The Stage Configuration File will contain a white list. Each line of the white list may contain up to three regular expressions enclosed in double quotes. The regular expressions match the DN, FQAN, and the Storage Group written in the following format:
"<DN>" ["<FQAN>" ["<StorageGroup>"] ]
Lines starting with a hash symbol # are discarded as comments.
The regular expression syntax follows the syntax defined for the Java Pattern class .
Example:
Here are some examples of the White List Records:
".*" "/atlas/Role=production" "/C=DE/O=DESY/CN=Kermit the frog" "/C=DE/O=DESY/CN=Beaker" "/desy" "/O=GermanGrid/.*" "/desy/Role=.*"
This example authorizes a number of different groups of users:
/atlas/Role=production.
/C=DE/O=DESY/CN=Kermit the frog,
irrespective of which VOMS groups he belongs to.
/C=DE/O=DESY/CN=Beaker but only if
he is also identified as a member of VO desy
(FQAN
/desy)
/O=GermanGrid/.* and
/desy/Role=.* respectively.
If a storage group is specified all three parameters must be provided.
The regular expression ".*" may be used to authorize any DN
or any FQAN. Consider the following example:
Example:
".*" "/atlas/Role=production" "h1:raw@osm" "/C=DE/O=DESY/CN=Scooter" ".*" "sql:chimera@osm"
In the example above:
/atlas/Role=production
is allowed to stage files located in the storage group h1:raw@osm.
/C=DE/O=DESY/CN=Scooter, irrespective of which VOMS groups he belongs to,
is allowed to stage files located in the storage group sql:chimera@osm.
With the plain dCap protocol the DN and FQAN are not known
for any users.
Example:
In order to allow all dCap users to stage files
the white list should contain the following record:
"" ""
In case this line is commented or not present in the white list,
all dCap users will be disallowed to stage files.
It is possible to allow all dCap users to stage files located in a certain storage group.
Example:
In this example, all dCap users are allowed to stage files
located in the storage group h1:raw@osm:
"" "" "h1:raw@osm"