Permission on the HPC Cluster Manager

junmin park 61 Reputation points
2021-04-13T01:07:16.297+00:00

Hi Team,
We are using HPC Pack 2016 Update 3(5.3.6450.0) on Service Fabric Cluster.
There is some confusion about permission on the HPC Cluster Manager.
We create 2 domain user accounts like testuser1, testuser2 on Domain Controller.

[permission]
testuser1 -> domain user, add user role on HPC Cluster Manager for connect HPC Job Manager
testuser2 -> only domain user

We create sample job “powershell 1..10000” and submit job as shown in the following setting.

[Job Setting]
Job Owner -> testuser1
Run as User -> testuser2
Job is created, submitted, and Finished.

Testuser2 does not have any permission to access HPC Cluster Manager.
Only testuser1 add user role permission on HPC Cluster Manager.
How can the job submit and complete when the Run as User is testuser2?

Thanks.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
4,598 questions
No comments
{count} votes

Accepted answer
  1. prmanhas-MSFT 17,516 Reputation points Microsoft Employee
    2021-04-15T07:48:32.607+00:00

    @junmin park Apologies for the delay in response and all the inconvenience caused because of the issue.

    HPC cluster users have permissions to submit their own tasks and jobs to the cluster, and to manage tasks and jobs that they have submitted. When a job that was submitted by an HPC cluster user fails, the user is able to diagnose, repair, and resubmit that job. Although HPC cluster users can see the jobs that have been submitted by others users, they cannot cancel those jobs or resubmit them. Also, HPC cluster users cannot view the job details and tasks for jobs that they did not submit themselves.

    You can add domain users and groups to the cluster in different roles to access cluster resources. For example, HPC cluster administrators have permissions to manage all aspects of the cluster, and HPC cluster users can create, submit, and modify their own jobs. Domain users or groups that have not been added to the cluster cannot access cluster resources.
    You can set permissions for the job templates that you create to limit the job templates that specific cluster users or groups can use when submitting jobs to your HPC cluster. You can also set permissions for managing the job templates, by granting specific users or groups the permission to edit, copy, and delete a job template.

    Below documentation might be helpful as well:

    https://learn.microsoft.com/en-us/powershell/high-performance-computing/understanding-user-roles?view=hpc19-ps

    https://learn.microsoft.com/en-us/powershell/high-performance-computing/set-job-template-permissions?view=hpc19-ps

    Hope it helps!!!

    Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.


0 additional answers

Sort by: Most helpful