Roles and Rights for Users integrates a Role Base Access Control. This concept represents a management of rights based on definition of user profile roles and roles on appliances.

General User Profile Roles

There are four types of roles that can assigned individual or as a combination

  • Launcher
  • Architect
  • Infrastructure
  • Administrator

The launcher

This role is limited to the capability to deploy a model. The launcher could deploy models on specific cloud provider and to set-up some specific parameters (that has been left empty or with default value by the architect).

Example of rights:

  • Creation of a HPC instance with specific parameters
  • Define existing users that can control or view this instance
  • Starting, stopping, and removal of instance
  • Access to the monitoring of the instance

The Architect

This role enables the user to create and manage models and applications associated to(see the page relative to the model).

Example of rights:

  • Create, clone, remove a model
  • Publish a new model
  • Add new application and installer
  • Add some default parameters to a model

The architect is someone from an organization who maybe is familiar with HPC stack and the infrastructure’s constraints for their applications.

The Infrastructure manager

This role is associated with the capability to manage everything related to bare-metal machine and cloud connectors.

Example of rights:

  • Creation of a new cloud account
  • Removal of an existing cloud account
  • Adding a new bare-metal machine In mid term, the infrastructure manager will have access to all the additional information relative to cloud management, like budget reporting and management. In addition, the role will be split into two part, the bare-metal management, and the cloud management.

Within an organization, this type of role can be assigned to someone who owns the cloud account and maybe responsible for the expenses associated with.

The administrator

This role includes all the previous roles and have additional capabilities such as:

  • Management of users (creation, remove, resetting password)
  • Management of rights (adding, removal) of users
  • Management of default values for their environment

Roles on appliances

User can be further assigned roles on preexisting appliances as a viewer or manager.

The viewer

This role could access an appliance and in order to visualize information and monitoring. A viewer can not perform actions on this appliance.

The manager

This role allows the user to control the functionality of that appliance, i.e. start, stop, or remove.

Note: Selecting both as a viewer and manager will automatically assign that user as a manager.