-
Notifications
You must be signed in to change notification settings - Fork 354
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: add EditorRestricted role release note (#9007)
- Loading branch information
1 parent
f52f43b
commit bc1b431
Showing
2 changed files
with
28 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
:orphan: | ||
|
||
**New Features** | ||
|
||
- RBAC: Add a pre-canned role called ``EditorRestricted`` which supersedes the ``Viewer`` role and | ||
precedes the ``Editor`` role. | ||
|
||
- Like the ``Editor`` role, the ``EditorRestricted`` role grants the permissions to create, | ||
edit, or delete projects and experiments within its designated scope. However, the | ||
``EditorRestricted`` role lacks the permissions to create or update NTSC-type workloads. | ||
|
||
Therefore, a user with ``EditorRestricted`` privileges in a given scope is limited when using | ||
the WebUI within that scope since the option to launch JupyterLab notebooks and kill running | ||
tasks will be unavailable. The user will also be unable to run CLI commands that create scoped | ||
notebooks, TensorBoards, shells, and commands and will be unable to perform updates on these | ||
tasks (such as changing the task's priority or deleting it). ``EditorRestricted`` users can | ||
still open and use scoped JupyterLab notebooks and perform all experiment-related jobs, just | ||
like those with the ``Editor`` role. | ||
|
||
- The ``EditorRestricted`` role allows workspace and cluster editors and admins to have more | ||
fine-grained control over GPU resources. Thus, users with this role lack the ability to launch | ||
or modify tasks that indefinitely consume slot-requesting resources within a given scope. |