS Experiment
title_sort role based access control system in the atlas experiment
topic Detectors and Experimental Techniques
url http://cds.cern.ch/record/1299916
work_keys_str_mv AT valsanml rolebasedaccesscontrolsystemintheatlasexperiment
AT dobsonm rolebasedaccesscontrolsystemintheatlasexperiment
AT lehmannmiottog rolebasedaccesscontrolsystemintheatlasexperiment
AT scannicchioda rolebasedaccesscontrolsystemintheatlasexperiment
AT schlenkers rolebasedaccesscontrolsystemintheatlasexperiment
AT filimonovv rolebasedaccesscontrolsystemintheatlasexperiment
AT khomoutnikovv rolebasedaccesscontrolsystemintheatlasexperiment
AT dumitrui rolebasedaccesscontrolsystemintheatlasexperiment
AT zaytsevas rolebasedaccesscontrolsystemintheatlasexperiment
AT korolaa rolebasedaccesscontrolsystemintheatlasexperiment
AT bogdantchikova rolebasedaccesscontrolsystemintheatlasexperiment
AT avoliog rolebasedaccesscontrolsystemintheatlasexperiment
AT caramarcuc rolebasedaccesscontrolsystemintheatlasexperiment
AT ballestreros rolebasedaccesscontrolsystemintheatlasexperiment
AT darleagl rolebasedaccesscontrolsystemintheatlasexperiment
AT twomeym rolebasedaccesscontrolsystemintheatlasexperiment
AT bujorf rolebasedaccesscontrolsystemintheatlasexperiment