Rutgers University: NBCS - RATS Documentation

RATS: Restricting Access to Automated Account Creation

RATS has several way in which to restrict access to automated account creation. The Criteria you can choose to match on are as follows:
ROLE/HERD - for an explanation, see the care and feeding of herds as the meaning and use of this is a fairly large topic.
CAMPUS - This is for students only at this time, but basicly you can restrict acces to students based on weather they are in a school on the New Brunswick (NB), Newark (NK), or Camden (CM) campus.
ROSTER - This is also for students only. Currently this is based off of the 5-digit code used in the TTRS system that can be foundin the schedule of classes.
MAJOR - This too is for students only, and is the three digit code found in the schedule of classes.
WEB DISPLAY- Of course, as you will see in other parts of the documentation that there are account trypes you can configure that you never want people to have access to in an automated manner on the web. This lets you make an account profile unaccessible in that venue.
For all of the categories except web display, you can choose to restrict on that category based on the users data matching the SOME and ALL requirements for the account type. The easiest way to demonstrate what this means is to give you an example. For our example lets say that you want to let anyone in the university on your box, but it is based on weather they are interacting with your project and nothing else. This of course is not going to be stored in the pdb by default. In this case you want a herd. Lets say the herd is called MY_HERD. So in your account profile, you would have two arrays like:
ALL: MY_HERD
SOME : STUDENT,STAFF,FACULTY
This would indicate that they have to have one of the roles STUDENT, STAFF, or FACULTY, but they must be in the herd MY_HERD. Lets say you get a grant, and you can't have administrative staff working on your project. At the moment since you cant use an exclude you would make two account profiles. One with:
ALL: MY_HERD,STUDENT
SOME:
The other would have :
ALL:MY_HERD,FACULTY
SOME:
Those who qualify must have all the entries for that account type. Now If you extend this model you can see that you can do things like add a particular group of classes to the student account profile, so that only students participating in a class can qualify for access to your project machine. The same applies to major. After reading more about herds and roles, you will see that you can now permit a greater ammount of account creation to occur in an automated manner without having to hack specialized tools or significantly alter security on your machine.
The levels of control with web display are best explained by reading the appropriate section of the config file explanation.