home > Default Attribute Values

OSCARS Default Attributes


In order to facilitate the granting of authorizations to users, we have defined a number of attributes that represent standard roles which can be assigned to a user. In general these roles are intended to provide all the authorizations that a user will require and hence each user should be assigned to just one role (with a few exceptions). The role attributes are:

Role Attributes

OSCARS-user:
A non-privileged user who can make and manage his own reservations.
OSCARS-engineer:
A privileged user who can make reservations, specifying  path elements, manage all reservations, view and modify topology and perform un-safe modifications to reservations.
OSCARS-site-administrator:
A privileged user who can manage all the reservations that start or end at his site. Intended for the use of end site network administrator to be able to completely control traffic entering or leaving his site.
OSCARS-operator:
A less privileged user who can see, but not modify all user reservations. Intended for a NOC operator to be able to see what reservations are affected by a link outage at his site and be able to alert the owner of the reservation or an OSCARS-engineer at his site.
OSCARS-service:
The role an IDC operates under. Should not be assigned to human users.
OSCARS-publisher:
Is only allowed to publish events to the OSCARS Notification server. It is intended to be used  by an non-OSCARS service, such as perfSONAR that should be able to publish events of interest to OSCARS users.
OSCARS-administrator:
An administrative role that manages users and authorization policy. Can create and delete users and institutions, assigns attributes to users, can modify the authorizations associated with attributes. Does not have any permission with respect to reservations.
In general, only the OSCARS-administrator role should be granted to someone who holds another role. If you only have one person to manage a site, the combination of OSCARS-engineer and OSCARS-administrator grants all privileges to the system.

All users are able to see and modify their own user profile and subscribe to notifications about reservations that they have authorization to query.

Other type of attributes

OSCARS-may-specify-path:
Can be granted to a normal OSCARS-user to allow them to specify path elements when making a reservation.
In the future we may have project attributes that associate a user with a research project that has special network requirements.

Authorizations

Go here to see what default authorizations are granted to each attribute, or use the authorizations tab to see what the current authorizations are.