10 – Roles > 10.3 Role references > Permissions

Permissions

This topic lists all the permissions you can set when you configure roles in Viewpoint.

Permissions are stored in Moab Web Services. Any new permission you want to add to Viewpoint you must add through Moab Web Services. For more information, please see the "Permissions" resource section of the Moab Web Services Reference Guide.

The actual permission name will be in this format, corresponding with the attributes you define at permission creation in MWS: <type>.<resource>.<action> (for example, page.internalPage.read).

Use case

For example, say you want to create a custom navigation link to another internal web page and you only want "admin" role users to be able to see the link. Here's what you would do:

Create the new navigation (page) permission in MWS (see the "Permissions" resource section of the Moab Web Services Reference Guide). Make sure you specify the permission type is "page." For this example, let's say you named the permission page.custom.read.
Add the custom link to the navigation.xml file (see Adding a custom link to the Viewpoint menu).
In the navigation.xml when you specify the <permission> element, make sure that the permission name matches exactly the of permission you created in MWS (for example, page.custom.read).
Go to the Role Management page and edit the "admin" role so that it includes this new permission. For more information, see Editing an existing role.

On the Edit Role page, permissions are grouped in the following categories. Each table lists the permission name and describes what the permission does. By default, all permissions are added to the delivered "HPCAdmin" role.

Object permissions
Viewpoint permissions

At any time, you can reset the default permissions to the delivered roles on the Set Viewpoint Defaults configuration page (for more information, see Resetting default roles and permissions).

Note that, depending on your type of suite, some permissions may not apply.

Object permissions

Accounting/accounts

Name	Description	Action	Resource	Scope
Quote usage-record	Permission to access quote usage-record	Read	accounting/usage-records	Global
Read MAM accounts	Permission to read MAM accounts.	Read	accounting/accounts	Global
Read MAM allocations	Permission to read MAM allocations.	Read	accounting/allocations	Global
Read MAM charge rates	Permission to read MAM charge rates.	Read	accounting/charge-rates	Global
Read MAM funds	Permission to read MAM funds.	Read	accounting/funds	Global
Read MAM funds balances	Permission to read MAM funds balances.	Read	accounting/funds/balances	Global
Read MAM funds statement	Permission to read MAM funds statement.	Read	accounting/funds/reports/statement	Global
Read MAM liens	Permission to read MAM liens.	Read	accounting/liens	Global
Read MAM organizations	Permission to read MAM organizations.	Read	accounting/organizations	Global
Read MAM quotes	Permission to read MAM quotes.	Read	accounting/quotes	Global
Read MAM transactions	Permission to read MAM transactions.	Read	accounting/transactions	Global
Read MAM usage-records	Permission to read MAM usage-record.	Read	accounting/usage-records	Global
Read MAM users	Permission to read MAM users.	Read	accounting/users	Global

Credentials

Name	Description	Action	Resource	Scope
Read credentials	Permission to read credentials.	Read	credentials	Global

Diag

Name	Description	Action	Resource	Scope
Read diagnostics	Permission to read diagnostics.	Read	diag	Global

Events

Name	Description	Action	Resource	Scope
Read all events	Permission to read all events.	Read	events	Global

Job-arrays

Name	Description	Action	Resource	Scope
Create job arrays	Permission to create job arrays.	create	job-arrays	Global

Jobs

Name	Description	Action	Resource	Scope
Cancel all jobs	Permission to cancel (delete) all jobs.	delete	jobs	Global
Create jobs for any tenant	Permission to create jobs for any tenant.	create	jobs	Global
Read all jobs	Permission to read all jobs.	read	jobs	Global
Update all jobs	Permission to update all jobs.	update	jobs	Global

Metric-types

Name	Description	Action	Resource	Scope
Read metric types	Permission to read metric types	read	metric-types	Global

Nodes

Name	Description	Action	Resource	Scope
Read all nodes	Permission to read all nodes.	read	nodes	Global

Notifications

Name	Description	Action	Resource	Scope
Read notifications	Permission to read notifications. This permission is both a global and a tenant permission. When creating a global role, this permission gives a user access to all notifications. When creating a tenant role, this permission gives a user access to notifications tied to objects that belong to their tenant.	update	nodes	Global
Update notifications	Permission to update notifications. This permission is both a global and a tenant permission. When creating a global role, this permission lets a user dismiss or ignore all notifications. When creating a tenant role, this permission lets a user dismiss or ignore notifications tied to objects that belong to their tenant.	read	nodes	Global

Permissions

Name	Description	Action	Resource	Scope
Create permissions	Permission to create permissions.	create	permissions	Global
Delete permissions	Permission to delete permissions.	delete	permissions	Global
Read permissions	Permission to read permissions.	read	permissions	Global

Plugin-types

Name	Description	Action	Resource	Scope
Create or update plugin-types	Permission to create or update plugin types.	update	plugin-types	Global
Read plugin-types	Permission to read plugin types.	read	plugin-types	Global

Plugins

Name	Description	Action	Resource	Scope
Create plugins	Permission to create plugins.	create	plugins	Global
Delete plugins	Permission to delete plugins.	delete	plugins	Global
Read plugins	Permission to read plugins.	read	plugins	Global
Update plugins	Permission to update plugins.	update	plugins	Global

Principals

Name	Description	Action	Resource	Scope
Create principals	Permission to create principals.	create	principals	Global
Delete principals	Permission to delete principals.	delete	principals	Global
Read principals	Permission to read principals.	read	principals	Global
Update principals	Permission to update principals.	update	principals	Global

Reports

Name	Description	Action	Resource	Scope
Create reports	Permission to create reports.	create	reports	Global
Delete reports	Permission to delete reports.	delete	reports	Global
Read reports	Permission to read reports.	read	reports	Global
Update reports	Permission to update reports.	update	reports	Global

Reservations

Name	Description	Action	Resource	Scope
Create reservations for any tenant	Permission to create reservations for any tenant.	create	reservations	Global
Delete any tenant's reservations	Permission to delete any tenant's reservation.	delete	reservations	Global
Read all reservations	Permission to read all reservations.	read	reservations	Global
Update all reservations	Permission to update all reservations.	update	reservations	Global

Resource-types

Name	Description	Action	Resource	Scope
Read resource-types	Permission to read resource types.	read	resource-types	Global

Roles

Name	Description	Action	Resource	Scope
Create roles	Permission to create roles.	create	roles	Global
Delete roles	Permission to delete roles.	delete	roles	Global
Read roles	Permission to read roles.	read	roles	Global
Update roles	Permission to update roles.	update	roles	Global

Standing-reservations

Name	Description	Action	Resource	Scope
Read standing-reservations	Permission to read standing reservations.	read	standing-reservations	Global

Tenants

Name	Description	Action	Resource	Scope
Create tenants	Permission to create tenants.	create	tenants	Global
Delete tenants	Permission to delete tenants.	delete	tenants	Global
Read tenants	Permission to read tenants.	read	tenants	Global
Update tenants	Permission to update tenants.	update	tenants	Global

VCs

Name	Description	Action	Resource	Scope
Create virtual containers	Permission to create virtual containers.	create	vcs	Global
Destroy virtual containers	Permission to delete virtual containers.	delete	vcs	Global
Read virtual containers	Permission to read virtual containers.	read	vcs	Global
Update virtual containers	Permission to update virtual containers.	update	vcs	Global

Viewpoint permissions

Gadget

These permissions apply to the Viewpoint Homepage gadgets. For more information, see Homepage gadgets.

These permissions allow users to see certain gadgets on the Homepage. However, do not forget that the content displayed in gadgets is controlled by object permissions. As administrators give role permissions for gadgets, they must also apply the corresponding object permissions so that users can see the correct gadget information.

Name	Description	Action	Resource	Scope
Job Count	Permission to view the Job Count gadget. (Administrators will want to add the corresponding Read all jobs object permission.)	Read	--	None
Node Memory Dedication (Average)	Permission to view the Node Memory Dedication gadget. (Administrators will want to add the corresponding Read all nodes or Permissions object permission.)	Read	--	None
Node State	Permission to view the Node State gadget. (Administrators will want to add the corresponding Read all nodes or Permissions object permission.)	Read	--	None
Urgent Events Log	Permission to view the Urgent Event Log gadget. (Administrators will want to add the corresponding Read all events or Permissions object permission.)	Read	--	None

Page

These permissions apply to the pages in Viewpoint.

If a user tries to access a page that he or she does not have permission to view, Viewpoint will notify them with the following message:

"The page you requested could not be found by the server or you do not have the permissions necessary to view this page. Please contact your administrator for help."

Name	Description	Action	Resource	Scope
Configuration	Permission to access the Configuration page (for more information, see About configuration).	Read	--	None
Events	Permission to access the Event Log/Event Details pages (for more information, see About event log).	Read	--	None
Home	Permission to access the Homepage (for more information, see Homepage gadgets).	Read	--	None
Job Management	Permission to access the Job Management/Job Details pages (for more information, see About job management).	Read	--	None
Moab Accounting Manager	Permission to access the Accounting Manager page (for more information, see About Accounting Manager).	Read	--	None
New Reservation	Permission to access the New Reservation page (for more information, see Fields: New Reservation).	Read	--	None
Node Management	Permission to access the Node Management/Node Details pages (for more information, see About node management).	Read	--	None
Notification Management	Permission to access the Notification Management page (for more information, see About notification management).	Read	--	None
Reservation Management	Permission to access the Reservation Management/Reservation Details pages (for more information, see About reservation management).	Read	--	None
Role Management	Permission to access the Role Management page (for more information, see About role management).	Read	--	None
Submit Jobs	Permission to access the Submit Jobs page (for more information, see Submitting a job).	Read	--	None
Tenant Management	Permission to access the Tenant Management/Edit Tenant pages (for more information, see About tenant management).	Read	--	None

Default role permissions

This section outlines which permissions are included by default in each delivered role. Any time you need to, you can set or reset the permissions for the default roles (see Resetting default roles and permissions).

HPCAdmin role

All Viewpoint and object permissions are included in the HPCAdmin role by default.

HPCUser role

The HPCUser role contains the following Viewpoint and object permissions:

Object permissions

Accounting	All permissions except for Quote usage-record
Credentials	Read credentials
Events	Read all events
Job-arrays	Create job arrays
Jobs	All permissions
Metric-types	Read metric types
Nodes	Read all nodes
Notifications	Read notifications Update notifications
Resource-types	Read resource-types

Viewpoint permissions

Gadget

Job Count

Node Memory Dedication (Average)

Node State

Urgent Events Log

Page

Notification Management

Submit Jobs