Understanding User Roles
Updated: January 13, 2014
Applies To: Microsoft HPC Pack 2008 R2, Microsoft HPC Pack 2012, Microsoft HPC Pack 2012 R2
You can add members to the HPC cluster in the following user roles:
Administrator. HPC cluster administrators have permissions to manage all aspects of the cluster, including configuring the HPC cluster network, deploying and managing nodes, and configuring the HPC Job Scheduler Service. Cluster administrators may also submit and manage jobs, tasks, and job templates that are created in or submitted to the cluster by other users.
User. HPC cluster users have permissions to submit their own tasks and jobs to the cluster, and to manage tasks and jobs that they have submitted. When a job that was submitted by an HPC cluster user fails, the user is able to diagnose, repair, and resubmit that job. Although HPC cluster users can see the jobs that have been submitted by others users, they cannot cancel those jobs or resubmit them. Also, HPC cluster users cannot view the job details and tasks for jobs that they did not submit themselves.
Job administrator. (Introduced in HPC Pack 2012 with SP1.) HPC job administrators are granted all the privileges of HPC cluster users and are also allowed full, unrestricted, read/write access to all of the normal jobs in the system. HPC job administrators cannot manage job templates nor perform any cluster configuration or management operations.
Job operator. (Introduced in HPC Pack 2012 with SP1.) HPC job operators can view, cancel, finish, or requeue any job on the cluster. HPC job operators cannot create or submit jobs, nor perform other cluster operations.
Active Directory Domain Services (AD DS) is a prerequisite to installing Microsoft® HPC Pack because the authentication process for users and computers relies on the services provided by AD DS.
At installation time, the HPC cluster administrator role is automatically granted to all members of the local Administrators security group on the head node. When an identity is added as an HPC cluster administrator, it is also added to the local Administrators security group.
When you add a new HPC cluster administrator on your cluster, the domain account for that user or group is automatically propagated to all compute nodes and broker nodes on the cluster, as a member of the local Administrators group of each node. In the case of workstation nodes and unmanaged server nodes, HPC cluster administrators are not propagated, so that user rights on those computers are not affected.
For more information about HPC user roles, see the security considerations for designating HPC cluster users and administrators in the Windows HPC Server Technical Library.