Job information access control

LSF allows you to set the job information access control level to jobs by users (including user group, queue, and cluster administrators).

This control is useful for large environments where many groups may share the same cluster and it may be a security threat to allow some users to view job details and summary information. With job information access control levels configured, you may prevent users (including administrator users) from viewing other user’s job information through LSF commands including bjobs, bjdepinfo, bread, bstatus, bhist, and bacct.

Note: There are no rights restrictions for the primary administrator. They may always see all job detail information.
Note: On UNIX platforms, there is no rights restriction for root. On Windows platforms, the Windows administrator is treated as a regular user.
Note: Job information access control is not supported on LSF Express Edition.
Note: Some batch commands that use the job query API (that is, bkill, bstop, bresume, bchkpnt, bmig, brequeue, and bswitch) are affected by enabling job information access control. If these commands are issued without specifying the jobId, the behavior will follow the job information access control settings, when enabled. If these commands are issued with the jobId specified, the behavior will not follow the job information access control settings.

Job information types

There are two kinds of job information which will be viewed by users:
  • Summary Information:

    Obtained from bjobs with options other than -l, such as -aps, -fwd, -p, -ss, -sum, -W, -WF, -WP, -WL, etc.

  • Detail Information:

    Obtained from bjobs -l, bjobs -UF, bjobs -N, bjdepinfo, bread, and bstatus.

There are two kinds of user rights which will determine what kind of information a user can view for a job:
  • Basic rights: User can see all summary information.

  • Detail rights: User can see all detail information.