12.6. Edit a group (role)
User shall have ROLE_ADMIN to edit groups/roles.
Edit a group (role)
For edit a group/role:
- Open Groups/Roles tab on User management section of the system-level settings.
- Find a group (role).
- Click Edit button in the row opposite the user name:
- Pop-up window will be shown:
On this form there are several blocks of the settings for a group/role.
Default data storage
Here you can select default data storage for a group/role:
User management
In this block you can change a member list of the selected group/role:
For more information see 12.8. Change a set of roles/groups for a user.
Attributes
In this block you can set metadata tags (attributes) for a group. These tags represent key/value pairs, same as pipeline/folder tags. For more information see 17. CP objects tagging by additional attributes.
Launch options
In this block you can specify some restrictions for a group of users/role on allowed instance types and price types. Here you can specify:
Field | Description | Example |
---|---|---|
Allowed instance types mask | This mask restrict for a specific group/role allowed instance types for launching tools, pipelines and configurations | If you want members of a certain group/role will be able to launch runs with only "m5..." instances types, mask would be m5* :In that case, before launching tool, pipeline or configuration, dropdown list of available node types will be look like this: |
Allowed tool instance types mask | This mask restrict for a specific group/role allowed instance types only for tools - launching from tools menu or main dashboard. This mask has higher priority for launching tool than Allowed instance types mask. It's meaning that in case when both masks are set - for the launching tool will be applied Allowed tool instance types mask. | If you want members of a certain group/role will be able to launch tools with only some of "large" "m5..." instances types, mask would be m5*.large* :In that case, before launching tool, dropdown list of available node types will be look like this: |
Allowed price types | In this field you may restrict, what price types will be allowed for a group/role. | If you want members of a certain group/role will be able to launch "On-demand" runs only, select it in the dropdown list: In that case, before launching tool, dropdown list of price types will be look like this: |
Jobs visibility | In this field you may restrict the visibility of running jobs on the Active Runs page for non-owner users. | If you want users from that group (role) will be able to view all pipeline runs (for that pipelines on which users have corresponding permissions), select "Inherit" in this dropdown list: If you want users from that group (role) can view only runs they launched, select "Only owner": |
To apply set restrictions for a group/role click button.
Setting restrictions on allowed instance types/price types is a convenient way to minimize a number of invalid configurations runs.
Such restrictions could be set not only for a group/role, but on another levels too.
In CP platform next hierarchy is set for applying of inputted allowed instance types (sorted by priority):
- User level (specified for a user on "User management" tab) (see 12.4. Edit/delete a user)
- User group level (specified for a group (role) on "User management" tab. If a user is a member of several groups - list of allowed instances will be summarized across all the groups) (see above)
- Tool level (specified for a tool on "Instance management" panel) (see 10.5. Launch a Tool)
- (global)
cluster.allowed.instance.types.docker
(specified on "Cluster" tab in "Preferences" section of system-level settings) (see 12.10. Manage system-level settings) - (global)
cluster.allowed.instance.types
(specified on "Cluster" tab in "Preferences" section of system-level settings) (see 12.10. Manage system-level settings)
After specifying allowed instance types, all GUI forms that allow to select the list of instance types (configurations/launch forms) - will display only valid instance type, according to hierarchy above.
For price type specifying - if it is set for the user/group/tool - GUI will allow to select only that price type.
In CP platform next hierarchy is set for applying of jobs visibility (sorted by priority):
- User level - highest priority (specified for a user) (see 12.4. Edit/delete a user)
- Group level (specified for a group/role) (see above)
- (global)
launch.run.visibility
(specified as global defaults via system-level settings) (see 12.10. Manage system-level settings)
Possibility to revert changes
In certain cases, there could be convenient to undo all changes in a group/role profile when modifying it - without closing the form.
The admin has such ability:
- open the User management tab and then the Groups/Roles tab
- select the desired group to modify, click the Edit button to open the popup with the group's settings
- edit some settings
- if needed to revert done changes - click the REVERT button at the bottom of the form (Note: it's possible only before saving!):
- all done unsaved changes are reverted. The REVERT button becomes disabled:
Note: in such way all unsaved changes of user settings could be reverted - Default data storage, Users list, Attributes and Launch options.
Block/unblock a group
To block a group:
- Open the Groups tab on the User management section of the system-level settings.
- Click the Edit button next to the group's name.
Note: system groups are created by the SSO authentication system automatically and can not be found here. - Pop-up window will be displayed:
- Click the BLOCK button
- Confirm the blocking:
To unblock a group:
- Open the Groups tab on the User management section of the system-level settings.
- Click the Edit button next to the group's name.
- Pop-up window will be shown:
- Click the UNBLOCK button
- Confirm the unblocking: