Using Quotas Independently of Internal Security

Using CA AppLogic › Grid Administration Guide › Quotas › How to Use Quotas › Using Quotas Independently of Internal Security

Using Quotas Independently of Internal Security

Quotas can be used independently of CA AppLogic security settings for users and groups.

A large company might have different security groups for user groups and locations that share the same grid. The company needs to independently enforce grid resource quotas for different group members, regardless of which security group they are in.

For example, fictional company Forward, Inc. has offices in Aliso Viejo, CA, New York, NY, and other locations around the world. Members of a small development group physically located in Aliso Viejo, CA are assigned the group name: AV-Dev. They need access to relatively small amounts of grid resources for local development projects. A second group located in New York, Labs On Demand is assigned the group name: NY-LoD. They require greater access to resources and larger quotas because group members are responsible for hosting grid resources for other groups across the company. Members of a third group, QA testers in Aliso Viejo, CA are assigned the group name: AV-QA. They need the same quotas as the NY-LoD group, even though they are not members of that security group.

Physical Offices	Quota Groups	Quota Relationships
Aliso Viejo, CA Office AppLogic Security Group: AlisoViejo Child Group: AV-DEV User - John	for AV-DEV: AlisoViejo for AV-QA: NY-LoD	Parent: AlisoViejo Affected user: John
Child Group:AV-QA User - Linda		Parent: NY-LoD Affected user: Linda
New York, NY Labs on Demand Office AppLogic Security Group: NY-LoD

The operator needs to configure security groups and quotas on this grid to accommodate the needs of members of all three groups as described in the following procedure.

Follow these steps:

Open the grid shell from the GUI.

Create a security group named AlisoViejo with two child groups as members, AV‑Dev and AV‑QA:

group create AlisoViejo
group create AV-DEV
group create AV-QA
group modify AlisoViejo +local:group:AV-DEV
group modify AlisoViejo +local:group:AV-QA

Create users John and Linda, and add a quota for each:

create user John pwd=123456 group=AV-DEV
create user Linda pwd=123456 group=AV-QA
quota put John description=”No Limits for John”
quota put Linda description=”No Limits for Linda”

Create another parent security group named NY-LoD:
```
group create NY-LoD
```
Configure group AV-Dev to have a parent quota of AlisoViejo, and AV-QA to have a parent quota of LoD:
```
quota put AV-DEV parent=AlisoViejo
quota put AV-QA parent=NY-LoD
```

Create quota entries:

quota put AlisoViejo cpu=10 mem=50G disk=200G description=”Quota for AV group”
quota put NY-LoD cpu=20 mem=0.5T disk=1T description=“Quota for NY-LoD group”

Use the quota list command to show groups AV-DEV and AV-QA, their respective members John and Linda, and the intersection with the quota hierarchy (group AV-Dev has no specific quota assigned, but has a parent quota set to AlisoViejo, with specific resource limits, and group AV-QA with its quota parent NY-LoD):

quota list

Principal      Warn / Burst     CPU     MEM           BW          DISK      Description
---------------------------------------------------------------------------------------
AlisoViejo        - / -       10.00   50.00 GB         -      200.00 GB   Quota for AV group
  \_ AV-DEV       - / -           -       -            -           -
      \_ John     - / -           -       -            -           -      No Limits for John
NY-LoD            - / -       20.00  512.00 GB         -        1.00 TB   Quota for NY-LoD group
  \_ AV-QA        - / -           -       -            -           -
      \_ Linda    - / -           -       -            -           -      No Limits for Linda

To view the different security group hierarchies, execute the following CLI commands:
```
group info AlisoViejo
group info NY-LoD
```