1. Can we still connect to EXI through our MX proposal account?

Yes. Exi is not impacted by this change yet so you still log in Exi with your MX/IX/FX proposal credentials.

2. Opening port 22 in our firewall can take up to 6 weeks in my institute/company. What are the alternatives?

We have reactivated the port 5022 on dt.esrf.fr (and data-transfer.esrf.fr) for rsync and sftp transfer. You still need to use you individual account instead of the proposal account to transfer your data.

The best alternative is to use Globus to transfer your data. It takes 5 minutes to set it up, the graphical interface is user-friendly and the data transfer performs very well.

 

3. How should I handle the session’s A-form now to make sure the right person has access to our data?

As per the safety rules that have always been in place, anyone linked to a session, regardless of their role, must be declared on the session's A-Form.

For now, permissions on /data/visitor/[proposal name]/[beamline]/[session date] are based on both the A-Form member list and the proposal member list.

This means that:

  • A person who is Main Proposer or Co-proposer on a MX/IX/FX proposal can access data from all sessions under /data/visitor/[proposal name]/, whether or not she/he is on a session’s A-form.
  • A person who is neither Main proposer, neither Co-proposer but who is a declared as member on the session’s A-form 20220406 will have access to /data/visitor/[ proposal name]/[beamline]/20220406/ only.

4. Do only people registered on the session’s A-form have access to the session data?

As described in 3), no. If a person is the Main proposer of the proposal or declared in SMIS as Co-proposer on the proposal, she/he will have access to all session data of the proposal.

 

5. Now you have this new data access policy in place, should I inform my colleagues that they will not have access to the data of our last session because I was the only one registered on this session A-form?

 

No, no need to worry, previous permissions are kept in place.

 

6. I could log into the ESRF through SSH via the given command ssh -p 5022 [my account]@firewall.esrf.fr but I can’t access /data/visitor/. Is that a feature or a bug?

To reinforce the security, we no longer allow access to /data/visitor/ from the gate machine. This means that you can no longer access /data/visitor just after connecting to the ESRF through SSH.

To look at your data, please use remote.esrf.fr. We remind you that from within the ESRF network. generic proposal accounts remain fully usable.

 

7. I tried to SSH on dt.esrf.fr and data-transfer.esrf.fr but it doesn’t work. Is that normal?

 

Yes, only scp, rsync and sftp protocols are allowed on dt.esrf.fr and data-transfer.esrf.fr.