Roles¶
Roles in Zoe define the limits of what a user can do. A role can be assigned to multiple users, but a user can have only a single role.
The capabilities that can be turned on and off for a role are:
- can_see_status : can access the status page on the web interface
- can_change_config : can make changes to the configuration (add/delete/modify users, quotas and roles)
- can_operate_others : can operate on others’ work (see and terminate other users’ executions)
- can_delete_executions : can permanently delete executions and all the associated logs
- can_access_api : can access the REST API
- can_customize_resources : can use the web interface to modify resource reservations when starting ZApps from the shop
- can_access_full_zapp_shop : has access to all ZApps in the shop
By default three roles are created:
- admin : all capabilities are set
- superuser : has can_see_status, can_access_api, can_customize_resources and can_access_full_zapp_shop
- user : has no capabilities
Zoe will refuse to delete or modify the admin role. Other roles can be created and modificed via the zoe-admin.py tool or the web interface.