Sun Microsystems
Products & Services
 
Support & Training
 
 

Previous Previous     Contents     Index     Next Next

Configuring User Access

The grid engine system has the following four categories of users:

  • Managers. Managers have full capabilities to manipulate the grid engine system. By default, the superusers of the master host and of any machine that hosts a queue instance have manager privileges.

  • Operators. Operators can perform many of the same commands as managers, except that operators cannot add, delete, or modify queues.

  • Owners. Queue owners are restricted to suspending and resuming, or disabling and enabling, the queues that they own. These privileges are necessary for successful use of qidle. Users are commonly declared to be owners of the queue instances that reside on their desktop workstations.

  • Users. Users have certain access permissions, as described in Configuring Users, but users have no cluster or queue management capabilities.

The following sections describe each category in more detail.

Configuring Manager Accounts

You can configure Manager accounts with QMON or from the command line.

Configuring Manager Accounts With QMON

On the QMON Main Control window, click the User Configuration button. The Manager tab appears, which enables you to declare which accounts are allowed to run any administrative command.

Dialog box titled User Configuration. Shows Manager tab with
list of managers. Shows Add, Modify, Delete, Tickets, Done, and Help buttons.

This tab lists all accounts that are already declared to have administrative permission.

To add a new manager account, type its name in the field above the manager account list, and then click Add or press the Return key.

To delete a manager account, select it, and then click Delete.

Configuring Manager Accounts From the Command Line

To configure a manager account from the command line, type the following command with appropriate options:

# qconf options

The following options are available:

  • qconf -am user-name [,...]

    The -am option (add manager) adds one or more users to the list of grid engine system managers. By default, the root accounts of all trusted hosts are grid engine system managers. See About Hosts and Daemons for more information.

  • qconf -dm user-name [,...]

    The -dm option (delete manager) deletes the specified users from the list of grid engine system managers.

  • qconf -sm

    The -sm option (show managers) displays a list of all grid engine system managers.

Configuring Operator Accounts

You can configure operator accounts with QMON or from the command line.

Configuring Operator Accounts With QMON

On the QMON Main Control window, click the User Configuration button, and then click the Operator tab.

Dialog box titled User Configuration. Shows Operator tab with
list of operators. Shows Add, Modify, Delete, Tickets, Done, and Help buttons.

The Operator tab enables you to declare which accounts are allowed to have restricted administrative permission, unless the accounts are also declared to be manager accounts. See Configuring Manager Accounts With QMON.

This tab lists all accounts that are already declared to have operator permission.

To add a new operator account, type its name in the field above the operator account list, and then click Add or press the Return key.

To delete an operator account, select it, and then click Delete.

Configuring Operator Accounts From the Command Line

To configure an operator account from the command line, type the following command with appropriate options:

# qconf options

The following options are available:

  • qconf -ao user-name[,...]

    The -ao option (add operator) adds one or more users to the list of grid engine system operators.

  • qconf -do user-name[,...]

    The -do option (delete operator) deletes the specified users from the list of grid engine system operators.

  • qconf -so

    The -so option (show operators) displays a list of all grid engine system operators.

Configuring User Access Lists

Any user with a valid login ID on at least one submit host and one execution host can use the grid engine system. However, grid engine system managers can prohibit access for certain users to certain queues or to all queues. Furthermore, managers can restrict the use of facilities such as specific parallel environments. See Configuring Parallel Environments for more information.

In order to define access permissions, you must define user access lists, which are made up of named sets of users. You use user names and UNIX group names to define user access lists. The user access lists are then used either to deny or to allow access to a specific resource in any of the following configurations:

Configuring User Access Lists With QMON

On the QMON Main Control window, click the User Configuration button, and then click the Userset tab. The Userset tab appears.

Figure 4-1 Userset Tab

Dialog box titled User Configuration. Shows Userset tab with
list of usersets. Shows Add, Modify, Delete, Tickets, Done, and Help buttons.

In the grid engine system, a userset can be either an Access List or a Department, or both. The two check boxes below the Usersets list indicate the type of the selected userset. This section describes access lists. Departments are explained in Defining Usersets As Projects and Departments.

The Usersets lists displays all available access lists. To display the contents of an access list, select it. The contents are displayed in the Users/Groups list.


Note - The names of groups are prefixed with an @ sign.


To add a new userset, click Add.

To modify an existing userset, select it, and then click Modify.

To delete a userset, select it, and then click Delete.

When you click Add or Modify, an Access List Definition dialog box appears.

Figure 4-2 Access List Definition Dialog Box

Dialog box titled QMON. Shows Userset Name and User/Group fields,
and list of Users/Groups included in the userset. Shows Ok and Cancel buttons.

To add a new access list definition, type the name of the access list in the Userset Name field. If you are modifying an existing access list, its name is displayed in the Userset Name field.

To add a new user or group to the access list, type a user or group name in the User/Group field. Be sure to prefix group names with an @ sign.

The Users/Groups list displays all currently defined users and groups.

To delete a user or group from the Users/Groups list, select it, and then click the trash icon.

Previous Previous     Contents     Index     Next Next