Il 19/08/20 08:17, Loris Bennett ha scritto: > I'd be interested in the removal part. This seems to me to be the > trickiest bit, not so much technically, but from a policy point of view. We use Active Directory, so I created a script that iterates all the cluster-related AD groups and generates a sacttmgr script in TEMPFILE once a day. Then calls echo yy | sacctmgr load $TMPFILE clean
The policy is handled at AD level: some users are authorized to manage the authorization group and the authorization group is member of the allowed users group. -- Diego Zuccato DIFA - Dip. di Fisica e Astronomia Servizi Informatici Alma Mater Studiorum - Università di Bologna V.le Berti-Pichat 6/2 - 40127 Bologna - Italy tel.: +39 051 20 95786
