The Grid User Mapping Service (GUMS) provides the authorization service to decide how a particular grid identity, possibly including VOMS extended attributes should be mapped onto the site-specific identities/credentials (e.g., UNIX accounts or Kerberos principals) in accordance with the site's grid resource usage policy. It does not perform the authentication of the grid credentials. It just tells the gatekeeper which site credentials the job should get. The gatekeeper is in charge of enforcing the site mapping established by GUMS.
GUMS can be configured to generate static grid-mapfiles or to map users dynamically as each job is submitted. If configured to generate a grid-mapfile, GUMS downloads the file to each gatekeeper as scheduled or requested by an administrator via the GUMS client tools. If configured to map users dynamically and individually, GUMS is called by the gatekeeper upon each job submission. More information is available at