ICALEPCS 2009
TUP020
Role Based Access Control in the LHC : The RBAC Project - First Deployment in LHC Operation
I.Yastrebov, M.Sobczak, P.Charrue*, W.Sliwinski (CERN) A.D.Petrov, E.S.M.McCrory, S.R.Gysin (Fermilab)
Operating the LHC, its high energy stored in the magnets and the multitude of devices settings demand a strict control on who can do what. A Role Based Access infrastructure has been designed and deployed for the LHC. A simple identification based on username/password is translated into an operational role by the RBAC server and this role is then transmitted and checked on the device level to grant or deny access. The RBAC infrastructure has been commissioned in the summer 2008 and used in operation for the first time for the first LHC beams. This presentation will describe the RBAC architecture, its technical choices and its operational deployment. The outcome of the first deployment in LHC operation will be presented, together with the future plans.