Default Roles and Privileges

Overview of the default access control roles.

Access Control Roles

Five roles are available by default. These roles cannot be deleted and their assigned privileges cannot be changed, however additional users can be added to these roles.

Manager
A Manager has the highest level of access privilege. Managers can:
  • create cloud accounts and bursting scenarios.
  • view and act upon jobs and nodes.
  • add HPC clusters and Budget Manager instances.
  • configure the HPC workload manager.
  • view and modify analysis charts.
  • run simulations.
  • configure optional components - realtime dashboard and node management
  • configure allocations.
  • view allocation reports.
  • refund currency (Service Units) to an account.
  • grant and restrict access to the various features of Control.
By default, the Control Admin User entered during the installation of Control is assigned to the Manager role and cannot be removed from this role.
Operator
Operators can view node and job information and can view alerts.
AM User

AM Users are assigned to accounts by an AM Admin and then can run jobs using the account's budget. AM Users can view their own allocation reports, including account-level and transaction-level view.

AM Stakeholder
AM Stakeholders are assigned to accounts by an AM Admin and can deposit currency into and withdraw currency from those accounts. AM Stakeholders can view allocation reports, including account-level and transaction-level views, as well as budget management, for those accounts for which the user is a stakeholder. Stakeholders have user privileges as well.
AM Admin
AM Admins have full access to allocation functionality in both the Monitor and Configure tabs, including all reports and configuration. AM Admins have user privileges and stakeholder privileges.

Privileges

By default, the following privilege levels are available:

Cloud Admin

This privilege allows full access to the Cloud tab, allowing the user to create and manage cloud accounts and bursting scenarios.

Monitor PBS Viewer

This privilege allows view-only access to the HPC complex jobs, nodes, and alerts.

Monitor PBS Admin

This privilege allows the user to view and act upon HPC complex jobs and nodes. Alerts can also be created.

Configure PBS Viewer

This privilege allows view-only access to the Workload Manager parameters and settings.

Configure PBS Admin

This privilege allows the user to view and change Workload Manager parameters and settings. Configure optional components Realtime Dashboard and Node Management.

Analyze Admin

This privilege allows the user to view, modify, and create analysis charts.

Simulate Admin

This privilege allows full access to the features available via the Simulate tab, allowing the user to run simulations and review simulation results.

Budget Manager User

This privilege allows users to access their own allocation reports, including account-level and transaction-level views.

Budget Manager Stakeholder
This privilege allows full access to allocation reports, including account-level and transaction-level views, as well as budget management, for those accounts for which the user is a stakeholder.
Budget Manager Admin
This privilege allows full access to allocation functionality, including all reports and configuration.

When a user is not given privileges to one of the available components of Control, then the associated tab is not displayed. For example, the Operator role by default is given only Monitor Viewer privileges. A user added to the Operator role will only have view access to the Monitor tab after logging in. The other tabs are not displayed.

Please note that access to certain functionality regarding HPC complex jobs and nodes and Workload Manager parameters and settings is controlled by access controls defined at the Workload Manager level. This is dependent upon the credentials that are used to add the cluster. Once a cluster is added, subsequent administrative actions are performed as the credentials utilized while adding the cluster. For example, if the user credentials used to connect to the HPC cluster has PBS Professional User privileges, then that user will not be able to configure the HPC Workload Manager settings or take a node offline.