Operations by Security Level

The VOV security model consists in assigning a Security Code to each client (browser, GUI, CLI) and to grant the permission to execute tasks only to clients with appropriate security level.

VOV defines four ordered privilege levels, shown from the least privileged to the most privileged:
  • USER

VOV security is enforced by the server process. Each time that a client requests a transaction, the security level of that client's owner is compared to the definitions in the project's security.tcl file, and permission is granted or denied accordingly.

The following table shows the operations permitted to clients according to their privilege level. 'Y' indicates the operation is permitted, otherwise it is not.

VOV Operations allowed by Privilege Level
Privilege Level
Object Operation Description READONLY USER LEADER ADMIN
ViewStatus View status information about jobs and files Y Y Y Y
CreateJob Add job to flow you own Y Y Y
RunJobSelf Run a job you own Y Y Y
RunJobOther Run a job owned by another Y Y Y
StopJobSelf Stop a job you own Y Y Y
StopJobOther Stop job owned by another Y Y
ModifyJobSelf Modify a job you own Y Y Y
ModifyJobOther Modify anything other than legal exit status or resources of job owned by another
ModifyJobExitOther Modify legal exit status for job owned by another Y
ModifyJobResourcesOther Modify resource requested by job owned by another Y
ForgetJobSelf Forget a job you own Y Y Y
ForgetJobOther Forget a job owned by another Y Y
StartTasker Start a vovtasker of this project Y Y
StopTasker Stop a vovtasker of this project Y Y Y
StartServer Start this project's server Y
StopServer Stop this project's server Y
ViewSecurity See project security info Y
ModSecurity Change project security info Y