Permissions
This topic lists all the delivered permissions you can set when you configure roles in Viewpoint.
Permissions are stored in Moab Web Services. Any new permission you want to add to Viewpoint you must add through Moab Web Services. For more information, please see the "Permissions" resource section of the Moab Web Services Reference Guide.
The actual permission name will be in this format, corresponding with the attributes you define at permission creation in MWS: <type>.<resource>.<action> (for example, page.internalPage.read).
Use case
For example, say you want to create a custom navigation link to another internal web page and you only want "admin" role users to be able to see the link. Here's what you would do:
- Create the new navigation (page) permission in MWS (see the "Permissions" resource section of the Moab Web Services Reference Guide). Make sure you specify the permission type is "page." For this example, let's say you named the permission page.custom.read.
- Add the custom link to the navigation.xml file (see Adding a custom link to the Viewpoint menu).
- In the navigation.xml when you specify the <permission> element, make sure that the permission name matches exactly the permission you created in MWS (page.internalPage.read).
- Go to the Role Management page and edit the "admin" role so that it includes this new permission. For more information, see Modifying an existing role.
On the Role Management page, permissions are grouped in the following categories. Each table contains columns to signify which permissions are included in the
Any new permissions you add through MWS will appear on the Role Management page in one of these groups (depending on the permission "type" you specify—"page,"
Some permissions pertain to cloud-specific pages or functions, others to HPC-specific pages or functions. The New/Edit Role page lists every Viewpoint permission (both cloud and HPC), which means that there will be some permissions that do not apply to your Viewpoint version.
If a user tries to access a page that he or she does not have permission to view, Viewpoint will notify them with the following message:
"The page you requested could not be found by the server or you do not have the permissions necessary to view this page. Please contact your administrator for help."
| Permission name | Description | Administrator | Power User | User |
|---|---|---|---|---|
| Accounting | Read option is permission to access the Accounting Manager page. (See About Accounting Manager.) | X | X | X |
| Actions | Read option is permission to access the Requested Actions page and view requested actions. (See About requested actions.) | X | X | |
| Configuration | Read option is permission to access the Configuration page and to set configurations. (See About configuration.) | X | ||
| Events | Read option is permission to access the Event Logs page. (See About event log.) | X | X | |
| Home | Read option is permission to access the Viewpoint Homepage. (See Homepage gadgets.) | X | X | X |
| Image Management | Read option is permission to access the Image Management page and to view, create, edit, and delete images. (See About image management.) | X | X | |
| Submit Job | Read option is permission to access the New Job page and submit a new job. (See About job management). | |||
| Job Management | Read option is permission to access the Job Management page and to view and edit jobs. (See About job management.) | X | X | |
| Node Management | Read option is permission to access the Node Management page and to view and edit nodes (including permission to reprovision and power nodes on/off). (See About node management.) | X | X | |
| Policy Management | Read option is permission to access the Policy Management page and to view and edit policies. (See About policy management.) | X | X | |
| Principal Management | Read option is permission to access the Principal Management page and to view, create, edit, and delete principals. (See About principal management.) | X | X | |
| Reporting |
Read option is permission to access the Reporting page. (See About reporting.)
This permission only provides access to the Reporting page. You will need to provide access to view individual reports (for details, see Report Permissions.) |
X | X | |
| Reservation Management | Read option is permission to access the Reservation Management page and to view and delete reservations. (See About reservation management.) | X | X | |
| New Reservation | Read option is permission access the New Reservation page and create a new reservation. (See Fields: New Reservation.) | X | X | |
| Role Management | Read option is permission to access the Role Management page and to view and manage roles. (See About role management.) | X | X | |
| Service Template Management | Read option is permission to access the Service Template Management page and to view, create, edit, copy, and delete service templates. (See About service template management.) | X | X | |
| Service Management | Read option is permission to access the Service Management page and to view and delete services. (See About service management.) | X | X | X |
| New Service | Read option is permission to access the New Service page and request a service. (See About service management.) | X | X | X |
| New Custom PM | Read option is permission to request a custom physical machine service. (See Requesting a custom physical machine service.) | X | X | X |
| New Custom VM | Read option is permission to request a custom virtual machine service. (See Requesting a custom virtual machine service.) | X | X | X |
| VM Management | Read option is permission to access the Virtual Machine Management page and to view, reprovision, and power on/off VMs. (See About virtual machine management.) | X | X | X |
By default, the Reporting Portal is not configured in Viewpoint. If you have not enabled Reporting in Viewpoint, please disregard the Report permissions. For information about reporting in Viewpoint, see About reporting.
| Permission name | Description | Administrator | Power User | User |
|---|---|---|---|---|
| Jobs and Processor Hours by Credential | Read option is permission to view the Jobs and Processor Hours by Credential report. (For more information, see Report types.) | X | X | |
| Jobs and Processor Hours by Month | Read option is permission to view the Jobs and Processor Hours by Month report. (For more information, see Report types.) | X | X | |
| Jobs and Processor Hours by Quarter and Year | Read option is permission to view the Jobs and Processor Hours by Quarter and Year report. (For more information, see Report types.) | X | X | |
| Jobs Submitted | Read option is permission to view the Jobs Submitted report. (For more information, see Report types.) | X | X | |
| Jobs Submitted and Completed | Read option is permission to view the Jobs Submitted and Completed report. (For more information, see Report types.) | X | X | |
| Total Active Processor Count | Read option is permission to view the Total Active Processor Count report. (For more information, see Report types.) | X | X | |
| Total Allocated Node Count | Read option is permission to view the Total Allocated Node Count report. (For more information, see Report types.) | X | X | |
| Total Queue Time | Read option is permission to view the Total Queue Time report. (For more information, see Report types.) | X | X | |
| Used Wallclock Time | Read option is permission to view the Used Wallclock Time report. (For more information, see Report types.) | X | X | |
| VM Lifecycle | Read option is permission to view the VM Lifecycle report. (For more information, see Report types.) | X | X |
Tip: If you give users gadget permissions, you will probably want to make sure that they have page permissions for the gadget's corresponding page. For example, if you give a user the Node State Gadget gadget permission, you will likely want to give them the Node Management page permission. Then, if the user clicks the Node State gadget on the Homepage, he or she will be able to go to the Node Management page.
| Permission name | Description | Administrator | Power User | User |
|---|---|---|---|---|
| Service Count Gadget | Read option is permission to view the Service Count Gadget. (For more information, see Homepage gadgets.) | X | X | X |
| Service Template Count Gadget | Read option is permission to view the Number of Service Template Count Gadget. (For more information, see Homepage gadgets.) | X | X | X |
| Job Count Gadget | Read option is permission to view the Job Count Gadget. (For more information, see Homepage gadgets.) | |||
| Node State Gadget | Read option is permission to view the Node State Gadget. (For more information, see Homepage gadgets.) | X | X | |
| Virtual Machine State Gadget | Read option is permission to view the Virtual Machine State Gadget. (For more information, see Homepage gadgets.) | X | X | X |
| Node Processor Dedication Gadget | Read option is permission to view the Node Processor Dedication Gadget. (For more information, see Homepage gadgets.) | X | X | |
| Node Memory Dedication Gadget | Read option is permission to view the Node Memory Dedication Gadget. (For more information, see Homepage gadgets.) | X | X |
| Permission name | Description | Administrator | Power User | User |
|---|---|---|---|---|
| All Nodes | Read option is permission to view any node in the datacenter. | X | X | |
| Update option is permission to modify any node in the datacenter. This includes permissions to power on/off or reprovision nodes. | X | X | ||
| All Services | Read option is permission to view all services in the datacenter. | X | X | |
| Update option is permission to modify or cancel any service in the datacenter. | X | X | ||
| My Services | Read option is permission to view all services that belong to the logged-in user. | X | X | X |
| Update option is permission to modify or cancel any service that belongs to the logged-in user. | X | X | X | |
| All Virtual Machines | Read option is permission to view all VMs in the datacenter. | X | X | |
| Update option is permission to modify any VM in the datacenter. This includes permissions to power on/off, reprovision, or migrate VMs. | X | X | ||
| My Virtual Machines |
Read option is permission to view all VMs that belong to the logged-in user.
Please note that the "My Virtual Machines" permission will only allow users to see the VMs they create as services in Viewpoint. Any VMs created outside of Viewpoint will not display. |
X | X | X |
| Update option is permission to modify (power on/off, reprovision, or migrate) any VM that belongs to the logged-in user. | X | X | X |
Related topics