From 1fc54d0d36428ed6c84ac0d0dd00d7aff6bd620f Mon Sep 17 00:00:00 2001
From: vokac <vokac@users.noreply.github.com>
Date: Mon, 25 Dec 2023 12:05:11 +0100
Subject: [PATCH] StoRM ATLAS token config example

StoRM developers provided token configuration example that should cover needs of ATLAS sites with common ATLASDATADISK and ATLASSCRATCHDISK.
---
 .../configuration/storm.md                    | 75 ++++++++++++++++++-
 1 file changed, 74 insertions(+), 1 deletion(-)

diff --git a/docs/token-based-authorization/configuration/storm.md b/docs/token-based-authorization/configuration/storm.md
index c0ab5cc..3c142a8 100644
--- a/docs/token-based-authorization/configuration/storm.md
+++ b/docs/token-based-authorization/configuration/storm.md
@@ -138,7 +138,80 @@ documentation][storm-webdav-tpc-doc].
 
 ### ATLAS
 
-> TODO: insert example here
+StoRM WebDAV configuration for the one and unique disk storage area “atlas” is
+* /etc/storm/webdav/sa.d/atlas.properties
+```
+# The contents of this file was generated by Puppet
+name=atlas
+rootPath=/storage/gpfs_atlas/atlas
+filesystemType=posix
+accessPoints=/atlas
+vos=
+orgs=https://atlas-auth.web.cern.ch/
+authenticatedReadEnabled=false
+anonymousReadEnabled=false
+voMapEnabled=false
+voMapGrantsWritePermission=false
+orgsGrantReadPermission=false
+orgsGrantWritePermission=false
+wlcgScopeAuthzEnabled=true
+fineGrainedAuthzEnabled=true
+```
+* /etc/storm/webdav/config/application.yml
+```
+oauth:
+  enable-oidc: true  
+  issuers:
+    - name: atlas
+      issuer: https://atlas-auth.web.cern.ch/
+
+storm:
+  authz:
+    policies:
+    - sa: atlas
+      description: Grant all access to atlas prod VOMS group members for /atlas/atlasdatadisk and its subfolders
+      actions:
+        - all
+      paths:
+        - /atlasdatadisk/**
+      effect: permit
+      principals:  
+        - type: fqan
+          params:
+            fqan: /atlas/Role=production/Capability=NULL
+    - sa: atlas
+      description: Grant only read and list access to atlas VOMS group members for /atlas/atlasdatadisk and its subfolders
+      actions:
+        - read
+        - list
+      paths:
+        - /atlasdatadisk/**
+      effect: permit
+      principals:
+        - type: vo
+          params:
+            vo: atlas
+    - sa: atlas
+      description: Grant all access to atlas VOMS group members for /atlas/atlasscratchdisk and its subfolders
+      actions:
+        - all
+      paths:
+        - /atlasscratchdisk/**
+      effect: permit
+      principals:  
+        - type: vo
+          params:
+            vo: atlas
+    - sa: atlas
+      description: Deny VO access to the access point
+      actions:
+        - all
+      effect: deny
+      principals:
+        - type: vo
+          params:
+            vo: atlas
+```
 
 [storm-webdav]: http://italiangrid.github.io/storm/release-notes/storm-webdav/1.2.1/
 [storm-webdav-tpc-doc]: https://github.com/italiangrid/storm-webdav/blob/master/doc/tpc.md