Clarify access rights of the project directory #320
Conversation
Clarify that data in the project directory belongs to the project, and can always be accessed and modified by the PIs and those delegated by him.
|
preview available: https://docs.tds.cscs.ch/320 |
| * The applicant is not permitted to give any other person (project member or otherwise), organization or representative of any organization access to CSCS facilities explicitly or implicitly, through negligence or carelessness. Revealing of passwords or identification protocols through verbal, written or electronic means is strictly prohibited. Any such activity is considered a breach of CSCS security, the contract between the applicant and CSCS at the moment the Account Application Form is submitted and approved, and the established contracts between CSCS and its computer vendors. Should such activity occur, the applicant will be immediately barred from all present and future use of CSCS facilities and is fully liable for all consequences arising from the infraction. | ||
| * Any indication of usage or requests for runs which give rise to serious suspicion will be further investigated and escalated to the appropriate authorities if necessary. | ||
| * Access to and use of data of other accounts on CSCS systems without prior consent from the principal investigator to which project the user account pertains is strictly prohibited. The terms and conditions for use of data from other accounts must be directly agreed to by the data owner. | ||
| * All data stored in a project directory belongs to the project, and thus can be read, written, modified, or deleted by the project’s Principal Investigators (PIs) or whoever they delegate. Copying data into a project directory automatically and irrevocably grants these privileges. Data stored in personal home directories does not automatically grant such access rights. |
There was a problem hiding this comment.
Just checking, is it really only PIs (and delegated members) that have access to all data in the project directory or is it all project members?
There was a problem hiding this comment.
By default every member of the group has access, but the point here is to clarify that even if one sets unix permissions in such a way that the group cannot see some directory the PI still has the right to look at that data or delete it. This is an issue for data of students that left in infra01, and normally by mistake did set incorrect permissions. We want to fix that, but we should do it in a way that does not open us to liability. If you have a better way to express this please share it. If you want to push back and say that we should not access, and for example we should only be able to delete it it would also be good to know.
In my mind the project directory belongs to the project, so this is sensible, in any case it should be checked by business, (and a legal I think).
There was a problem hiding this comment.
Thanks. I was only checking because I was surprised by this behaviour, but if it's like this then of course it should documented as it is. I won't comment on the business decision.
2 participants
Clarify that data in the project directory belongs to the project, and can always be accessed and modified by the PIs and those delegated by him.
Maybe it could be simplified to
--
This can be merged after vetting by someone from RIDEV/Business