2.2) Account Authorization and Roles

Your User Profile

Once you have logged in for the first time to the AERPAW Portal, you can view and partially edit the Profile information that AERPAW saves for you.  Indeed at this stage, this is the only action you can take on the Portal.

Click the "Profile" item on the Navigation Bar to get started.

You should see your profile information displayed in the next screen:

Editing Basic Profile Information

Your Username and Email are maintained by the AERPAW system, and you cannot change them.  However, you can choose to edit the name displayed for you in lists to a more human-friendly name, if you wish, in the Display Name entry field.

At this time, you have a User ID registered with AERPAW, and can log into the AERPAW Portal, but you can only view public information through it, and not undertake any other actions needed to use the AERPAW Facility.  In order to do so, you must obtain at least the Experimenter (and optionally the PI) Role (as explained previously in Section 2.1).  Before you can obtain Roles, you must declare your Employer/Organization and Position/Title in your Profile, and save it.  In addition, we would appreciate it if you can provide some short description of your Field of Research, and the general nature of research experiments that you envision performing in AERPAW.

(Please enter meaningful values in all these fields.  Meaningless or confusing content in any of these fields will likely cause approval of your Role requests, or Experiment session requests, to be delayed or withheld.)

You can save all your edits by clicking the "update profile" button:

Adding ssh Login Credentials to your Profile

While access to the AERPAW Portal is controlled by CILogon authentication, access to the AERPAW Virtual Environment is by ssh, as mentioned previously in Section 1.8 .   The ssh access is protected by a public-private key pair.  This screen is also where you can provide a public key to AERPAW.  Each such public key is called a "Credential".  When AVNs are created for you in the AERPAW Virtual Environment, the credentials you have saved are automatically installed into each such AVN.  This allows you to securely ssh into each such AVN from your own work computer (on which the corresponding private key should be stored).  A basic tutorial on using public-private keys can be found here: https://kb.iu.edu/d/aews .

You can upload more than one public key into your Profile, but to avoid confusion we recommend storing only one.  Your Profile screen displays all the credentials you have stored (or "No Credentials" if you have none stored at this time).

Note: If you change your credentials AFTER you have started an Experiment Development session in the Virtual Environment, the AVNs already created will NOT be updated to reflect the updated credentials (as also noted previously in Section 1.8).

You can either produce your own key pair and upload the public key of the pair to the Portal (preferred method), or the AERPAW Portal can produce a key pair for you.  To start on either process, click the appropriate button on the Profile screen:

Uploading your own Public Key

Ideally, you would generate your own public-private key-pair on your own work computer, and upload the public key to the Portal using the Profile screen.  (For help with producing such a key pair, see various resources around the web, such as this page provided by the SSH Academy.)

To upload the public key you have generated, click the "add your own" button on the Profile screen.  You should get a screen with two entry fields:

Enter a Name that will be easy for you to refer to the key with, and enter the Public Key exactly as generated (typically it is easy to copy-and-paste it from the application you used to generate the key):

Note: Please make sure to copy-and-paste exactly the public key, and nothing else, into the Portal.  Also, please make sure to use a text editor for this operation (not a word processor that might add invisible text styling data inbetween the characters of the key).

CAUTION: Do not upload your private key into the AERPAW Portal!  Ideally, your private key should never be copied anywhere except your work computer where it was produced and where it will be used.

Click the "Save" button to save your credential.

Generating Credentials using the AERPAW Portal

You can also use the AERPAW Portal itself to generate a public-private key pair for you, if this is more convenient to you than using the ssh-keygen or a similar application.  This is less desirable, because in this case the private key is first generated on the AERPAW Portal, and you have to download it to your work computer.  To maintain as much privacy of the private key as possible, the AERPAW Portal simply displays the private key immediately after generation, and once you leave that screen, and does not keep a copy.  You must copy/download the private key - if you do not, it is forever lost, and the corresponding public key (stored by AERPAW) cannot be utilized.

To follow this method, click the "generate" button on the Profile screen, enter a meaningful Name, and click "Save" :

You will receive a screen with both the private and the public key, each of which can be downloaded by using the appropriate button:

You must download at least the private key to your work computer (we suggest downloading both).  AERPAW will save the public key, but will not save the private key.

Managing Your Credentials

Your Profile screen lists all the credentials you have uploaded, together with a date of expiry for each.  You can also delete any of the credentials you choose to:

Requesting Roles

The Profile screen is also where you can request to become and Experimenter, and subsequently (optionally) a PI.  At any time, the Profile screen displays all your current Roles; just after registration it shows as "No Roles Found".

The process of requesting and receiving additional Roles is mediated by AERPAW Operations personnel, who may need to reach out to consult you or others by email, to check your affiliation, or for other reasons.  So, these processes are not instantaneous, but may take hours or even a day or two.   These delays are unavoidable to ensure responsible operation of the platform.  Fortunately, you only have to undertake each of these actions only a single time.

Requesting Experimenter Role

You cannot participate in any Project (and therefore any Experiment) in any way without at least having an Experimenter Role.  Also, a PI Role can be requested only by Users who already have the Experimenter Role.  Therefore, the first thing is to request this role.

We strongly suggest you take a few minutes at this point to read the AERPAW Acceptable Use Policy.  By requesting an Experimenter Role, you are certifying that you have read the AUP, and agree to abide by it.  You may click the blue button to directly navigate to the AUP, which is found in Section 2.5 of this User Manual.

Then, click the "request Experimenter role" button:

The screen will refresh itself to show the pending request; the "request Experimenter role" button will disappear:

Note: This refresh takes a few seconds.  Please do NOT click the button multiple times in the time it takes the screen to refresh.  It generates multiple requests, and actually delays the process of approval of your request.

At this time, the request is pending with AERPAW Operations, and it is best for you to logout of the Portal, and come back after you have received email notification that your request has been approved.

(If you receive email notification that your request has been denied, you may get in touch with AERPAW Ops to understand why.)

When you log in again, you will notice that the Navigation Bar includes some extra items:

Navigating to the Profile screen will show you your new Role assignment:

Requesting PI Role

If you are the financially responsible leader of your research group, you will want to request the PI Role at this time.  The process is very similar to requesting the Experimenter Role.

Once you have been approved for the Experimenter Role, a new button "request PI role" becomes available (see preceding figure).  Click this button to request the PI role.  As before, please do NOT click this button multiple times in quick succession.

The screen will refresh itself to show the pending request; the "request PI role" button will disappear:


At this time, the request is pending with AERPAW Operations, and it is best for you to logout of the Portal, and come back after you have received email notification that your request has been approved.

(If you receive email notification that your request has been denied, you may get in touch with AERPAW Ops to understand why.)

When you log in again, and navigate to the Profile screen, it will show you your new Role assignment:

Viewing Your Messages and Pending Requests

Messages flow back and forth between you and AERPAW Ops as a result of your Portal actions.  Many of these messages also become email messages, to enable asynchronous alerts - both for you, and for AERPAW Ops.

The bottom part of the Profile screen provides you a section to view any messages (that you have not yet read).  The messages section also provides a button to navigate to another screen where all messages (read and unread) are listed; on this screen you can open any message to read it, and also delete individual messages.  There is also a part of the screen that allows you to view any Role request made by you that is currently pending.

An example of the Profile screen is show below; this is what the screen would appear to an User who has requested a PI Role but the request is still pending (neither approved nor declined):