Default Altair SLC Hub Groups
An Altair SLC Hub installation contains a set of default groups. Each group has one or more role that defines allowed actions associated with Altair SLC Hub objects.
The object name is displayed as part of an Access Control log entry and can be used to determine which groups a user should be associated with to access the required hub functionality. For example, if a user has attempted to use a defined LIBNAME connection (a published library) but does not have the required access to published libraries, the Access Control log will have an entry such as:
Decision Namespace Object Action
Deny Namespace1 /PublishedLibraries Read
The combination of Object and Action can be used to determine which of the default Altair SLC Hub groups should be associated with the user to create an allow decision. In the above example, adding the user to the PublishedLibraryConsumer
group will enable Read access for published libraries.
Groups
The following list provides details of all default Hub groups, the roles in the group, which Objects the roles affect and the action the role can perform with that object.
- If the object name contains an asterisk (*) wildcard, the permitted action is allowed for the role on all sub objects defined within the object.
- If the action contains an asterisk (*) wildcard, all actions supported by the object are allowed for the role.
ArtifactDevelopers
group
This group contains the following role:
- ArtifactDeveloper. This role that enables users to upload artifacts to hub. The role provides the following object permissions:
Object name |
Action |
/ArtifacteRepositories/* |
|
/Artifacts/* |
|
ClusterAdministrators
group
This group contains the following role:
- ClusterAdministrator. This role enables users to manage the nodes that make up the Altair SLC Hub cluster. The role provides the following object permissions:
Object name |
Action |
/ClusterNodes |
* |
/ClusterNodes/* |
* |
/PortalApplication/Administration |
* |
/PortalRoute/Administration |
* |
/PortalRoute/Administration/hub-management |
* |
/PortalRoute/Administration/hub-management/* |
* |
CredentialManagers
group
This group contains the following roles:
- PortalCredentialManager. This role enables users to access to the parts of the portal necessary for administering authorisation domains and credentials. The role provides the following object permission:
Object name |
Action |
/PortalRoute/enterprise/auth-domains |
* |
- CredentialManager. This role enables users to manage Authentication Domains and related credentials. The role provides the following object permission:
Object name |
Action |
/AuthDomains/* |
* |
DataAccessAdministrators
group
This group contains the following roles:
- PortalPublishedLibraryConsumer. This role enables users to access the parts of the portal necessary to browse published libraries. The role provides the following object permissions:
Object name |
Action |
/PortalRoute/enterprise/browse-published-libraries |
* |
- PortalDataAccessAdministrator. This role enables users to access the parts of the portal necessary for perform data access administration tasks. The role provides the following object permissions:
Object name |
Action |
/PortalRoute/enterprise/browse-published-libraries |
* |
/PortalRoute/enterprise/library-definitions |
* |
/PortalRoute/enterprise/published-libraries |
* |
- PublishedLibraryConsumer. This role enables users to access any published library. The role provides the following object permissions:
Object name |
Action |
/PublishedLibraries |
|
- DataAccessAdministrator. This role enables users to manage Library Definitions and Libname bindings. The role provides the following object permissions:
Object name |
Action |
/LibraryDefinitions/* |
* |
/PublishedLibraries/* |
|
/PublishedLibraryConfig/* |
* |
DataAccessConsumers
group
This group contains the following role:
- DataAccessConsumer. this role provides users with read access to Library Definitions. The role provides the following object permissions:
Object name |
Action |
/LibraryDefinitions/* |
|
DeploymentServicesAdministrators
group
This group contains the following roles:
- PortalDeploymentServicesAdministrator. This role enables users to access all parts of the Deployment Services application in the portal. The role provides the following object permissions:
Object name |
Action |
/PortalApplication/DeploymentServices |
* |
/PortalRoute/deployment-services |
* |
/PortalRoute/deployment-services/* |
* |
- ArtifactAdministrator. This role enables users to administer artifact repositories and artifacts. The role provides the following object permissions:
Object name |
Action |
/ArtifactRepositories/* |
* |
/Artifacts |
* |
/Artifacts/* |
* |
- DeploymentServicesAdministrator. This role enables users to manage and administer the Deployment Services application. The role provides the following object permissions:
Object name |
Action |
/Deployments/* |
* |
/Directory/* |
* |
/Jobs |
* |
/PipelineRuns |
* |
/Pipelines/* |
* |
ExecutionProfileUsers
group
This group contains the following role:
- ExecutionProfileUser that enables read access to the Execution Profiles. This role provides the following object permissions:
Object name |
Action |
/ExecutionProfiles/* |
|
GeneralConsumers
group
This group is designed as an example of aggregated group memberships to create users who would consume data, run pipelines and run programs, but not have and administration rights. For example, a user who is a member of GeneralConsumers (and has no other direct group memberships) would be able to run a pipeline, but not edit it.
GeneralConsumers has memberships to the following groups:
HubAdministrators
group
This group contains the following role:
- HubAdministrators. This role enables users to manage and administer all Altair SLC Hub functionality. Group members can perform all supported actions available on all objects defined in Altair SLC Hub.
HubUsers
group
This group contains the fundamental roles that provide minimal access to Altair SLC Hub functionality. Further roles can be added to a member of this group by assigning other groups to the user to provide the required permissions The group contains the following roles:
- PortalCredentialUser. This role enables users to access to the "my credentials" parts of the Altair SLC Hub portal. The role provides the following object permissions:
Object name |
Action |
/PortalApplication/Enterprise |
|
/PortalRoute/enterprise |
* |
/PortalRoute/enterprise/my-credentials |
* |
- ExecutionProfileUser. This role enables users to use execution profiles previously-defined in the Altair SLC Hub. The role provides the following object permissions:
Object name |
Action |
/ExecutionProfiles/* |
|
- CredentialUser. This role enables users to use execution profiles previously-defined in the Altair SLC Hub. The role provides the following object permissions:
Object name |
Action |
/AuthDomains/* |
* Read |
- User. This role enables users to use execution profiles previously-defined in the Altair SLC Hub. The role provides the following object permissions:
Object name |
Action |
/Groups/* |
|
/PortalRoute/ |
* |
/PortalRoute/settings/* |
* |
/Users/* |
|
- NamespaceUser. This role enables users to use a namespace. The role provides the following object permissions:
Object name |
Action |
/NamespaceRead |
|
InvocationPortalUsers
group
This group contains the following role:
- InvocationPortalUser. This role enables users to access to the invocation portal. The role provides the following object permissions:
Object name |
Action |
/FavouriteJobs |
* |
/FavouritePrograms |
* |
/PortalApplication/Invocation |
* |
/PortalRoute/ |
* |
/PortalRoute/invocation |
* |
/PortalRoute/invocation/* |
* |
/PortalRoute/settings/* |
* |
LinkSessionUsers
group
This group contains the following role:
- LinkSessionUser. This role enables users to create link sessions and manage their own sessions. The role provides the following object permissions:
Object name |
Action |
/LinkSessions |
|
PipelineDevelopers
group
This group contains the following roles:
- PipelineDeveloper. This role enables users to develop pipelines. The role provides the following object permissions:
Object name |
Action |
/PipelineRuns |
* |
/Pipelines/* |
* |
- PortalPipelineUser. This role enables users to access the relevant parts of the Altair SLC Hub portal to make use of pipelines. The role provides the following object permissions:
Object name |
Action |
/PortalApplication/DeploymentServices |
* |
/PortalRoute/deployment-services |
* |
/PortalRoute/deployment-services/pipeline-editor/* |
* |
/PortalRoute/deployment-services/pipelineruns |
* |
/PortalRoute/deployment-services/pipelineruns/* |
* |
/PortalRoute/deployment-services/pipelines/* |
* |
/PortalRoute/deployment-services/pipeline-triggers |
* |
PipelineUsers
group
This group contains the following roles:
- PipelineUser. This role enables users to view and submit pipelines and pipeline runs. The role provides the following object permissions:
Object name |
Action |
/PipelineRuns |
* |
/Pipelines/* |
- Read
- Submit
- ListTriggers
- ReadTrigger
|
- PortalPipelineUser. This role enables users to access the relevant parts of the Altair SLC Hub portal to make use of pipelines. The role provides the following object permissions:
Object name |
Action |
/PortalApplication/DeploymentServices |
* |
/PortalRoute/deployment-services |
* |
/PortalRoute/deployment-services/pipeline-editor/* |
* |
/PortalRoute/deployment-services/pipelineruns |
* |
/PortalRoute/deployment-services/pipelineruns/* |
* |
/PortalRoute/deployment-services/pipelines/* |
* |
/PortalRoute/deployment-services/pipeline-triggers |
* |
PublishedLibraryConsumers
group
This group contains the following roles:
- PortalPublishedLibraryConsumer. This role enables users to access the parts of the Altair SLC Hub portal necessary to browse published libraries. The role provides the following object permissions:
Object name |
Action |
/PortalRoute/enterprise/browse-published-libraries |
* |
- PublishedLibraryConsumer. This role enables users to consume any published library. The role provides the following object permissions:
Object name |
Action |
/PublishedLibraries |
|