Page History
| Table of Contents |
|---|
Permissions
NOTE: calib constants get written to both experiment db and detector db, as permissions allow.
All databases will be world-readable.
Table of write-permissions:
| Configuration Database | Experiment Calibration Database |
|---|
| Detector ("Cross-experiment") Calibration Database | ||
|---|---|---|
| OPR accounts (don't need kerberos ticket, done with hutch username/password) | per-experiment logbook groups (need a kerberos ticket) | expert groups (only ps-data) |
| expert groups with kerberos ticket (this works, according to Murali) | expert groups |
| with kerberos ticket (e.g. ps-tmo and ps-data) |
- all write access requires a kerberos ticket, except the OPR accounts
- all configdb api's will use hutch/instrument in the api which will be used for authentication
- all cnf files will access ConfigDB using the opr-account style
- expert groups means unix groups like ps-xpp, psdataps-data
- there will be cross-hutch-expert protection: e.g. ps-xpp won't have permission to write to the TMO databases
- Murali has said experts may have to do an extra step (e.g. set an environment variable) in order use a different URL/end-point for expert-group access (Feb. 25, Murali says since we use kerberos everywhere, don't need different URL).
Calibration Database Access Patterns
...
Overview
Content Tools