User permissions on Workstation nodes to run SOA jobs RRS feed

  • Question

  • What user permissions are needed to run SOA jobs on workstation nodes on the cluster?

    1) Logon locally

    2) Logon as  service

    3) Logon as  a batch

    4) something else?

    Just wanted to know as our IT is rolling out a security platform called Avecto and it might stop jobs from executing on the workstation nodes if some explicit permissions are needed like above.

    Thursday, January 25, 2018 6:25 PM

All replies

  • Hi,

      We don't manage users on workstation nodes. Thus, you need IT admin to manage it on every workstation node.

      And for running HPC SOA, or any job, you will provide a "Job Runas" credential during job submission or "hpccred.exe" which will be used during job execution. And our logic on the workstation node is: using the credential on the workstation node and perform an AD log on to get token, and CreateProcess with that token. Thus if the credential you provided is in the local administrators group, you will have admin permission, if you're in user group, you have user permission and if you're not in any local group, the job will fail with log on failure.

      Usually we require the "runas user" in local users group of all workstation node and have local logon permission.

    Qiufang Shi

    Tuesday, January 30, 2018 5:32 AM