Dear Allan,
Am Mittwoch, 14. August 2024, 19:49:43 CEST schrieb Allan Pinto:
>
> I have a new ICAT instance running up and I need to create authorizations
> rules and ingest them into this new instance. I wonder if there are some
> tools and documentation that help me to do this, please.
Authorization in ICAT is a very broad subject that includes several
subtopics, including:
+ The semantics: how does authorization in ICAT work in general? How
do the rule system work? What kind of rules do you need for your
use case?
+ The syntax: how are the rules formulated?
+ The tooling: what tools can be used to create the rules in ICAT?
+ Best practices: what are the dos and don'ts?
Elaborating on each of these would go beyond of what I can esily do in
an email.
Also note that each facilities has their own requirements and we all
do things a little bit differently. There is no one size fits all
standard solution.
If you are looking for a concrete example, you might want to look at
the `init-icat.py` script [1] from the examples for python-icat. It
mimics the basic initialization of a new ICAT instance, including
populating the Rules table. The ideas behind the individual rules are
explained in the comments.
Actually, this script grew out of my own experimentation when I
started to setup ICAT for HZB. It has been converted to an example
script for python-icat later on and is also still be used in the
python-icat test suite.
But please use some common sense and ypur own critical judgement
before adopting these rules. They were based on my initial ideas,
when I started to design the authorization for HZB's ICAT, almost ten
years ago. Not all of the initial ideas turned out to be very useful
in practice. The rules in my production instance have been developed
further since then and I didn't bother to reflect all the changes in
the example script. For some of the rules in the example script, I
wouldn't formulate them the same way again today. I still have it on
my internal TODO list to review, document, and partly reformulate the
ruleset in HZB's production ICAT.
Please feel free to ask if you have any questions on the script or any
specific questions on authorization in ICAT in general.
This is a rather old piece of code, written by a very experienced ICAT
admin, Tom Griffin. It could still work in principle, since the ICAT
API didn't fundamentally change since then. But it is not complete in
itself, I assume, you would need to build it using the ICAT client
package [2]. E.g. you would need to create a maven project that
includes ICAT client as a dependency. I can't tell you anything more
than this, because I mostly use Python rather than Java at the client
side of ICAT myself.
HTH & Best regards,
Rolf
[1]:
https://github.com/icatproject/python-icat/blob/develop/doc/examples/init-icat.py
[2]:
https://repo.icatproject.org/site/icat/client/5.0.0/
--
Rolf Krahl <
rolf....@helmholtz-berlin.de>
Helmholtz-Zentrum Berlin für Materialien und Energie (HZB)
Albert-Einstein-Str. 15, 12489 Berlin
Tel.:
+49 30 8062 12122