When you get a new hub, by default everyone gets a workspace and can submit jobs to your attached cluster(s). This means that the user can run many different commands both on your hub and on your clusters, in addition to the software applications your hub provides.
For some sites, this causes security issues, so you may wish to limit access to the software the user can execute and the clusters he or she can submit jobs too. Usually only tool developers need workspace access.
Limiting Workspace Access
The first thing to do is to ask HUBzero staff to change the default to not provide workspace access. The user will still be able to run portal applications and pick up their output files by sftp or webdav.
Then, to give users a workspace:
- login to the Joomla interface
- select Components/Groups76ea56ea6bb6c86d>
- locate the app-workspace (Workspace Development) group, click Total Members
- add users as appropriate
Limiting Submit Access
There are several aspects to submit access control.
Allow a user run a HUB application that gets submittedas a job to a cluster. Allow a user run standard unix and shell commands as jobs submitted to a cluster, even something as simple as echo hello Allow a user stage his or her own executable to a cluster and run it.