From ee8421b0158d0304037d68ef031f3fd2bcd60a61 Mon Sep 17 00:00:00 2001
From: Ryan Abernathey <ryan.abernathey@gmail.com>
Date: Thu, 7 Apr 2022 13:43:44 -0400
Subject: [PATCH 1/3] add users and roles policy

---
 book/_toc.yml                |  1 +
 book/policies/users_roles.md | 69 ++++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 book/policies/users_roles.md

diff --git a/book/_toc.yml b/book/_toc.yml
index 5f14fe5..87053ae 100644
--- a/book/_toc.yml
+++ b/book/_toc.yml
@@ -9,6 +9,7 @@ parts:
   - file: policies/code_policy
   - file: policies/data_policy
   - file: policies/infrastructure_policy
+  - file: policies/users_roles
 - caption: LEAP-Pangeo
   chapters:
   - file: leap-pangeo/architecture
diff --git a/book/policies/users_roles.md b/book/policies/users_roles.md
new file mode 100644
index 0000000..60acd9a
--- /dev/null
+++ b/book/policies/users_roles.md
@@ -0,0 +1,69 @@
+# Users and Tiers
+
+Access to the LEAP-Pangeo JupyterHub will be tiered based on roles in LEAP.
+Membership in a particular tier will be implemented via
+[GitHub Teams](https://docs.github.com/en/organizations/organizing-members-into-teams)
+in the [leap-stc](https://github.com/orgs/leap-stc/teams) GitHub organization.
+
+Here we define those roles and map them to GitHub teams.
+
+## Community Tier
+
+Any LEAP affiliate may access the community tier.
+
+Members of the Community Tier may access to `Small` and `Medium` JupyterHub servers
+in the LEAP-Pangeo JupyterHub.
+
+Membership in the Community Tier is granted by adding the user to the
+[`leap-pangeo-users`](https://github.com/orgs/leap-stc/teams/leap-pangeo-users)
+GitHub Team.
+(All subsequent teams are defined sub-teams of this team.)
+
+:::{note}
+The LEAP executive committee has not yet defined a process by which affiliate
+status is conferred and removed.
+This process should include adding / removing them from this GitHub Team.
+:::
+
+## Education Tier
+
+The education tier is intended for _termed access_ to LEAP-Pangeo resources associated
+with educational activities. Examples of educational activities include:
+
+- Semester-long LEAP-affiliated courses
+- Short bootcamps and hackathons
+
+Members of the Community Tier may access to `Small`, `Medium`, and `Large` JupyterHub servers
+in the LEAP-Pangeo JupyterHub.
+
+Membership in the Community Tier is granted by adding the user to the
+[`leap-pangeo-education`](https://github.com/orgs/leap-stc/teams/leap-pangeo-education)
+GitHub Team.
+Additional sub-teams may be created within this team to organize students into
+specific courses, bootcamps, etc.
+It is the instructor's responsibility to add / remove the user from this team.
+
+## Research Tier
+
+he education tier is intended for _long-term access_ to LEAP-Pangeo resources associated
+with research activities.
+Members of the Community Tier may access to `Small`, `Medium`, `Large`, and `Huge`
+JupyterHub servers. They also have the option to attach GPUs to their server.
+
+Membership in the Community Tier is granted by adding the user to the
+[`leap-pangeo-research`](https://github.com/orgs/leap-stc/teams/leap-pangeo-research)
+GitHub Team.
+Additional sub-teams may be created within this team to organize scientists into
+specific research projects.
+It it the PI's responsibility to add / remove users from this team.
+
+## Offboarding Process
+
+Users may also be transferred from e.g. the Education Tier to the Community Tier
+when their termed access ends.
+Removing a user from the corresponding team is sufficient to disable their access
+to those resources.
+Removing a user from the `leap-pangeo-users` group entirely will disable their access
+completely.
+An automated process will delete user data from the hub one month after a user
+is removed from the `leap-pangeo-users` group.

From f640d18657b343f042168de0875d82f9dc7c999a Mon Sep 17 00:00:00 2001
From: Ryan Abernathey <ryan.abernathey@gmail.com>
Date: Mon, 25 Apr 2022 11:29:08 -0400
Subject: [PATCH 2/3] revise users and roles

---
 book/policies/users_roles.md | 63 +++++++++++++++++++++++++++---------
 1 file changed, 48 insertions(+), 15 deletions(-)

diff --git a/book/policies/users_roles.md b/book/policies/users_roles.md
index 60acd9a..9e434dc 100644
--- a/book/policies/users_roles.md
+++ b/book/policies/users_roles.md
@@ -1,6 +1,6 @@
 # Users and Tiers
 
-Access to the LEAP-Pangeo JupyterHub will be tiered based on roles in LEAP.
+Access to the LEAP-Pangeo Hub will be tiered based on roles in LEAP.
 Membership in a particular tier will be implemented via
 [GitHub Teams](https://docs.github.com/en/organizations/organizing-members-into-teams)
 in the [leap-stc](https://github.com/orgs/leap-stc/teams) GitHub organization.
@@ -12,50 +12,83 @@ Here we define those roles and map them to GitHub teams.
 Any LEAP affiliate may access the community tier.
 
 Members of the Community Tier may access to `Small` and `Medium` JupyterHub servers
-in the LEAP-Pangeo JupyterHub.
+in the LEAP-Pangeo Hub.
 
 Membership in the Community Tier is granted by adding the user to the
-[`leap-pangeo-users`](https://github.com/orgs/leap-stc/teams/leap-pangeo-users)
+[`leap-pangeo-community`](https://github.com/orgs/leap-stc/teams/leap-pangeo-community)
 GitHub Team.
-(All subsequent teams are defined sub-teams of this team.)
 
 :::{note}
 The LEAP executive committee has not yet defined a process by which affiliate
 status is conferred and removed.
-This process should include adding / removing them from this GitHub Team.
+Once this is decided, we will provide instructions on how to add / remove affiliates.
 :::
 
 ## Education Tier
 
-The education tier is intended for _termed access_ to LEAP-Pangeo resources associated
+The education tier is intended for _termed access_ to LEAP-Pangeo Hub resources associated
 with educational activities. Examples of educational activities include:
 
 - Semester-long LEAP-affiliated courses
 - Short bootcamps and hackathons
 
 Members of the Community Tier may access to `Small`, `Medium`, and `Large` JupyterHub servers
-in the LEAP-Pangeo JupyterHub.
+in the LEAP-Pangeo Hub.
 
 Membership in the Community Tier is granted by adding the user to the
 [`leap-pangeo-education`](https://github.com/orgs/leap-stc/teams/leap-pangeo-education)
 GitHub Team.
-Additional sub-teams may be created within this team to organize students into
+Additional sub-teams will be created within this team to organize students into
 specific courses, bootcamps, etc.
-It is the instructor's responsibility to add / remove the user from this team.
+
+### Eligibility
+
+Course instructors who meet one of the following criteria are eligible to request
+access for their class (including self, co-instructor(s), TAs, students, evaluators, etc):
+- LEAP senior personnel or advanced research member
+- Full-time faculty at LEAP Institution (Columbia, NYU, UMN, UCI)
+- Full-time faculty who participated in a LEAP’s "train the trainer" workshop
+
+### Proposal Process
+
+Course instructors may propose to the LEAP-Pangeo Hub for their upcoming course by submitting
+a short proposal to the LEAP’s Convergence Subcommittee.
+Instructors are required to submit their proposal at least 30 days before the participants will require.
+The proposal should provide the following information.
+- Instructor's GitHub username
+- Basic information about the course (institution, department/program, student population, class size, course dates)
+- Basic information about the Instructor (name, affiliation, research interests)
+- Confirmation of available administrative support for using the LEAP-Pangeo Hub for the class (setting up user account, monitoring use, etc)
+- Anticipated usage level of LEAP-Pangeo Hub, including
+  - Number of user hours / week
+  - Types of virtual machines to be used (`Small`, `Medium`, or `Large`)
+
+<a href="link to form"><button type="button">Submit a Proposal</button></a>
+
+Once the proposal is approved, a LEAP administrator will create a GitHub sub-team
+within the [`leap-pangeo-education`](https://github.com/orgs/leap-stc/teams/leap-pangeo-education)
+team for the course and add the instructor as a "Maintainer".
+It is the instructor's responsibility to add the course's users to this team
+and remove them when the course has been concluded.
 
 ## Research Tier
 
-he education tier is intended for _long-term access_ to LEAP-Pangeo resources associated
+The education tier is intended for _long-term access_ to LEAP-Pangeo resources associated
 with research activities.
 Members of the Community Tier may access to `Small`, `Medium`, `Large`, and `Huge`
 JupyterHub servers. They also have the option to attach GPUs to their server.
+Membership in the Research tier corresponds to the
+[`leap-pangeo-research`](https://github.com/orgs/leap-stc/teams/leap-pangeo-research)
+GitHub team.
 
-Membership in the Community Tier is granted by adding the user to the
+### Eligibility
+
+Anyone participating in a LEAP-sponsored research project is eligible to participate
+in the Research Tier.
+A LEAP administrator will create a GitHub sub-team within the
 [`leap-pangeo-research`](https://github.com/orgs/leap-stc/teams/leap-pangeo-research)
-GitHub Team.
-Additional sub-teams may be created within this team to organize scientists into
-specific research projects.
-It it the PI's responsibility to add / remove users from this team.
+team for each research project and add the project PIs as "maintainer".
+It is the PIs' responsibility to add and remove members from their team.
 
 ## Offboarding Process
 

From a77bd9eb7f0af5d2a796881eab802e6fc5d8f73c Mon Sep 17 00:00:00 2001
From: Ryan Abernathey <ryan.abernathey@gmail.com>
Date: Mon, 9 May 2022 11:55:38 -0400
Subject: [PATCH 3/3] address all remaining suggestions

---
 book/policies/users_roles.md | 69 +++++++++++++++++++++++++-----------
 1 file changed, 49 insertions(+), 20 deletions(-)

diff --git a/book/policies/users_roles.md b/book/policies/users_roles.md
index 9e434dc..08ca2de 100644
--- a/book/policies/users_roles.md
+++ b/book/policies/users_roles.md
@@ -1,20 +1,28 @@
-# Users and Tiers
+# Users and Categories
 
-Access to the LEAP-Pangeo Hub will be tiered based on roles in LEAP.
-Membership in a particular tier will be implemented via
+**Version 1 - 2022-05-09**
+
+Access to the LEAP-Pangeo Hub will be categoryed based on roles in LEAP.
+Membership in a particular category will be implemented via
 [GitHub Teams](https://docs.github.com/en/organizations/organizing-members-into-teams)
 in the [leap-stc](https://github.com/orgs/leap-stc/teams) GitHub organization.
 
 Here we define those roles and map them to GitHub teams.
 
-## Community Tier
+## Code of Conduct
+
+All users of LEAP-Pangeo must abide by the LEAP Code of Conduct:
+
+- https://docs.google.com/document/d/1eE-aYrsf_k5Ep8GB-n8hmqM_LVW-U3uzYKHJBZMvYWU
 
-Any LEAP affiliate may access the community tier.
+## Community Category
 
-Members of the Community Tier may access to `Small` and `Medium` JupyterHub servers
+Any LEAP affiliate may access the community category.
+
+Members of the Community Category may access to `Small` and `Medium` JupyterHub servers
 in the LEAP-Pangeo Hub.
 
-Membership in the Community Tier is granted by adding the user to the
+Membership in the Community Category is granted by adding the user to the
 [`leap-pangeo-community`](https://github.com/orgs/leap-stc/teams/leap-pangeo-community)
 GitHub Team.
 
@@ -24,18 +32,18 @@ status is conferred and removed.
 Once this is decided, we will provide instructions on how to add / remove affiliates.
 :::
 
-## Education Tier
+## Education Category
 
-The education tier is intended for _termed access_ to LEAP-Pangeo Hub resources associated
+The education category is intended for _termed access_ to LEAP-Pangeo Hub resources associated
 with educational activities. Examples of educational activities include:
 
 - Semester-long LEAP-affiliated courses
 - Short bootcamps and hackathons
 
-Members of the Community Tier may access to `Small`, `Medium`, and `Large` JupyterHub servers
+Members of the Community Category may access to `Small`, `Medium`, and `Large` JupyterHub servers
 in the LEAP-Pangeo Hub.
 
-Membership in the Community Tier is granted by adding the user to the
+Membership in the Community Category is granted by adding the user to the
 [`leap-pangeo-education`](https://github.com/orgs/leap-stc/teams/leap-pangeo-education)
 GitHub Team.
 Additional sub-teams will be created within this team to organize students into
@@ -63,7 +71,9 @@ The proposal should provide the following information.
   - Number of user hours / week
   - Types of virtual machines to be used (`Small`, `Medium`, or `Large`)
 
-<a href="link to form"><button type="button">Submit a Proposal</button></a>
+<div class="d-flex justify-content-center m-4">
+  <a class="btn btn-outline-primary" href="https://docs.google.com/forms/d/e/1FAIpQLSfqpjgc3lJaTUmh52iO5_4siZPCz1Y6oRdxMEB50qAJrVg4Hg/viewform" role="button">Submit a Proposal</a>
+</div>
 
 Once the proposal is approved, a LEAP administrator will create a GitHub sub-team
 within the [`leap-pangeo-education`](https://github.com/orgs/leap-stc/teams/leap-pangeo-education)
@@ -71,28 +81,47 @@ team for the course and add the instructor as a "Maintainer".
 It is the instructor's responsibility to add the course's users to this team
 and remove them when the course has been concluded.
 
-## Research Tier
+## Research Category
 
-The education tier is intended for _long-term access_ to LEAP-Pangeo resources associated
+The education category is intended for _long-term access_ to LEAP-Pangeo resources associated
 with research activities.
-Members of the Community Tier may access to `Small`, `Medium`, `Large`, and `Huge`
-JupyterHub servers. They also have the option to attach GPUs to their server.
-Membership in the Research tier corresponds to the
-[`leap-pangeo-research`](https://github.com/orgs/leap-stc/teams/leap-pangeo-research)
+
+There are two levels to the Research Category:
+- **Entry-level**: involved in LEAP research and community, have access to computing resources and storage on LEAPangeo.
+Members of this Community Tier may access  `Large` JupyterHub servers
+Office Space. Admission based on paragraph sent to Office Space committee.
+Membership in the entry-level research category corresponds to the
+[`leap-pangeo-research-entry-level`](https://github.com/orgs/leap-stc/teams/leap-pangeo-research-entry-level)
+GitHub team.
+- **Advanced**: RFP or supported researcher, student, postdoc, invited to annual meeting, swipe access for LEAP.
+Members of this Community Tier may access `Large` and `Huge` JupyterHub servers, plus GPU access.
+Membership in the entry-level research category corresponds to the
+[`leap-pangeo-research-advanced`](https://github.com/orgs/leap-stc/teams/leap-pangeo-research-entry-level)
 GitHub team.
 
 ### Eligibility
 
 Anyone participating in a LEAP-sponsored research project is eligible to participate
-in the Research Tier.
+in the Research Category.
 A LEAP administrator will create a GitHub sub-team within the
 [`leap-pangeo-research`](https://github.com/orgs/leap-stc/teams/leap-pangeo-research)
 team for each research project and add the project PIs as "maintainer".
 It is the PIs' responsibility to add and remove members from their team.
 
+## Administrator and Developer Category
+
+The LEAP Director of Data and Computing may grant access to other participants for
+the purposes of technical development, debugging, and evaluation of the platform.
+
+## Termination of Access
+
+Users who violate usage policies will have their access suspended pending investigation.
+The LEAP Director of Data and Computing decides if a policy has been violated and
+may suspend or terminate access to LEAP-Pangeo at any time.
+
 ## Offboarding Process
 
-Users may also be transferred from e.g. the Education Tier to the Community Tier
+Users may also be transferred from e.g. the Education Category to the Community Category
 when their termed access ends.
 Removing a user from the corresponding team is sufficient to disable their access
 to those resources.