Differences

This shows you the differences between two versions of the page.

--- accounts:account_activation [2023/04/19 11:04]
hans
+++ accounts:account_activation [2023/06/06 16:03] (current)
hans [Slurm Queue Access]
@@ Line 18: / Line 18: @@
 Before acquiring an ICS account please activate your [[https://www.oit.uci.edu/ucinetid/|UCInetID]].
-Once you have a UCInetID, please have your department manager/personnel or advisor submit an account request to [[https://onboarding.ics.uci.edu/site/index|onboarding.ics.uci.edu]] noting the following:
+Once you have a UCInetID, a department manager or advisor must submit an account request to [[https://onboarding.ics.uci.edu/site/index|onboarding.ics.uci.edu]] with the following information:
       * UCInetID
       * University affiliation (e.g. grad, staff, faculty, visitor)
@@ Line 24: / Line 25: @@
       * Any special groups or projects you will be working with
-UCI Students that are not ICS majors must also go through this onboarding process in order to receive an ICS account.
+Additional information for using the onboarding app:  [[https://docs.google.com/document/d/1jDVJSXZ-8pRTTSYR6w9lCnVSE1U-OqrdXmmpez5z6ZA/edit#heading=h.q4a1p8ulkt57|Onboarding How-To]]
+**Note:** UCI Students that are not ICS majors must also go through this onboarding process in order to receive an ICS account.
+===== Account Access =====
+The following sections attempt to detail how access control is provided on ICS Systems.
+==== (Posix) Group ====
+=== Provides Access To ===
+  * Group readable files and directories
+  * Sudo commands are frequently assigned based on group members
+  * Docker on some systems.
+=== How to Grant Access ===
+User group membership can be set by Helpdesk staff via an [[group:support:accounts:howto_manage_accounts|internal account management tool.]]
+Groups may be nested and membership in one group implies membership in any groups that contain said group.
+==== Netgroup and Host Access ====
+=== Provides Access To ===
+  * Host login access is permitted based on netgroup membership.
+Access may be tested on many systems by running the `/usr/local/bin/testaccess <user>` command.
+<code>
+circinus-28# testaccess hans
+Username            Status
+----------------------------------------
+hans                ACCESS PERMITTED
+</code>
+=== How to Grant Access ===
+User netgroup membership can be set by Helpdesk staff via an [[group:support:accounts:howto_manage_accounts|internal account management tool.]]
+Netgroups may be nested and membership in one netgroup implies membership in any netgroups that contain said netgroup.
+==== Groupleader ====
+Please see the [[accounts:gsu]] Groupleader Account for more details.
+=== Provides Access To ===
+  * [[accounts:gsu|Shared group shell accounts]] via `sudo -u <groupleaderaccount> -s`
+  * [[accounts:mapping_network_drive|Share network drivers]]
+=== How to Grant Access ===
+User groupleader access can be provided by helpdesk staff using our [[group:support:accounts:howto_manage_accounts|internal account management tool.]]
+The tool adds an equivalency attribute to the groupleader account POSIX account LDAP entry.
+==== Slurm Queue Access ====
+Slurm access is provide based on group membership and netgroup members.
+Any member of the grad or ugrad group will automatically have a slurm accounts  Use the `sacctmgr show user <username>` from any openlab host to confirm the account is present for <username>.
+Any user that has a slurm account and is a member of a netgroup that can login to a host in the slurm queue may submit jobs to that queue.