Default Roles and Privileges

Overview of the default access control roles.

Access Control Roles

Five roles are available by default. These roles cannot be deleted and their assigned privileges cannot be changed, however additional users can be added to these roles and access to PBS Professional clusters can be granted or restricted for the Operator role.

Manager

A Manager has the highest level of access privilege. Managers can:

create cloud accounts and bursting scenarios.
view and act upon jobs and nodes.
configure the HPC workload manager.
view and modify analysis charts.
run simulations.
configure Allocation Manager.
view Allocation Manager reports.
refund currency (Service Units) to an account.
grant and restrict access to the various features of Access Web.

By default, the PBSWorks Service User entered during the installation of Access Web is assigned to the Manager role and cannot be removed from this role.

Operator

Operators can view node and job information and can view alerts.

AM User

AM Users are assigned to accounts by an AM Admin and then can run jobs using the account's budget. AM Users can view their own Allocation Manager reports, including account-level and transaction-level view. Allocation Manager reports are available through the Monitor tab.

AM Stakeholder

AM Stakeholders are assigned to accounts by an AM Admin and can deposit currency into and withdraw currency from those accounts. AM Stakeholders can view Allocation Manager reports, including account-level and transaction-level views, as well as budget management, for those accounts for which the user is a stakeholder. Allocation Manager reports are available through the Monitor tab. Stakeholders have user privileges as well.

AM Admin

AM Admins have full access to Allocation Manager functionality in both the Monitor and Configure tabs, including all reports and configuration. AM Admins have user privileges and stakeholder privileges.

Privileges

By default, the following privilege levels are available:

Cloud Admin: This privilege allows full access to the Cloud tab, allowing the user to create and manage cloud accounts and bursting scenarios.
Monitor PBS Viewer: This privilege allows view-only access to the Monitor tab’s PBS Professional jobs and node information and alerts.
Monitor PBS Admin: This privilege allows full access to the Monitor tab’s PBS Professional features, allowing the user to view and act upon jobs and nodes. Alerts can also be created.
Configure PBS Viewer: This privilege allows view-only access to the Configure tab’s PBS Professional settings.
Configure PBS Admin: This privilege allows full access to the Configure tab’s PBS Professional settings, allowing the user to view and change PBS Professional settings.
Analyze Admin: This privilege allows full access to the features available via the Analyze tab, allowing the user to view, modify, and create analysis charts.
Simulate Admin: This privilege allows full access to the features available via the Analyze tab, allowing the user to view, modify, and create analysis charts.
Allocation Manager User: This privilege allows view-only access to the user’s own Monitor’s Allocation Manager reports, including account-level and transaction-level view.
Allocation Manager Stakeholder: This privilege allows full access to Monitor’s Allocation Manager reports, including account-level and transaction-level views, as well as budget management, for those accounts for which the user is a stakeholder.
Allocation Manager Admin: This privilege allows full access to Allocation Manager functionality in both the Monitor and Configure tabs, including all reports and configuration.

When a user is not given privileges to one of the available components of Access Web (Cloud, Configure, Monitor, Analyze, Simulator), then the associated tab is not displayed. For example, the Operator role by default is given only Monitor Viewer privileges. A user added to the Operator role will only have view access to the Monitor tab after logging in. The other tabs are not displayed.

Please note that access to certain features available via the Monitor and Configure tab are also controlled by access controls defined at the PBS Professional level. This is dependent upon the credentials that are used to add the cluster. Once a cluster is added, subsequent administrative actions are performed as the credentials utilized while adding the cluster. For example, if the user used to connect to the HPC cluster has PBS Professional User privileges, then that user will not be able to configure the HPC workload manager settings via the Configure tab or take a node offline via the Monitor tab.