Personal tools
You are here: Home GRIA Documentation Documentation 5.1 Reference Manuals OGSA-DAI User Guide Overview Deployment Scenarios
 

2.2. Deployment Scenarios

Up one level
Details the different ways that the GRIA OGSA-DAi Service can be used to manage databases

Deployment Scenarios

Introduction

The GRIA OGSA-DAI service was created with two main use cases in mind:

  1. The service provides users with access to existing data in existing databases.
  2. The service lets users create and access their own databases.

In both these cases, GRIA's access-control and service-level-agreement technologies can be used to create policies controlling which users are allowed access to resources, how many resources they can create/access, and how they will be charged for their use of the service.

The steps taken to implement each of these cases are briefly described below.

Providing Access to Existing Databases

By default, the GRIA OGSA-DAI service can connect to any JDBC database. It is possible to extend the service to connect it to other database back-ends. For further information see the service developers' guide.

  1. The service provider decides which databases he wants to make available. He does this by choosing Connect existing data resource, either in the web-based administration interface or one of the client interfaces, and entering the relevant information (such as a JDBC URL).
  2. The service provider then chooses which existing database usernames and passwords should be exposed in the service. Any number of these database roles can be created to provide different levels of access to different users (e.g. read-only or read-write).
  3. After the roles have been created, the service provider uses GRIA's access control functionality to enter rules which determine who can subscribe to each database role. This is done either in the web-based administration interface or one of the client interfaces.
  4. At this point, users that have been given access to a role will be able to see it in the list of resources returned from the GRIA service. They can use one of the client interfaces to subscribe to the database role and obtain a database subscription.
  5. The user can now run queries on this database subscription using either the GRIA Client using the OGSA-DAI plugin or by using the OGSA-DAI Client API.

Allowing Users to Create Databases

By default, the GRIA OGSA-DAI service can create new databases on MySQL and PostgreSQL. It is possible to extend the service to make it able to create databases on other JDBC resources or other arbitrary database systems. For further information see the service developers' guide.

  1. The service provider uses the web-based administration interface to choose which database server will be used for new databases.
  2. The service provider then uses GRIA's access control tools to specify which users are allowed to create databases. This must also be done using the web-based administration interface.
  3. Users that have been given permission to do so can then create databases using one of the client interfaces. When doing so, the default behaviour is for three database roles to be created automatically for them:
    • An administrative role (DAA) that can create and remove tables.
    • A read/write role (DAU_RW) that can modify data in existing tables.
    • A read only role (DAU_RO) that can only read from existing tables.
  4. The user can now specify which other users can subscribe to his database. If desired, he can give different users access to the different roles above in order to restrict their ability to modify the data in the database.
Next: GRIA OGSA-DAI Service Previous: Architecture