Notes on VO hierarchy and functions 1. A VO defines and maintains a hierarchical list of roles, which defines what operations members are allowed to perform. 2. A simplest hierarchy is "production managers" -> "researchers" -> "students". 3. Production managers are allowed to write to all the relevant databases, monitor/kill/resubmit jobs by others (researchers and students), move/erase files created by others (researchers and students) 4. A user may act on Grid as a VO member or as a private person. In the former case, his rights and obligations are defined by VO roles. In the latter case, it's only his personal information that matters, similarly to the lowest rank in a VO. 5. Roles are assigned to VO members by VO managers dynamically. A "student" may become promoted to a "researcher" overnight, or a "production manager" demoted to a "researcher". In the latter example, the demoted production manager should not be able to manipulate jobs and files produced by him to the same extent as he did while he had a higher rank. The access rights hence are based not only on ownership, but on the *CURRENT* role. 6. The role should not be identified by a _name_ string. E.g., a role "production manager" may be renamed overnight to "prodman" by a VO manager, and this should not affect neither jobs nor files and access rights. To identify a role for the Grid services, specialized strings/tags must be used. 7. The hierarchy is dynamic. A new role may be introduced overnight, e.g., a "higgs prodman", which manages not the entire production, but only that for the Higgs team. Subsequently, he can manipulate jobs and data only of users belonging to the Higgs team. 8. A person can have several roles, e.g., a "higgs manager" and "susy researcher", sitting in different branches of the hierarchy. Relation between such branches should be defined. 9. A VO can be reduced by a flat group of similarly ranking members. This is still different from a discoordinated group of users: in the VO, members can agree on accessing each other files or manipulating each other jobs, while non-affiliated users can only manage their own jobs and data.