Access Controls
control records.
When submitting requests for CPUs, users can select any project of which they are a
member (by setting the RMS_PROJECT environment variable or by using the -P flag
when executing prun or allocate). RMS rejects requests to use projects that do not
exist or requests to use projects of whichthe user is not a member. Users without an
RMS user record are subjectto the constraints on the default project.
In general, each user is a member of several projects, while projects may have many
users. Membership of a projectis specified in the users table with the projects field
(see Section 10.2.24). The value of projects may be either a single name or list of
project names,separated by commas or space. The wildcard character,*, may be entered
as a project name, denoting that the user is a member of all projects. The ordering of the
names in the list is significant: the first project specified becomes the user’s default
project.
User and project recordsare created by the system administrator and stored in the
users and projects tables (see Section 10.2.24 and Section 10.2.17).
6.3 Access Controls
Access control records specify the maximum resource usage of a user or project on a
given partition. They are created by the system administrator using rcontrol or
rmsquery and stored in the access_controls table (see Section 10.2.1).
Each entry specifies the following attributes:
name The name of the user or project.
class Whether the entry refersto a user or a project.
partition The partition to which the access control applies.
priority The default priority of requests submitted by this user or project.
Priorities range from 0, the lowest priority,to 100. The default is 50.
maxcpus The total number of CPUs that this user or project can have allocated
at any time.
memlimit The maximum amount of memory in megabytes per CPU that can be
allocated.
A suspended request does not count against a user’s or project’s maximum number of
CPUs. However,when the request is resumed, a usage check is performed and the
request is blocked if starting it would take the user or project over theirusage limit.
6-2 Access Control, Usage Limits and Accounting