Guide: Entitlement & Eligibility: Difference between revisions

➡️ Back to the FAQ for Registration & Entitlements.

➡️ To the Enterprise Resource Planning.

Entitlements in bwCloud-OS define who can access the platform (Conditions of Use) and how many resources they may use and under what conditions (Eligibility).

• Entitlements are strings assigned to a user carrying information about his/her privileges.
• Every quota entitlements (which can be considered a "package") contains an eligibility data. After "unpacking", the bwCloud-OS works only with the eligibility. This is kind of a "protocol" to communicate with the Enterprise Resource Planning (ERP).
• Every user owns at least the empty eligibility.
• Every project needs to be linked with an eligibility.
• Eligibilities are used in the charging process.

Every member of a higher education institution in Baden-Württemberg has a personal account. If the institution participates in the federated identity management system (bwIDM), its members can also apply for the external service bwCloud-OS, by providing additional information. This is handled through the assignment of eduPersonEntitlement to the user's account.

All entitlements are issued and managed by the user’s home institution and play a central role in how the platform is used and funded. These decisions are made exclusively by the user's home institution. The bwCloud-OS team has no authority to grant access or resources without an official entitlement.

The institutions are sending two types of entitlements to the bwCloud-OS, quota and access entitlements. Often the term 'entitlement' refers only to the quota entitlements.

A quota entitlement consists of two parts, the namespace and the identifier (eligibility):

urn:geant:dfn.de:bwidm:bwcloud-os:group:ELIGIBILITY_DATA

bzw.

urn:geant:dfn.de:bwidm:bwcloud-os:group:<quota_flavor>:<cost_center>[:<first_day_of_validation|null>:<last_day_of_validation|null>:<max_booking_units|null>]

The following structure for a eligibiltiy may be used to provide further information and define constraints for the quota flavor:

<quota_flavor>:<cost_center>[:CONSTRAINTS]

respectively

<quota_flavor>:<cost_center>[:<first_day_of_validation|null>:<last_day_of_validation|null>:<max_booking_units|null>]

Further explenation is provided in the next sections.

There is also a special entitlement access, which determines whether a user is allowed to access the bwCloud-OS at all. On the level of the bwIDM is this entitlement necessary to register for the bwCloud-OS.

urn:geant:dfn.de:bwidm:bwcloud-os:access

Every project is associated with an eligibility, making sure the project is chargeable.

• An eligibility is a unique combination of owner, quota flavor, and cost center.
• An eligibility can be assigned to a maximum of one project. The Eligibility-Project-Mapping is a 1:{0..1}-Mapping. The eligibility-project association is therefore unique.
• A limit value for BEH and validation dates may be set to restrict the duration of an eligibility.
• The eligibility owner is dedicated to the home organization named in http://bwidm.de/bwidmOrgId, not by pattern in the cost center.

The user holding the eligibility, e.g., the account carrying the related entitlement, owns the eligibility.

The given quota flavor name refers to the quota flavor that specifies the maximum resources a project may receive.

• A user can have several quota flavors.
• A quota flavor can be specified many times by using different cost centers. Each additional eligibility can be used for another project.

The given quota flavor name must be within the list of support project quota flavors.

Each user owns this eligibility. This is set for each user within the bwCloud-OS environment and can't be removed from a user. An empty quota entitlement does not exist and can't be given explicitly. Furthermore, this eligibility, and only this, can be used for multiple projects. A project associated with this eligibility has no quota granted and therefore cannot generate costs. The eligibility looks exactly like this:

{'quota_flavor': 'empty', 'cost_center': 'bwcos_erp_fallback', 'first_day_of_validation': null, 'last_day_of_validation': null, 'max_booking_units': null}

The quota flavor associated with this eligibility represents not a fixed set of resources. Further more, the owner of this eligibility is allowed to request via ticket an arbitrarily large and individual combination of resources. The entitlement associated with this eligibility looks similar to this

urn:geant:dfn.de:bwidm:bwcloud-os:group:custom:<cost_center>

Cost centers are used to allocate BEH generated within projects. This string does not need to be agreed upon with us and does not need to have any meaning outside the institution.

• A cost center (id) can be assigned to multiple eligibilities and users.
• BEH are aggregated per cost center across all projects assigned to the cost center.
• The assignment of cost centers enables customers to pass on costs (internally).

For a cost center, only the symbols [a-zA-Z0-9-_] and a maximal length of 50 characters are allowed.

Specific day in the yyyy-mm-dd format that allows the institute to limit the validation window to begin for the eligibility. If the date is not given or null, the eligibility is valid from the current day on.

Specific day in the yyyy-mm-dd format that allows the institute to limit the validation window end for the eligibility. If the date is not given or null, the eligibility is forever valid.

Integer, that defines the maximum number of BEH that can be generated by the associated project. If the number is not given or null, the default behavior is: Eligibility is forever valid. The number of booking units must be at least 2000.

We provide a ERP-API that can be used for validating syntax and checking the interpretation of an entitlement and an eligibility.

Granting a user a request quota for a project up to the medium flavor. All generated booking units will be charged under the bill position 42. Since the constraints section is not defined, the default values are applied.

urn:geant:dfn.de:bwidm:bwcloud-os:group:medium_1:42

Interpreted as eligibility:

quota_flavor = medium_1
cost_center = 42
first_day_of_validation = {{today}}
last_day_of_validation = inf
max_booking_units = inf

owner = {{user.eppn}}
customer = {{user.home_organization}}

Allow a user to request a quota for a large project, but this is terminated up to the end of 2026 and can maximally produce 5000 BEH. The booking units for all projects with the cost center student will be charged under the same bill position.

urn:geant:dfn.de:bwidm:bwcloud-os:group:large_1:student:null:2026-12-31:5000

Interpreted as eligibility:

quota_flavor = large_1
cost_center = student
first_day_of_validation = {{today}}
last_day_of_validation = 31.12.2026
max_booking_units = 5000

owner = {{user.eppn}}
customer = {{user.home_organization}}

A xtiny project can be requested. The consumed booking units will aggregate under the position for the informatics faculty and can be used from February 2026 on for one year. Costs are allocated to cost center hfu_netze2.

urn:geant:dfn.de:bwidm:bwcloud-os:group:xtiny_1:hfu_netze2:2026-02-01:2027-01-31:null

Interpreted as eligibility:

quota_flavor = xtiny_1
cost_center = hfu_netze2
first_day_of_validation = 01.02.2026
last_day_of_validation = 31.01.2027
max_booking_units = inf

owner = {{user.eppn}}
customer = {{user.home_organization}}

A user with this entitlement will book the costs on the cost center ufr_technical_faculty and must stop when the project consumes 1000000 BEH.

urn:geant:dfn.de:bwidm:bwcloud-os:group:xmedium_1:ufr_technical_faculty:null:null:1000000

Interpreted as eligibility:

quota_flavor = large_1
cost_center = ufr_technical_faculty
first_day_of_validation = {{today}}
last_day_of_validation = inf
max_booking_units = 1000000

owner = {{user.eppn}}
customer = {{user.home_organization}}