Users and user groups

Edit online

Users in IBM Spectrum LSF Application Center are LSF users, and users who have logged intoIBM Spectrum LSF Application Center.

When IBM Spectrum LSF Application Center initializes, it automatically loads LSF users and LSF user groups defined in the LSF configuration file lsb.users. This is controlled with the parameter ENABLE_USERGROUP. It is enabled by default.

IBM Spectrum LSF Application Center automatically updates the LSF user and user group list from LSF according to the interval specified with the configuration parameter ACL_SYNC_INTERVAL. The default value is 3600 seconds.

User roles

Edit online

A user role is a list of resources and its corresponding permissions.

Each role has access to one or more resources. For each resource, there is one corresponding permission.

You can assign more than one role to a user. When multiple roles are assigned, the user receives all the permissions defined for all the roles.

The following diagram illustrates the relationship between users, groups, roles, permissions, and resources.

  • A user group can have one or more users as members
  • A user can belong to one or more user groups
  • A user can be assigned one or more roles
  • A role can be assigned to one or more users
  • A role can access one or more resources through permission control
  • One permission is granted to one or more roles
  • One resource can only have one corresponding permission for each role

Built-in user roles

Built-in user roles cannot be updated or deleted.

A built-in user role is restricted by permission controls configured in LSF. For example, you cannot assign any user the Cluster administrator role - the user must be listed as a cluster administrator in LSF. You can, however, unassign the cluster administrator role from a user who is configured as a cluster administrator in LSF.

How built-in roles are automatically assigned to users

When IBM Spectrum LSF Application Center starts up, it automatically loads LSF users and LSF user groups defined in the LSF configuration file lsb.users
  • If the user is an LSF cluster administrator, the user is automatically assigned the built-in Cluster administrator role. The cluster administrator role has View & Control permission on all resources.
  • If the user is an LSF user group administrator, the user is automatically assigned the built-in role Group administrator for group group_name. This role has View & Control permission for the resource Jobs owned by group group_name (all jobs owned by the user group).
  • If a user is a member of an LSF user group but is not the administrator of the user group, the user is automatically assigned the Normal user for group group_name role. This role has no permissions assigned. It can be assigned the View Only permission to Jobs owned by group group_name.
  • Other users are automatically assigned the built-in Normal user role. The Normal user role has View & Control permission for his own jobs and View only permission for all hosts and queues.

All OS users can log on to IBM Spectrum LSF Application Center. If a user logs on to IBM Spectrum LSF Application Center and is not listed in the LSF lsb.users file, the user account is automatically assigned the built-in Normal user role.