Access to the US-CMS Upgrades Project Documents and Website

People working on the US-CMS Upgrades Project will generally need access to:

  1. The CMS DocDB document database where we store project documents
  2. The US-CMS Upgrades website, which is a protected part of the CMS website

If you are a CMS Collaborator and already have access to the internal CMS website and DocDB, then just Email a request to Lucas.Taylor@cern.ch telling him your user ID and you will be given the necessary access rights. If you are not a CMS Collaborator (e.g. non-CMS Fermilab staff, contractor, etc.) then you first need to register at CERN as an external user. This takes one minute by filling in your Email address as user ID on this web form and choosing a password (different from your usual password). Then to get access to the US Upgrades documents and website just Email a request to Lucas.Taylor@cern.ch telling him the Email address that you registered above and he'll give you the necessary access rights. Then, when you access a document or web page and are asked for a user ID and password, just enter your Email and password (as you registered above). When using DocDB to add or modify a document you may grant access to the US Upgrades Project Office people by selecting the US ProjectOffice Group in the access control pull-down menus ("Who can see this?" and "Who can modify this?"). Click Advanced to show all of the groups that can be selected.

Access to the svn Repository containing the US-CMS Upgrades CDR

Access to the svn repository is controlled by CERN afs userid. If you need access and do not already have it, contact Lucas Taylor (or George Alverson).

Access to information for the US-CMS Upgrades Reviewers

All documents that the reviewers need to see will be stored in DocDB.

  1. A public entry-level webpage will be created for the reviewers with useful links and general information (but not any confidential information). FIXME: decide where to host this. Could be either Fermilab or CERN.
  2. All documents and confidential data for the reviewers will be stored in DocDB. They should be tagged as readable by the DocDB groups US Reviewers and US ProjectOffice. If appropriate they may also be tagged as readable by CMS members only or, in exceptional cases, they may be completely Public. The reviewers will be given a single user + password combination that will grant them access to the DocDB documents in the group US Reviewers.
  3. FIXME: Will we give reviewers access to Primavera and/or COBRA? If so, how?
  4. An e-group has been created to enable you to send Email to the reviewers.
How is access control actually handled (what's under the hood)?

CERN- and CMS-standard procedures are used to securely manage who can access US-CMS Upgrade Project information:

  1. The CERN e-group system enables users to be added and removed from access control lists
  2. The CMS website has role-based access control, with roles mapping to e-groups (e.g. the Drupal role uscms-upgrades-project-office maps to the uscms-upgrades-project-office egroup)
  3. The CMS DocDB system has group-based access control, with groups mapping to e-groups (e.g. the DocDB group US ProjectOffice maps to the uscms-upgrades-project-office egroup)

So why must project office members register with CERN to access DocDB but the reviewers don't have to? The project office people have to register because they will be granted write access to DocDB. Reviewers can only read documents. This read-only mode of access is implemented by having a separate DocDB instance running just for this purpose with a local DocDB user defined for the reviewers that grants them read access to the appropriate (selected) documents. FIXME: Eric will set this up soon.

Granting or revoking a person's access rights to documents

To add or remove access rights to documents, add or remove the corresponding person using the CERN e-group system..