Access Keys:
Skip to content (Access Key - 0)

GTS

GTS Access Control

[ GTS: Administrators Guide | Developers Guide | caGrid: Documentation Guides ]

Overview

Many of the operations provided by the GTS provide a means of administrating the trust fabric and are therefore restricted to GTS administrators or to administrators of individual certificate authorities. The GTS allows for the assignment of two types of permissions: GTS Administrators and Trusted CA Administrators. GTS Administrators (TrustAdmin) are "super users" and can perform any operation on a GTS (i.e., manage certificate authorities, manage trust levels, manage permissions, etc). Trusted CA Administrator (TrustAuthorityManager) permissions corresponds to a specific CA giving a party permission to update the CRL for the corresponding CA.

Managing Permissions

The GAARDS UI allows GTS administrators to search for and manage GTS permissions, this can be accomplished by completeing the following steps:

  1. Launch the GAARDS UI
  2. Login as a GTS administrator.
  3. From the Trust Fabric menu, select Access Control, this will launch the Access Control Window.
  4. From the Service drop down select the GTS you desire to search.
  5. Click the Search button.

After the search has completed, the permissions granted on the GTS you selected will be listed in the table below the Search button.

Access Control

Grant Permission

The GAARDS UI provides a method for GTS administrators to grant parties permissions on a GTS.  This can be accomplished by completing the following steps:

  1. Launch the GAARDS UI
  2. Login as a GTS administrator.
  3. From the Trust Fabric menu, select Access Control, this will launch the Access Control Window.
  4. From the Service drop down select the GTS you wish to grant a permission for.
  5. Click the Add button, this will launch the Add Permission Window.
  6. In the Grid Identity text box, enter the grid identity of the party being granted the permission.
  7. From the Trusted Authority drop down, select the certificate authority to which the permission applies.  If you select *, a TrustAdmin permission will be granted to the specified party, granting them full administrative access to the GTS.  If a specific certificate authority is chosen, a TrustAuthorityManager permission will be granted to the party allowing them to publish the CRL to the GTS for the specified certificate authority.
  8. Click the Add button, this will add the permission to the GTS.

Grant Permission

Revoke Permission

The GAARDS UI provides a method for GTS administrators to revoke permissions from the GTS.  This can be accomplished by completing the following steps:

  1. Launch the GAARDS UI
  2. Login as a GTS administrator.
  3. From the Trust Fabric menu, select Access Control, this will launch the Access Control Window.
  4. From the Service drop down select the GTS you wish to revoke a permission from.
  5. Click the Search button, this will list all the permissions granted on the selected GTS in the table below.
  6. Select the permission to revoke.
  7. Click the Remove button.
Last edited by
Sarah Honacki (855 days ago)
Adaptavist Theme Builder Powered by Atlassian Confluence