Common User Group Naming
BC Project: FY11-03
Date of Policy: 17 Oct 2011
Last Updated: 22 Aug 2019 (see Revision Log)
This policy defines user group naming conventions and how groups are assigned to all user accounts on all allocated systems at each center. Cross-center file sharing requires that users' group names be common across the storage systems. All centers are required to adopt a common naming convention for user group names. User-defined groups with user-defined names will still be allowed as long as the user-defined group names do not conflict with other group names used on the program.
Group membership on a system allows multiple users to be categorized into groups. Every user of a system is in at least one group, and may be in multiple groups. By being in a group, the user may have access to files, directories, and executables, if the correct permissions are set.
Using group names that correspond to the user's Subproject ID will allow users to easily share data with other members of their subproject. The full 13-character Subproject ID is described in detail in in BC policy FY10-03 (Consistency in the Number of Characters in a Project Identifier).
On some operating systems, the number of characters allowed for group names is limited to 8. In such cases, subprojects are uniquely identified by using the last 8 characters of the 13-character Subproject ID. The Subproject ID is formed by concatenating Computational Project Number (CPN), Computational Technology Area (CTA), and Allocation Request Number (ARN) in that order.
It is a common practice to avoid group names containing only numbers because an all numeric group name may be confused with the group UID. To adhere to this practice, the CTA number will be mapped to a letter for the purposes of creating well-formed and unique group names for HPCMP subprojects. The CTA mappings are outlined in the table below.
The portal to the Information Environment (pIE) manages groups for users and will create the 8-character group name if that subproject exists at the center. pIE will assign users to the group if they are assigned to the subproject.
Existing users will retain their existing default group and may request at any time to have their default group changed to their preferred subproject-based group or another group where they are a member. New users will be assigned to the subproject-based group as their default and may request to have their default changed to another group provided they are an approved group member. Users may also request the creation of new groups. The requested group names must not conflict with existing group names, must be 8 or fewer alphanumeric characters, and must have at least one non numeric character. User-requested groups will be created and tracked in pIE and will be owned and managed by the requesting user. An alternate user can be assigned as a group co-owner if desired.
A restricted group is one where the owner has asked to strictly control the membership of the group. Export control groups are examples of restricted groups.
DSRCs are to accept group change data from pIE and make the required changes to groups on the HPC systems.
|22 Aug 2019||Removed unnecessary example sentence about group membership from policy.|
|03 May 2018||BC Team Audit - Added Data and Decision Analytics (DDA) to CTA table mapping|
|16 Jun 2016||BC Team Audit - Removed reference to HEUE. Added limit on restricted groups|
|20 Aug 2014||Replaced CTA Computational Electronics and Nanoelectronics (CEN) by Electronics, Networking and Systems/C4I (ENS)|
|15 May 2014||BC Team Audit - Restrictions imposed on the creation of a user group name|
|25 Apr 2012||BC Team Audit|