When you set up access control for Scheduler, you must give each user at least one feature policy and one data policy:
A feature policy controls access to Scheduler API endpoints. This is irrespective of whether a user ultimately interacts with Scheduler via the LUSID web app or by calling the API directly (since the web app itself calls the API).
A data policy controls access to information about jobs, images and schedules returned by API endpoints.
To perform any real-world operation in Scheduler, a user must be assigned both types of policy. This is because a feature policy without a corresponding data policy yields no data, and a data policy without a corresponding feature policy cannot perform operations.
Data policies
The following table summarises data resources you can include in a data policy for Scheduler:
Resource type | Component(s) of identifier | Available actions |
|
|
|
|
|
|
|
|
|
|
|
|
Feature policies
The following table lists API endpoints you can include in a feature policy for Scheduler. Each API endpoint makes particular data resource entitlement checks; to return data, the corresponding data policy must include the specified data resources:
API endpoint | Date resource checks | Notes | |
Resource type required in data policy | Action required in data policy | ||
| N/A | N/A | This endpoint does not interact with Scheduler but rather with Docker CLI. |
|
|
|
|
|
|
|
|
|
| ||
|
|
| You cannot delete an image using the Docker CLI; you must use this endpoint. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
|
| You can allow an admin user to see history and results for a job even if they are not the user who originally executed the job. To do this, give that admin user these permissions. |
|
| ||
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
| ||
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
| ||
|
| ||
|
|
|
|
|
|
|
|
|
| ||
|
| ||
|
|
|
|
|
| ||
|
|
|
|
|
| ||
|
| ||
|
| ||
|
|
|
|
|
| ||