Roles and permissions
Users, Organizations and Projects
Waldur is a service for sharing resources across projects. It is based on the delegation model where an organization can allocate certain users to perform technical or non-technical actions in the projects.
The most common types of Waldur installations include:
- Cloud - used in commercial or government sectors for providing access to cloud resources like virtual machines, storage and Kubernetes clusters.
- Academic - used in research and education. Waldur is deployed for a single university, high school or research infrastructure.
- Academic Shared - the same purpose as Academic, but is shared among several universities or infrastructures.
User
An account in Waldur belonging to a person or a robot. A user can have roles in Organizations and Projects. Some users - mostly affiliated with Waldur operator - can have global roles, e.g. support or staff.
Organization
A company or a department. Organization can be a customer, a service provider or both.
A faculty, department or an institute. Organization can be also a service provider, for example, an HPC center.
In Academic Shared model, all organizations are service providers allocating resources to their users (research groups or classes) through their Projects.
Project
A project within an Organization. Used for organizing and isolating Resources and Users.
Service Provider
Organization that provides services to other organizations.
User types
| User | Support agent | Staff | |
|---|---|---|---|
| Web and API access | |||
| Can create support requests | |||
| Can provide user support | |||
| Can see all projects and resources | |||
| Can manage organizations | |||
| Can access admin area |
User roles in Organization
| Owner | Service Manager | Project Manager | System Administrator | |
|---|---|---|---|---|
| Manage Team | (pre-approved users) | |||
| Manage Projects | ||||
| Request and Manage Resources | ||||
| Approves creation of Resource Requests (Orders) | (configurable) | |||
| Approves Resource Requests (Orders) | ||||
| Manage Offerings (Service provider-specific) |
| PI | Service Manager | co-PI | Member | |
|---|---|---|---|---|
| Manage Team | (pre-approved users) | |||
| Manage Projects | ||||
| Request and Manage Resources | ||||
| Approves creation of Resource Requests (Orders) | (configurable) | |||
| Approves Resource Requests (Orders) | ||||
| Manage Offerings (Service provider-specific) |
| Resource allocator | Service Manager | PI | co-PI | Member | |
|---|---|---|---|---|---|
| Manage Team | (pre-approved users) | ||||
| Manage Projects | |||||
| Request and Manage Resources | |||||
| Approves creation of Resource Requests (Orders) | (configurable) | ||||
| Approves Resource Requests (Orders) | |||||
| Manage Offerings (Service provider-specific) |
User roles in Call management
| Role name | Scope | Description |
|---|---|---|
| Organization owner | Customer | Has full administrative access to manage organizations, offerings, orders, resources, projects, and call-related permissions. |
| Call organiser | Call organizer | Manages calls at the organization level, similar to Call manager but restricted to a specific customer scope. |
| Call manager | Call | Oversees the entire call process, including managing proposals, approving/rejecting applications, closing rounds, and handling permissions. |
| Call reviewer | Call | Reviews and evaluates submitted proposals within a call. |
| Proposal member | Proposal | Manages individual proposals, controlling their status and related workflows. |