User Accounts¶
The default account is a username and password.
LDAP functionality can be enabled to authenticate supplied passwords against LDAP. This removes the ability to create new accounts or change passwords from IceProd, as this needs to be done on the LDAP server.
Roles¶
Roles are general categorizations for users. Each user may belong to more than one role.
Built-in roles:
user
admin
system - internal system auth, no sub-tokens
client - internal system auth, can generate sub-tokens
pilot - generated by client tokens for pilot jobs
Groups¶
Groups are mostly for dataset priority controls. Administrators can control the group-level priorities to balance overall priority between groups.