Read-only access to a suite

[LOGAN, JEFFREY GS-13 USAF ACC 2 SYOS/SYSA]

Ref: https://github.com/cylc/cylc/issues/124, comment by user dpmatthews on Sept 25, 2012 which states...

Longer term we should implement a new access control mechanism which would allow, for instance, users to be granted read-only access to a suite.

We are exploring an option where a user be given insight into the real-time operation of a suite but only have 'read-only' access to the suite. Does such a mechanism exist today given the 2012 comment above?
For example, a read-only 'gcylc' like view of a suite would suffice.

Thanks!

//SIGNED//
JEFFREY D. LOGAN, DAFC
Chief, Information Exploitation (SYSA)
DSN 271-4888 Comm (402) 294-4888

[Hilary Oliver]

Hi Jeffrey,

Yes, you can do that.  Suite owners can authorize different levels of "public" access (i.e. without the suite passphrase). By default only suite identity and task state totals are revealed (which is what `cylc scan` and `cylc gscan` display, if the suite allows) but you can grant full read-only access if you like.  (Or this could be done in site global.rc, as a default for all users).

# global.rc

[authentication]

    public = full-read

Now if you run cylc gscan -o '.*' (to see other users' suites as well as your own), click on one to open it in the GUI.  You'll see the suite state, but any attempt to control it will be denied by the suite daemon.

Alternatively, find suite NAME:PORT with cylc scan -o '.*' and then start the GUI with cylc gui --port=PORT NAME

Hilary

P.s. we are gearing up to replace the desktop GUIs with web technology over the next year; and as part of this effort we will modernize the authentication and authorization system too.

--

---
You received this message because you are subscribed to the Google Groups "cylc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cylc+uns...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.