Overview
Introduction
The EOSC EU Node User Access Policy ("UAP") defines the access groups, their corresponding access rights, service limits, and virtual credit allocation policies for the users of the EOSC EU Node's Resources and Services as granted by the European Commission, Directorate‑General for Communications Networks, Content and Technology, Unit C.1 High Performance Computing and Applications.
The European Open Science Cloud (EOSC) EU Node is designed to provide researchers with access to computing resources, data services, and collaboration tools. The access policy is structured to balance resource allocation with user needs, providing different levels of access based on institutional roles and research requirements.
Purpose and Scope
Purpose: This policy ensures users have the appropriate level of access according to their role and affiliation while maintaining system integrity, security, and compliance with EU regulations and applicable law.
Scope: This policy applies to all users of the EOSC EU Node, covering access to Services and Resources, with the underlying infrastructure, provided through the EOSC EU Node. The policy outlines how users are categorised into access groups, their corresponding rights, obligations, and resource usage limits.
This policy does not apply for third-party onboarded services and resources. For information, users shall visit the user access policies of those third-party providers.
The User Access Policy is part of a broader set of policies governing the use of EOSC EU Node resources:
- Acceptable Use Policy: Defines appropriate use of EOSC EU Node resources
- Privacy Statement: Explains how user data is collected, processed, and protected
- Copyright Notice: Outlines intellectual property considerations
- Cookies Policy: Describes how cookies are used on EOSC websites
For questions or issues related to access rights, service limits, or credit allocation, please contact the EOSC EU Node Helpdesk.
Access Groups
Access Group Overview
The EOSC EU Node provides different levels of access based on user roles and affiliations. Each access group has specific rights, limits, and credit allocations designed to meet different user needs.
Note: The EOSC EU Node does not support automatic transition between access groups. If you need a different access group allocation and access rights, you must issue a Helpdesk ticket.
Your access level is determined by your login method and institutional role. You can check your current access group in your User Settings.
For details on authentication methods and how they affect your access group eligibility, please see the Authentication section.
Access Group Types
The EOSC EU Node provides four access levels with increasing capabilities:
No Login Required
Best for: First-time visitors exploring available resources and learning about the EOSC EU Node.
- Browse public content anonymously
- View datasets and tools
- Access educational materials
Credits: Not applicable
Group Participation
Best for: Users who want to browse content, view their dashboard, and get familiar with the platform.
- View personalised dashboard
- Browse services and features
- No compute or storage capabilities
Credits: 0
Limited Computing
Best for: Institutional employees needing modest compute and storage capabilities.
- Use collaboration tools
- Upload and share data
- Run small and medium services
Credits: 500
Full-Featured Access
Best for: Academic researchers needing full-scale computing, GPU support, and team management.
- Access all computing resources
- Use GPU-enabled services
- Create and manage teams
Credits: 1,500 (individual) / 3,000 (group)
For further details on each user group, consult the User Access Policy.
Access Comparison
The following table provides a detailed comparison of features, services, and credit allocations across access groups:
| Feature | Explorer (AP-0) | Observer (AP-A) | Collaborator (AP-A1) | Investigator (AP-B) |
|---|---|---|---|---|
| Public Content | ✓ | ✓ | ✓ | ✓ |
| User Dashboard | ✗ | ✓ (view only) | ✓ | ✓ |
| File Transfer | ✗ | ✗ | ✓ (1TB/month) | ✓ (1TB/month) |
| File Storage | ✗ | ✗ | ✓ (50GB) | ✓ (50GB) |
| Interactive Notebooks | ✗ | ✗ | S, M | S, M, L (GPU) |
| Virtual Machines | ✗ | ✗ | S | S, M, L (GPU) |
| Cloud Containers | ✗ | ✗ | S | S, M, L (GPU) |
| GPU Access | ✗ | ✗ | ✗ | ✓ |
| Team Management | ✗ | ✗ | ✗ | ✓ (Create up to 2 groups) |
| Team Participation | ✗ | ✓ (Up to 4 groups) | ✓ (Up to 4 groups) | ✓ (Up to 4 groups) |
| Credits | N/A | 0 | 500 | 1,500 (individual) 3,000 (group) |
Changing Your Access Group
If you think you are eligible for a different access group or if your access rights don't match your institutional role, follow these steps:
- Check your User Settings to see your current access group and identity attributes
- Contact your institution's identity provider (IdP) if your role information (e.g., eduPersonAffiliation) is incorrect
- If the issue persists, submit a ticket to the EOSC EU Node Helpdesk with your current access group, expected access group, and institutional role
Access group changes are reviewed on a case-by-case basis. Approval depends on your institutional role and the attributes provided by your identity provider.
Credits & Resources
Understanding Credits
Credits are free, virtual units you use to access services on the EOSC EU Node. They don't have any monetary value and are consumed only when you actively use services like:
- Launching interactive notebooks or virtual machines
- Running workflows or containers
- Transferring or storing files
Important: Credits are used only when you reserve or use resource-intensive services. You don't spend credits by logging in or browsing.
Credit Use Policy
The EOSC EU Node applies a simple and fair credit policy:
- Credits are used only when services are running
- Reservations are limited in size and duration
- First Come, First Served — Services are granted in the order requests are made
- Use It or Lose It — Services with low activity (e.g., under 5% CPU for 30 days) may be deactivated and credits reclaimed
Tip: Shut down services you don't need to save your credits for active work.
Credit Allocation
Your credit allocation depends on your access group, which is based on your login method and institutional role.
| Access Group | Who It's For | Credits |
|---|---|---|
| Explorer (AP-0) | Not logged in | Not applicable |
| Observer (AP-A) | Authenticated, no data services | 0 credits |
| Collaborator (AP-A1) | Institutional employee or staff | 500 credits |
| Investigator (AP-B) | Academic researcher (faculty) | 1500 credits (individual user) 3000 (group) |
The EOSC EU Node does not support automatic transition between these access groups. If users need different access group allocation and access rights, they must issue a Helpdesk ticket.
Credit Replenishment
- Credits refresh every three months (90 days), starting from your first login
- Credits are not transferrable between periods. Unused credits expire at the end of the period
- Reserved service environments are deactivated upon reservation revoked by the owner/user or ended due to credit or time expiration
Service Environment Sizes
EOSC services are available in Small (S), Medium (M), and Large (L) sizes. Each size affects how many resources you get and how many credits you use.
| Service | Small (S) | Medium (M) | Large (L) |
|---|---|---|---|
| Interactive Notebooks | 2 vCPU, 4GB RAM, 20GB local + 50GB remote, 1 Gbps | 4 vCPU, 8GB RAM, 100GB local + 200GB remote, 10 Gbps | 8 vCPU, 16GB RAM, 1 GPU (16GB), 200GB local + 500GB remote, 10 Gbps |
| Virtual Machines | 2 vCPU, 8GB RAM, 200GB local + 500GB remote, 1 Gbps | 8 vCPU, 64GB RAM, 1TB local + 2TB remote, 10 Gbps | 8 vCPU, 32GB RAM, 1 GPU (16GB), 2TB total storage, 10 Gbps |
| Cloud Containers | 2 vCPU, 8GB RAM, 200GB local + 500GB remote, 1 Gbps | 8 vCPU, 64GB RAM, 1TB local + 2TB remote, 10 Gbps | 8 vCPU, 32GB RAM, 1 GPU (16GB), 2TB total storage, 10 Gbps |
These standard sizes are referenced throughout the policy. For information about third-party providers, please visit their specific user access policies.
Credit Costs
Each service has a credit cost depending on its size and how long you use it.
| Service | Small | Medium | Large | Metric |
|---|---|---|---|---|
| Virtual Machines (OpenStack) | 10 | 40 | 400 | Credits per day |
| Cloud Container Platform (OKD) | 10 | 40 | 400 | Credits per day |
| Interactive Notebooks (Jupyter) | 0.04 | 0.5 | 50 | Credits per hour |
| Bulk Data Transfer (FTS) | — | — | — | Negotiated case-by-case |
| File Sync and Share (ownCloud) | 10 | — | — | Credits per month |
| Large File Transfer (FileSender) | 7 | — | — | Credits per month |
Note: These are estimates for EOSC EU Node's native services. Third-party services may have different policies—check with the provider.
Additional Credit Requests
Users requiring additional credits or extended access beyond their default allocation must submit a request through the Helpdesk. These requests will be reviewed on a case-by-case and best-effort basis (i.e., not guaranteed).
When requesting additional credits, be prepared to provide information about:
- Your research project and its objectives
- The expected duration of your need for additional resources
- A justification for why the standard credit allocation is insufficient
- Your specific resource requirements (e.g., GPU usage, storage needs)
Authentication & Authorisation
Introduction to Authentication
Authentication and authorisation determine your access level on the EOSC EU Node. Your access is based on your login method and the role attributes provided by your institution or identity provider.
Important: The EOSC EU Node uses AAI (Authentication and Authorisation Infrastructure) to enable secure, federated access. Your identity provider shares specific attributes that determine your eligibility for different access groups.
Access and credit allocation is determined by how you log in and the attributes your institution provides. EOSC uses trusted login systems via AAI to verify your identity and institutional role.
Login Methods and Role Requirements
The EOSC EU Node supports multiple authentication methods, each with specific role requirements that determine access group eligibility:
| Login Method | Who Can Use It | Role Requirements | Access Eligibility | Restrictions |
|---|---|---|---|---|
| eduGAIN | Researchers and staff at academic institutions | Filtered by eduPersonAffiliation Must have role faculty or employee/staff |
Eligible for Collaborator or Investigator groups | Only from EU27 and Horizon Europe Associated Countries Students, affiliates, alumni, walk-in users, and members are excluded |
| EU Login | European Commission staff and its agencies | Filtered by domain attribute | Eligible for Collaborator or Investigator groups | Only EC and agency staff Citizen scientists authenticated via eIDAS are excluded |
| eIDAS | Holders of national eIDs in EU Member States | Role and organisation info must be present in eIDAS attributes | May be eligible based on attributes provided | Limited access if role info is missing or unclear |
If your role information is incorrect or missing, you may be placed in a lower access group than you qualify for. Contact your institution's identity provider to ensure they are correctly sharing your role attributes.
Authentication Methods
Each authentication method provides a different way to access the EOSC EU Node:
Who Can Use It: Researchers and staff at academic institutions
How it Works: eduGAIN is a service that connects identity federations around the world, enabling global collaboration. When you log in via eduGAIN, you'll be redirected to your institution's login page, where you authenticate using your institutional credentials.
Key Attributes: The eduPersonAffiliation attribute determines your access group. Faculty roles get Investigator access, while staff/employee roles get Collaborator access.
Who Can Use It: European Commission staff and its agencies personnel
How it Works: EU Login (formerly ECAS) is the European Commission's authentication service. It allows staff to use their work credentials to access EOSC EU Node services.
Key Attributes: Your domain attribute is used to verify your affiliation with the European Commission or its agencies.
Who Can Use It: Holders of national eIDs in EU Member States
How it Works: eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation for electronic identification and trust services. It allows you to use your national electronic identification to access EOSC services.
Key Attributes: Role and organisation information must be present in your eIDAS attributes to determine your access group.
Role-Based Access
Your institutional role, as provided by your identity provider, determines which access group you're eligible for:
| Institutional Role | Explorer (AP-0) | Observer (AP-A) | Collaborator (AP-A1) | Investigator (AP-B) |
|---|---|---|---|---|
| Not logged in | ✓ | ✗ | ✗ | ✗ |
| Any authenticated user | ✗ | ✓ | ✗ | ✗ |
| Staff/Employee | ✗ | ✗ | ✓ | ✗ |
| Faculty/Academic Researcher | ✗ | ✗ | ✗ | ✓ |
| Student | ✗ | ✓ | ✗ | ✗ |
| Alumni | ✗ | ✓ | ✗ | ✗ |
| Affiliate | ✗ | ✓ | ✗ | ✗ |
| Member | ✗ | ✓ | ✗ | ✗ |
| Walk-in user | ✗ | ✓ | ✗ | ✗ |
Authentication Process
The authentication process involves the following steps:
- Select Authentication Method
Choose your identity provider from the available options (eduGAIN, EU Login, or eIDAS). - Login with Identity Provider
Enter your credentials at your organisation's login page. This keeps your password secure as it is never shared with the EOSC EU Node. - Attribute Release
Your identity provider sends your role and organisation information (but not your password) to the EOSC EU Node. - Access Group Assignment
Based on the attributes received, the EOSC EU Node automatically assigns you to the appropriate access group.
Troubleshooting Login Issues
If you encounter problems with authentication or believe you are assigned to the wrong access group:
- Check your User Settings to see your current access group and the attributes received from your identity provider
- Verify your institutional role with your organisation's IT department
- Contact your identity provider to ensure they are correctly sharing your role information (such as eduPersonAffiliation)
- Submit a ticket to the EOSC EU Node Helpdesk if the issue persists
Tip: If you need to change your access group, you must provide documentation that confirms your institutional role. This could include an official letter from your organisation or evidence of your role in your institution's directory.
Additional Policies
Policy Enforcement and Modification
The EOSC EU Node's policies are enforced by the Operating Unit (in particular, the EOSC EU Node administrators). These policies ensure fair usage, security, and compliance with EU regulations while providing appropriate access to resources for research and collaboration.
Enforcement
Any violation of EOSC EU Node policies may result in the suspension or termination of user access. The Operating Unit reserves the right to audit access logs and user activities to ensure compliance with all policies.
Updates and Changes
Policy Changes: The Operating Unit reserves the right to modify policies at any time. Users will be notified of significant changes, and continued use of the Services and Resources implies acceptance of the updated terms.
Service Updates: The Operating Unit may release software updates, including security patches or new features. Users are required to update their software (if needed) to continue using the Services and/or access the Resources.
Service Modifications: The Operating Unit may decide to modify or discontinue Services or Service features and functionalities at its discretion. Users may lose access to certain functionalities, Services and/or Resources (including content and data), without prior notice.
Data Privacy and Control
Users accessing Services and Resources through federated identities (IdPs) acknowledge that their home organisation may have control over their account and personal data. The Operating Unit may notify home organisations about the usage and the corresponding personal data associated with such federated accounts, especially in cases of compromised personal data.
Privacy
The Operating Unit of the EOSC EU Node respects user privacy but assumes no liability for any personal data management by third parties associated with federated identities. Users must comply with their home institution IdP's privacy policies and other guidelines.
For more information, visit the Privacy Policy of the European Commission.
Termination and Personal Data Retention
Upon termination of a user's access (whether by the user itself or the Operating Unit), access to Services and Resources and the associated personal data will be immediately revoked. The Operating Unit will delete or disassociate corresponding data, except where legally required to retain it. Users are advised to maintain regular backups of their user data.
Any remaining credits or reservations will be forfeited upon termination, and there will be no reimbursement for unused Credits.
Computer Security and Incident Response
The Operating Unit of the EOSC EU Node is committed to ensuring the security and integrity of its Services and Resources, the content and user data processed within it. In the event of a computer security incident, the Operating Unit will follow established procedures to identify, mitigate, and respond to any security threats or breaches.
Users are required to immediately report any suspected or confirmed security incidents, such as unauthorised access, data breaches, vulnerabilities or malware infections, to the EOSC EU Node's Computer Security Incident Response Team (CSIRT) via: security@open-science-cloud.ec.europa.eu
EOSC EU Node administrators will promptly investigate all reports. Users who fail to follow the security standards applying to all European Commission information systems or who are found to be responsible for a security incident due to negligence or misconduct may face access restrictions, suspension, or termination of their account.
In the case of a significant security breach, the Operating Unit will inform affected users and organisations in a timely manner. Notifications will include details about the incident, any data compromised, and recommended actions users should take.
Disaster Recovery
The Operating Unit of the EOSC EU Node is committed to ensuring the continuity and availability of its Services and Resources in the event of a disaster. The EOSC EU Node has an established Disaster Recovery Plan (DRP) designed to minimise service disruptions, protect data integrity, and restore normal operations as quickly as possible.
Regular backups of critical systems and user data are performed. These backups are securely stored in geographically dispersed locations to ensure data availability in the event of a localised disaster. Backup frequency and retention policies are aligned with EU regulations on data protection and disaster recovery.
User Responsibilities
Equipment and Connectivity
Users are responsible for providing the necessary equipment (e.g., internet connection, devices) to access EOSC EU Node Services and Resources. The Operating Unit is not liable for any additional costs incurred by users for their connectivity or equipment.
Maintaining Backup Copies
Users are responsible for maintaining backup copies of any critical content and data they store within the EOSC EU Node's Services and Resources. Users should follow best practices for data protection and ensure they are aware of the EOSC EU Node's recovery procedures.
Legal Compliance
Users agree to use the Services and Resources in compliance with applicable laws and regulations. Misrepresentation of location or identity to bypass service restrictions is prohibited.
For more information, visit the EOSC EU Node Acceptable Use Policy.
Limitation of Liability
General Liability
The EOSC EU Node provides its services on an "as-is" and "as-available" basis. To the maximum extent permitted by applicable law, the Operating Unit of the EOSC EU Node and its affiliated parties (i.e., onboarded third-party service and resource providers) will not be liable for any direct, indirect, incidental, consequential, or special damages arising out of or in connection with the use of the Services and Resources, even if advised of the possibility of such damages. This includes, but is not limited to, damages for loss of profits, data, or other intangible losses.
Service Availability
The EOSC EU Node strives to ensure the availability and reliability of its services. However, the Operating Unit of the EOSC EU Node makes no guarantees regarding the uninterrupted or error-free operation of its Services and Resources, the accuracy of any information, content or data provided through the Websites, or the ability of the Services to meet the user's specific needs.
Services and Resources may be unavailable from time to time due to maintenance or unforeseen disruptions. The Operating Unit of the EOSC EU Node does not guarantee continuous availability of Services and is not liable for any data loss resulting from service outages.
Data Integrity
While the EOSC EU Node implements strong security measures to protect user data, the Services and Resources cannot guarantee absolute security. Users are solely responsible for ensuring they maintain appropriate backups of their own data. The Operating Unit of the EOSC EU Node will not be liable for any data loss or corruption arising from the use of its Services and Resources.
Third-Party Services and Resources
The EOSC EU Node may integrate with or provide access to third-party services and resources as a federated system of systems. The Operating Unit of the EOSC EU Node makes no warranties or representations about these third-party services and resources and will not be liable for any issues arising from their use, users assume all risks associated with their use. Users are responsible for reviewing and agreeing to the terms of service of any third-party services and resources they utilise through the Websites. Third-party terms do not alter this User Access Policy.
Legal Compliance
The Operating Unit of the EOSC EU Node makes every effort to comply with applicable laws and regulations. However, users are solely responsible for ensuring their use of the Services and Resources complies with any applicable legal and regulatory requirements. The Operating Unit will not be liable for any user's failure to comply with such laws.
Force Majeure
The Operating Unit shall not be liable for any failure to the EOSC EU Node's Services and Resources its obligations under this policy if such failure results from causes beyond its reasonable control, including but not limited to natural disasters, acts of war, terrorism, labour disputes, or governmental actions.
Key Contacts
For assistance with policies, security concerns, or data protection issues, please reach out to the appropriate contact:
- Helpdesk Support: EOSC EU Node Helpdesk
- Data Protection Officer: data-protection-officer@ec.europa.eu
- Computer Security Incident Response Team (CSIRT): security@open-science-cloud.ec.europa.eu
- Security Contact for the UAP: CNECT-LISO@ec.europa.eu
Help & Support
How Can We Help You?
The EOSC EU Node Helpdesk is your central point of contact for all questions, issues, and support needs related to the EOSC EU Node platform.
Experiencing issues with your access level, credits, or login methods? Our team can help verify your access rights and resolve authentication problems.
Encountering technical difficulties with EOSC EU Node services or resources? Report them to our team for prompt investigation and resolution.
Need more credits for your research projects? Submit a request for additional credits or extended access beyond your default allocation.
Helpdesk Support Services
The EOSC EU Node Helpdesk provides comprehensive support for all aspects of the platform. Our dedicated team is ready to assist with:
- Access Rights and Authentication Issues - Problems with login, incorrect access group assignments, or missing institutional attributes
- Service Troubleshooting - Assistance with virtual machines, containers, notebooks, and other platform services
- Credit and Resource Requests - Applications for additional credits or special resource allocations
- Policy Clarifications - Help to understand and navigate EOSC EU Node policies
- Technical Guidance - Advisory support for utilising EOSC EU Node resources effectively
The Helpdesk handles requests for elevated privileges, additional credits, or access group modifications on a case-by-case and best-effort basis (i.e., not guaranteed).
Response Times
Our support team strives to respond to all inquiries promptly:
- General inquiries: Within 1-2 business days
- Technical issues: Within 1 business day
- Critical system problems: Priority response
- Credit/resource requests: Within 3-5 business days
Access Group Support
If you believe you've been assigned to the wrong access group or have limited access, follow these steps:
- Check your User Settings
- View your current access group
- Check your identity and role info
- Contact your institution
- Ask your identity provider (IdP) to fix missing or incorrect attributes like eduPersonAffiliation
- Still need help?
- Open a ticket with the EOSC EU Node Helpdesk for assistance
The EOSC EU Node does not support automatic transition between access groups. If you need a different access group allocation and access rights, you must issue a Helpdesk ticket.
Requesting Additional Credits
If you require additional credits beyond your default allocation, you can submit a request through the Helpdesk.
Information to Include in Your Request
To expedite your request, please provide the following details:
- Project Description: Brief overview of your research or project
- Resource Justification: Why you need additional credits
- Duration: How long you'll need the extended resources
- Current Usage: How you've utilised your existing allocation
- Specific Services: Which services you plan to use (VMs, containers, notebooks, etc.)
Additional credit requests are reviewed on a case-by-case and best-effort basis. They are not guaranteed and depend on overall system capacity and demand.