System roles¶

Systems you register are private to you and you alone. You can, however, allow other Tapis clients to utilize the system you define by granting them a role on the system using the systems roles services. The available roles are given in the table below.

Role Description
GUEST Gives any authenticated user readonly access to the system. No file operations or job executions are allowed for users with GUEST access.
USER Gives a user the ability to run jobs and access data on the system.
PUBLISHER All the rights of USER as well as the ability to publish applications listing the system as an execution host.
ADMIN All the rights of PUBLISHER as well as the ability to edit and grant roles on the system details. Admins may use the system to access data and run jobs using the default credential assigned to the system, but they may not view or update any of the credentials stored by the system owner. It is not possible for anyone but the system owner to assign or leverage internal user credentials on a system.
OWNER Reserved for the user that originally created the system. This role is non-revokable.

Please see the Systems Roles tutorial for a deep discussion of system roles and how they are used.