Managing Applications

The CSM administrative interface allows users to manage CSM authorization policy data for multiple applications from the Application Access Control interface. Using this interface users can view existing applications, add new applications and remove existing applications. To access the Application Access Control interface, first launch the CSM administrative interface. From the Access Control menu item, choose Manage Access Control.

In order to manage CSM applications and resources, you must be logged into a grid account that is configured to be a CSM administrator. During the installation process, it was recommended that at least one grid identity be added as a CSM administrator. If your account was not configured to be a CSM administrator, review step 7 of the Installation Guide.

If you have added your grid account as a CSM administrator but you are experiencing an error similar to the one pictured to the right, make sure that you specified the correct grid account in the Credential select box of the Application Access Control interface.

access denied message

Searching for Applications

You can search for existing CSM applications by using the Search form fields on the Application Access Control interface. Select a service using the Service select box and choose your grid credential from the Credential select box. Note that the default value for the Credential select box is "Globus Default Proxy." Select a grid identity that has been configured as a CSM administrator from the Credential select box.

Once you have specified a Service and Credential, click the Search button to show a list of CSM applications associated with the Service you specified.

search applications

The screenshot shows the results of a sample search where the Service is specified as Localhost. The only result from the search is the CSM Web Service itself. Thus, the CSM Web Service can be managed in the same way that other applications added later are managed. Note that after a successful install the CSM Web Service should appear by default in the Applications search results. That is, you do not need to explicitly add the CSM Web Service; it will be added automatically during the installation process.

As mentioned, the CSM Web Service can be managed using the administrative interface. Thus, it is possible to remove your own user id from having administrative access. If you accidentally lock yourself out of the administrative UI, you can re-enable access using the ant addAdmin command. Instructions for using the addAdmin command can be found in the Installation Guide.

Viewing an Application

You may view and manage the protection elements, protection groups, roles, and other attributes of an application using the View button. Perform a search that lists the application you wish to view. Click on the application you wish to view to highlight it in dark blue. Click on the View button to launch the Access Control Management interface.

access control management interface

This interface displays tabs for managing Protection Elements, Protection Groups, Roles, Groups, Permissions and Instance Level Security Filters.

Note that alternating application rows are highlighted with a light blue. This color differs from the dark blue used to show that a specific application has been selected. In the following screenshot, notice that the 2nd and 4th rows are highlighted in light blue, while the 3rd row is highlighted in dark blue. The 3rd row is the only row that has been clicked and is thus selected.

There are no images attached to this page.

This can distinction can be somewhat confusing when there are only two or three applications listed in the search results. The light blue highlighted rows may appear to be selected and are not. If you attempt to remove an application without clicking one, you will receive the following error message:

There are no images attached to this page.

Adding a new Application

To add a new application, specify the service you would like to add the application to using the Service select box. Also, select a grid account from the Credential select box that is a CSM administrator. If you attempt to add a new application with an account that is not a CSM administrator, you will encounter the following error message:

access denied message

Click on the Add button to add a new application. The Create Application interface will appear. You must enter a Name for for the application as well as a Description. The name you enter should be identical to the name that the application will use to identify itself to CSM when it wants CSM to make authorization decisions. After entering these values click the Add button to add the application.

add a new application

Once the application has been added, the search results on the Application Access Control interface will refresh. You should now see your newly added application in the list of search results. Notice that an Id value will be generated for your new application and will be displayed in the search results.

new application added to search results

Removing an existing Application

Existing applications may be removed using the remove button. First, perform a search such that the application you wish to remove is listed in the search results. Next, click on the application you wish to remove. This will highlight the application row in dark blue. Click the Remove button to remove the selected application.

Use caution with this feature! Clicking Remove does not prompt for confirmation and cannot be undone.

Next Steps:

Learn how to use the Access Control Management interface to manage protection elements, manage protection groups, manage roles, manage groups, manage permissions and manage instance level security filters.

CSM