System Settings consist of CLI, System events, User management, Email notifications, Preferences, Cloud Regions and System logs tabs.
To open System Settings click the gear icon on the main menu in the left side of the Cloud Pipeline application:
- CLI tab
- System events
- User management
- Email notifications
- Preferences
- Cloud Regions
- System dictionaries
- System logs
"CLI" tab generates two types of CLI installation and configuration commands to set CLI for the Cloud Pipeline - Pipe CLI and Git CLI. You can select each of them by click the corresponding option in the "CLI" tab menu.
| Control | Description |
|---|---|
| Operation system | Choose an operation system from drop-down list and the instruction how to install the Cloud Pipeline CLI will appear in the window below. |
| Generate access key | Generates access token to be used by CLI. |
| Valid till | A date access key expires. |
For more details see 14.1. Install and setup CLI.
Here you can see instructions how to configure your Git client to work with the Cloud Pipeline.
This tab is visible only for administrator.
System events tab represents system events notifications. Here you can create, edit, delete system events notifications.
System events notifications are organized into a table. It represents the body of the notification, its severity status ("info", "warning" or "critical") and date of creation, activity status.
Note: Variants of activity status:
- Blocking event emerges in the middle of the window and requires confirmation from the user to disappear.
- Active notifications will be shown for all users of the Cloud Pipeline until admin sets them inactive.
Administrator can edit and delete notifications via corresponding buttons.
Controls are at the top right of the table.
| Control | Description |
|---|---|
| Expand/Collapse | This button (1) shows/hides the body of the event. |
| Refresh | To refresh a list of notifications press this control (2). |
| + ADD | This control (3) allows to create new notification. |
| Edit | The control (4) opens the edit form of the event. |
| Delete | To delete an event click the control (5). |
This tab is visible only for administrator.
The User management tab helps to manage user groups and system roles.
To grant or refuse permissions to a specific group of users (e.g. project team members), you can just create a user group and grant or refuse permissions to the specific set of objects to the whole group.
System roles is one of the principal tool for managing security access to the objects. Even if you have WRITE permission for a folder object, you might be not able to create a pipeline there, if you don't have the ROLE_PIPELINE_MANAGER role.
Note: About permissions, you can read more here.
User management consists of the 3 following tabs: Users, Groups, Roles.
This table view displays a list of users and their additional information:
- Name - an authenticated domain account (SAML/OAuth/OpenID), e.g. e-mail.
- Groups - a set of groups assigned to a user. It could be whether CP's user's groups and groups, given to each user automatically by SSO authentication system.
Note: automatically created groups based on SSO authentication system are light-grey colored. - Roles - a set of system roles assigned to a user.
| Control | Description |
|---|---|
| Search field | To search particular user from a list of users, start to enter the user's name (see the picture below, 1). |
| + Create user | This control (see the picture below, 2) opens a "Create user" form, which can be used to create a new user. |
| Export users | Allows export all users with selected set of attributes (see the picture below, 3). |
| Edit | Allows changing a list of roles or groups assigned to a user (see the picture below, 4). |
The Export users button allows administrator to export user list in .csv format.
There are 2 export options:
- Default configuration
In this case, the file with all users and full list of their properties (ID, username, attributes (first and last name, email), registration date, first login date, list of groups, list of roles, blocked/unblocked state, default data storage) will be downloaded to the local workstation.
To export full user list with default configuration:- click the Export users button in the right upper corner of the Users tab in the User management dashboard
or - hover the v button next to the Export users button and click the Default configuration item in the appeared drop-down menu
- click the Export users button in the right upper corner of the Users tab in the User management dashboard
- Custom configuration
Custom configuration allows admins to select which user properties should be downloaded:- hover the v button next to the Export users button and click the Custom configuration item in the appeared drop-down menu
- the modal window with the list of available user properties to export will appear, e.g.:
User can select any set of attributes by marking/unmarking corresponding checkboxes. At least 1 checkbox should be marked to export user list.
"Fields" section contains the list of all users' attributes (by default, all attributes are selected).
"Metadata" section contains the list of all users' metadata attributes (by default, all attributes are deselected).
Note: enabled Header checkbox adds the headers row into the exporting file. - to download the result file with full user list and custom set of their properties click the Download CSV button.
- hover the v button next to the Export users button and click the Custom configuration item in the appeared drop-down menu
Note: not all user's metadata have to be exported. Some of them may contains the sensitive data. To restrict the list of the metadata to export the following system preference should be used -
misc.metadata.sensitive.keys. In this preference, all metadata keys that shouldn't be exported are being specified (i.e. if these metadata keys are specified in the preference, they will not be displayed at the export pop-up for selection).Example of that configured preference:
The "Groups" tab shows a set of user groups created in CP. Here you can grant or refuse users in a group membership.
Note that this tab displays groups created in CP only, not given by SSO authentication system.
| Control | Description |
|---|---|
| Search field | To search particular group from a list of groups, start to enter the group name (see the picture above, 1). |
| + Create group | Create a new group (see the picture above, 2). |
| Edit | This control (see the picture above, 3) allows changing a list of users owning this group. |
| Delete | Delete a group (see the picture above, 4). |
The "Roles" tab shows a set of predefined system roles that couldn't be extended or reduced. Here you can grant or refuse users in a role.
There is a list of CP system roles:
| Role | Description |
|---|---|
| ROLE_ADMIN | The user gets Read/Write/Execute/Owner permissions to all objects in the system. Note: The owner of the object can manage its Access Control List. OWNER property is assigned to a user has created an object by default. |
| ROLE_USER | basic user. |
| ROLE_ANONYMOUS_USER | specific role for the ability of sharing interactive runs endpoints to the anonymous users (users, who have successfully passed the IdP authentication but is not registered in the Cloud Pipeline). |
| ROLE_BILLING_MANAGER | users who are granted this role are able to view the whole Billing reports info of the platform (as if they were admins). |
| ROLE_CONFIGURATION_MANAGER | allows to create/delete Cluster Configurations (given to each user by default). |
| ROLE_ENTITIES_MANAGER | allows to create/delete Entities. |
| ROLE_FOLDER_MANAGER | allows to create/delete Folders (given to each user by default). |
| ROLE_PIPELINE_MANAGER | allows to create/delete Pipelines (given to each user by default). |
| ROLE_STORAGE_MANAGER | allows to create/delete Data Storages. |
| ROLE_TOOL_GROUP_MANAGER | allows to create/delete Tool groups. |
| ROLE_USER_READER | allows read-only access to the users, groups, roles information and export users feature. |
Set of user's roles combined with permission settings defines allowed actions for the user and therefore the layout of GUI buttons. A user sees GUI options in appliance with his rights.
Note: roles 3-8 are checked if a user has WRITE permission for the parent object.
| Control | Description |
|---|---|
| Search field | To search particular group from a list of roles, start to enter the role name (see the picture above, 1). |
| Edit | Allows changing a list of users assigned the role (see the picture above, 2). |
This tab is visible only for administrator.
The email notifications helps to keep track of what's happening in the Cloud Pipeline. On the left you can see a list of the email notification templates.
| Control | Descriptions |
|---|---|
| Enabled checkbox | If set, email distribution of the selected type will be enabled. |
| Keep admins informed checkbox | If set, all emails with such type will be sent to all users with ROLE_ADMIN role. |
| Keep owners informed checkbox | If set, all emails with such type will be sent to the OWNERS of the corresponding Cloud Pipeline objects. |
| Informed users text field | Select users that will get such email types. |
| Threshold text field | Amount of seconds that is required for the process to generate email. |
| Resend delay text field | Amount of seconds that is required for the process to generate a repeat email notification on that subject. |
| Subject text field | Email notification subject. |
| Body text field | Body of the email notification. |
| Revert button | Return an email settings to the previous unsaved state. |
| Save button | Saves current email notification settings. |
Also you can switch from the Edit to the Preview mode to see how the Subject and the Body of the email notification will actually look:
Note: this is the current list of notification templates. It might be extended in the future.
| Notification type | Description |
|---|---|
| HIGH_CONSUMED_RESOURCES | tells that memory or disk consuming is higher than a threshold value for a specific period of time |
| IDLE_RUN | tells that the job is idle for a long time |
| IDLE_RUN_PAUSED | tells that the job was paused because it was idle for a long time |
| IDLE_RUN_STOPPED | tells that the job was stopped because it was idle for a long time |
| LONG_INIT | tells that the job is initializing for a long time |
| LONG_PAUSED | tells that the job has been paused for a long time |
| LONG_PAUSED_STOPPED | tells that the job, that has been paused for a long time, is stopped at the moment |
| LONG_RUNNING | tells that the job is running for a long time |
| NEW_ISSUE | notifies about new issue |
| NEW_ISSUE_COMMENT | tells that an issue was commented |
| PIPELINE_RUN_STATUS | email about current pipeline status |
This tab is visible only for administrator.
The Preferences tab contains different global settings for the Cloud Pipeline. These settings determine default behavior of the Cloud Pipeline. On the left you can see a set of sections. Each section contains a list of global settings. See more information here.
This tab is visible only for administrator.
The Cloud Regions tab contains different settings for the specific Cloud Regions. You could manage regions, add or remove them from the Cloud Pipeline.
This tab is visible only for administrator.
The System dictionaries tab contains the list of predefined "dictionaries" - sets of "key-value(s)" that could be used by admins when configuring Cloud Pipeline objects attributes (metadata).
For example, admins have to set attributes (metadata) for "general" users manually. In case, when such metadata keys aren't different for each user and has certain amount of values, it is convenient to select these values from the predefined values list, not to specify them manually each time.
Each dictionary is the categorical attribute. I.e. it is attribute which values are predefined.
Each dictionary has its name and values:
If the dictionary exists in the system, then admin can use it when specifying attributes for any Platform object (Pipeline, Folder, Storage, Project, Tool), and also for User, Group or Role. In this case, it is enough to specify only the dictionary name as the attribute key, the list of dictionary values will appear automatically in the value field:
Also, the different dictionaries may be connected (linked). I.e. admins can create two dictionaries, which values are mapped 1-1 or 1-many, e.g.:
In the GUI, such connection is being handled in the following way:
- Admin specifies the links between the dictionaries items (e.g. for the example above
ProjectID:BRCA1->DataStorage:<path>). - Links have the "autofill" attribute. If the admin selects the source key (
ProjectID:BRCA1) as attribute key for any object - the destination key will be specified automatically (DataStoragewill be added with the<path>selection):
For more details see here.
Note: all functionality described above is available only for admins. "General" users can't view/edit System Dictionaries. If non-admin user tries to specify any existing dictionary as the attribute "Key" - it will be displayed as plain text attribute. No dictionary values will be loaded/displayed.
This tab is visible only for administrator.
The System logs tab contains the following audit trail events:
- users' authentication attempts
- users' profiles modifications
- platform objects' permissions management
- access to interactive applications from pipeline runs
- other platform functionality features
For more details see here.