Add new user class/role with permissions between Full Admin and Unauthorized User.

[williamnswanson]

Pelican Service:

• Client
• Plugin
• Registry
• Director
• Origin
• Cache
• Other (please give the detail)

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

We would like to give some users more control over the pelican components that they administer, but without needing to give them complete Administrator access to the central services.

Describe the solution you'd like
A clear and concise description of what you want to happen.

Add a new class of users that can modify certain caches/origins (possibly different for each user) in order to set component downtimes, change public keys, change hostnames and ports, without being a full Admin (which can approve registrations, change Director + Registry config, ect).

[CannonLock]

@williamnswanson How helpful is it if I give admins a field that allows this to be set using the users CIlogon User Identifier?

For instance?

http://cilogon.org/serverA/users/46022246

[CannonLock]

Poking through the code this more generally the sub.

[williamnswanson]

Yes, that would be helpful. Could this allow for giving multiple users this access to any given cache/origin and also have a mechanism for setting federation / registry wide default "special user"s?

[CannonLock]

I will have to pull those into different tickets.

You are looking to create a group of users that can be assigned to a set of origins/caches/namespaces?

[williamnswanson]

Having a (Groups of Users) -> (Groups of non-central Components) mapping would be nice, but even just having a (Single Group of Users) -> (All non-central Components) mapping would be the most immediately useful.

[github-actions]

This issue is stale because it has been open for 60 days with no activity.