Teams and Authorization¶
Permissions to view and edit content on the Grafana installation at ctrend.xfel.eu are controlled through a combination of so-called teams and folders:
| Folders: | folders group dashboards and panels into areas of similar contents. Folders exist e.g. for each instrument, or for general topics such as detectors, photon diagnostics, or vacuum. Multiple XFEL groups may be responsible for curating the content of a folder. |
|---|---|
| Teams: | a team is a group of users which should have the same minimum access level to a Folder. Hence, teams are assigned to Folders with e.g. view-only, or editor access. A given user can be member of multiple teams, and multiple teams may be authorized to access a folder. |
For the ctrend.xfel.eu installation teams generally map to the folder structure: there are at least two teams configured to access each folder:
| View-only teams: | |
|---|---|
| users in these teams can view the content, i.e. the dashboards and contents of a folder. They cannot edit existing dashboards, nor can they create new ones. Modification of dates and times to be accessed is possible, but cannot be persisted. Data can be exported, e.g. to CSV. | |
| Editor teams: | users in these teams can view the content, i.e. the dashboards and contents of a folder. In addition, they can create new dashboards and panels within the folder the team is assigned to, change date and times a dashboard or panel shows, and also persist this change as the default view. Users can modify existing dashboards and panels, and edit e.g. graphing option. Data can be exported, e.g. to CSV. |
Note
Teams do not strictly relate to XFEL groups: a SPB scientist wanting to view a panel in the MID folder would be added to the MID view-only team to do so.
Note
Privileges on folders are assigned to Teams by CTRL, and team editors cannot change them. However, the association of Teams to Folders is not expected to change frequently. Users should be added to a team already assigned to a given folder, rather than assigning a new team, and thus many users to that folder.
| Folder | View-only teams | Editor teams |
|---|---|---|
| FXE | FXE-view-only, SUPPORT | FXE, CTRL |
| SPB | SPB-view-only, SUPPORT | SPB, CTRL |
| MID | MID-view-only, SUPPORT | MID, CTRL |
| HED | HED-view-only, SUPPORT | HED, CTRL |
| SCS | SCS-view-only, SUPPORT | SCS, CTRL |
| SQS | SQS-view-only, SUPPORT | SQS, CTRL |
| SASE1 | ALL | VAC, XPD, BKR, CTRL, EEE, XRO |
| SASE2 | ALL | VAC, XPD, BKR, CTRL, EEE, XRO |
| SASE3 | ALL | VAC, XPD, BKR, CTRL, EEE, XRO |
| Beckhoff | SUPPORT | EEE, CTRL |
| Calibration | SUPPORT | DET, DA, CAL, CTRL |
| Cameras | SUPPORT | DET, DA, CAL, CTRL |
| DAQ | SUPPORT | ITDM, CTRL |
| Data Analysis | SUPPORT | DA, CTRL |
| Detectors | SUPPORT | DET, CTRL |
| Lasers | SUPPORT | LAS, EEE, CTRL |
| Photon Diagnostics | SUPPORT | XPD, CTRL |
| Timing | SUPPORT | EEE, CTRL |
| Vacuum | SUPPORT | VAC, CTRL |
| X-ray operations | ALL? | XO, CTRL |
Team Administration¶
For each team at least one priviledged user exists, who can administer the team through the ctrend.xfel.eu interface. Specifically, this user can add new members to the team. Usually, the priviledged users will be the same for both the view-only and editor teams of a given folder.
Note
Staff wishing to view the content of a folder should contact these priviledged users to be granted access.
Please see the table below, for who administers which folder.
| Folder | View-only team | Editor team |
|---|---|---|
| FXE | ||
| SPB | ||
| MID | ||
| HED | ||
| SCS | ||
| SQS | ||
| SASE1 | ||
| SASE2 | ||
| SASE3 | ||
| Beckhoff |
|
|
| Calibration | ||
| Cameras |
|
|
| DAQ | ||
| Data Analysis | ||
| Detectors | ||
| Lasers | ||
| Photon Diagnostics | ||
| Timing |
|
|
| Vacuum | ||
| Xray-Operations | ||
If you are a priviledged user see Administering a Team for how to add users to a team.
Support Group Teams¶
Staff from the DATA and instrumentation department groups will be placed into teams named after their groups. These teams are administratored by priviledged users from the group and should only contain members from the group. These teams will be authorized to minimally view, and in case of need, edit all folders, such as to provide efficient support.