Stage Protection

With the release of dCache 1.9.9, stage protection has been enhanced to allow authorization specific to a dCache storage group. The additional configuration parameter is optional allowing the stage protection to be backwards compatible when stage authorization is not specific to a storage group.

The file name of the white-list must still be configured by setting the stageConfigurationFilePath parameter. Authorization lines are processed as a set of regular expressions, each one corresponding to DN, FQAN, and storage group. FQAN and storage group are optional.

The white-list records are written in the following format:
”<DN>” [”<FQAN>” [”<StorageGroup>”]]

Below there are some examples of the white-list records:

#Allow all ATLAS users who have the role 'production' to stage files 
#located in the storage group 'h1:raw@osm'  
".*" "/atlas/Role=production" "h1:raw@osm"

#Allow the specified user to stage files 
#located in the storage group 'sql:chimera@osm'  
"/C=DE/O=DESY/CN=Kermit the frog" ".*" "sql:chimera@osm"

#Allow all DCAP users to stage files
"" ""

#Allow all DCAP users to stage files located in the storage group 'h1:raw@osm'
"" "" "h1:raw@osm"