Roles definition integrates a Role Base Access Control. This concept represents a management of rights based on definition of profile roles. Consequenlty, we define, by default, four type of role.

  • The infrastructure manager
  • The architect
  • The launcher
  • The viewer We have also an administrator role:
  • The administrator

Of course, roles could be merged into one user if necessary.

The infrastructure manager

This role is associated with the capability to manage everything related to bare-metal machine and cloud connectors. Example of rights:

  • Creation of a new cloud account
  • Removal of an existing cloud account
  • Adding a new bare-metal machine In mid term, the infrastructure manager will have access to all additional information relative to cloud management, like budget reporting and management. And the role will be split into two parts: the bare-metal management and the cloud management Inside a company, the role could be provide to someone who owns the cloud account and could be responsible for the expenses associated with.

The architect

This role enables to create and manage models and applications associated (see the page relative to the model). Example of rights associated with this role:

  • Create, clone, remove a model
  • Publish a new model
  • Add new application and installer
  • Add some default parameters to a model The architect is someone from the company who knows HPC stack and the infrastructure’s constraints for their applications.

The launcher

This role is limited to the capability to deploy a model. The launcher could deploy models on specific cloud provider and set-up some specific parameters (that has been left empty or with default value by the architect). Example of rights:

  • Creation of an HPC instance, with specific parameters
  • Define the other users that can control or view this instance
  • Stop and removal of the instances
  • Access to the monitoring of the instance

The viewer

This role could access to an appliance and visualize information and monitoring. Viewer could not perform action on the appliance.

The administrator

This role include all previous role and have additional capabilities:

  • Management of users (creation, remove, resetting password)
  • Management of rights (adding, removal) of users
  • Management of default values for their environment