...
If you are not sure about a request, please ask Massimo Sgaravatto.
Then you should check if the user requesting the new project is compliant with the INFN policies. This means that the user must be registered in INFN-AAI and:
- he/she must have a verified digital identity (LoA2)
- he/she must declare to have read and accepted the INFN rules for the use of IT resources
- he/she must have followed the "Corso di Sicurezza Informatica - BASE"
Actually the third bullet is not a strict requirement: if all the requirements but the last one are met, the request can be accepted, but please notify the user that he/she must follow the course within 30 days.
To check e.g. if the user whose family name is 'Sgaravatto' is compliant with all the 3 rules, you can execute this ldapsearch query:
| Code Block | ||
|---|---|---|
| ||
$ ldapsearch -x -LLL -Z -h ds2.infn.it -b ou=People,dc=infn,dc=it "(&(sn=*sgaravatto*)(eduPersonAssurance=urn:mace:infn.it:loa2)(schacUserStatus=urn:schac:userStatus:it:infn.it:disciplinareict:approvato+on=202*)(schacUserStatus=urn:schac:userStatus:it:infn.it:formazione:sicurezzainformatica-base:superato+on*))" |
This will return a result, only if the 3 requirements are met
| Code Block | ||
|---|---|---|
| ||
l: pd
givenName: Massimo
sn: Sgaravatto
cn: Massimo Sgaravatto
telephoneNumber: +390499677360
mail: Massimo.Sgaravatto@pd.infn.it |
If a result is not returned, check if the first 2 requirement (the "LoA2: stuff and if the user has accepted the INFN rules on IT resource usage). The query will be:
| Code Block | ||
|---|---|---|
| ||
$ ldapsearch -x -LLL -Z -h ds2.infn.it -b ou=People,dc=infn,dc=it "(&(sn=sgaravatto)(eduPersonAssurance=urn:mace:infn.it:loa2)(schacUserStatus=urn:schac:userStatus:it:infn.it:disciplinareict:approvato+on=202*))" |
If a result is returned, this means that the user didn't follow the course. In this case the request can be accepted, but please notify the user via e-mail that he/she must follow the course within 30 days.
The text of the e-mail can be something like:
We received your request for the creation of a new project for the CloudVeneto infrastructure .
Since you requested the access to INFN resources, please note what is reported at:
http://userguide.cloudveneto.it/en/latest/Registration.html#prerequisites-for-using-infn-resources
In particular we noticed that you didn't follow the IT Security course. This must be done within 30 days.
To follow the course, please go to:
https://elearning.infn.it/course/view.php?id=105
Regards
The CloudVeneto support team
If the project can be created, ask the user who submitted the request:
...
- a INFN project:
- Select "INFN" as "Available units"
- Select the relevant(s) Unit or Department
- Choose a 10.64 network from "Available networks"
- a Unipd project:
- Select "Unipd" as "Available units"
- Select the relevant(s) Unit or Department
- For what concerns "Available networks":
- If this is a project for DFA :you have two options (ask the other colleagues if you are not sure)
- select a 10.64 network
- To be used in general if this
- project
- will be used by persons who have an account at INFN/DFA (e.g. researchers).
- In this case users affiliated with the project will have to be compliant with the INFN rules for IT resources
- Access to the VMs will be possible from INFN/DFA LAN without going through a gate
- a 10.67 network
- to be used in general if this
- project will be used by persons who don't have an account at INFN/DFA (e.g. students)
- In this case it is NOT necessary that users affiliated with the project have to be compliant with the INFN rules for IT resources
- Access to the VMs will be possible only going through a gate
- select a 10.64 network
- If this is a project for another department, select a 10.67 network
- If this is a project for DFA :you have two options (ask the other colleagues if you are not sure)
...