User Roles & Permissions
IBM Spectrum LSF Application Center has a flexible access control mechanism. You can control access to all pages of the web
interface, and you can also control whether users can take actions on objects in pages.
About users, roles, and permissions
Define user roles to give permissions to users and user groups. A user role is a common group of permissions. Users and user groups are defined in . You can assign permissions to most objects in IBM Spectrum LSF Application Center. You can assign a combination of permissions to an object.
Assigning roles to users
Assign user roles to give groups of permissions to users and user groups.
Defining new user roles
Define new user roles if the predefined user roles do not suit your needs.
Configuring administrators that are not LSF cluster administrators
By default, at installation, if you did not specify user accounts to be assigned the IBM Spectrum LSF Application Center administrator role, the LSF® cluster administrators defined in the LSF configuration file lsf.cluster. are automatically assigned the cluster_name IBM Spectrum LSF Application Center administrator role. You can however, modify the role assignment and assign different users to be IBM Spectrum LSF Application Center administrators.
Configuring folder permission for users
The folder permission control feature provides the ability to configure different folder permissions for each user. This limits user-only access to and operations on authorized folders or "Shared directories". It also supports “path” mode when submitting jobs This feature avoids copying input files between different locations and uses the selected file or folder as an input file directly.
Enabling users who do not have OS user accounts to use IBM Spectrum LSF Application Center
When users do not have operating system user accounts on the IBM Spectrum LSF Application Center server, you can enable them to log in and use IBM Spectrum LSF Application Center by creating a user mapping script that maps login user accounts to operating system user accounts. This applies to both the graphical user interface as well as Web Services.
Restricting who can log in to IBM Spectrum LSF Application Center
To control which users can log in and use IBM Spectrum LSF Application Center, set the parameter ALLOW_UNKNOWN_USER=N in the configuration file pmc.conf. Only users that you specify can log on, and all other users are denied access. Also, set ENABLE_USER_GROUP=N in the pmc.conf file so that users and user groups are not automatically loaded from LSF.
Restricting users from viewing job data in IBM Spectrum LSF mobile client
By default, users can view job data files on their mobile device in IBM Spectrum LSF mobile client. You can disable viewing of job data files in IBM Spectrum LSF mobile client by setting the parameter MOBILE_VIEW_DATA=N in the configuration file $GUI_CONFDIR/pmc.conf. You can also restrict the number of lines that can be viewed at one time with the parameter MOBILE_VIEW_DATA_LINES.