Set MATLAB Job Scheduler Cluster Security
Configure and manage security levels for your MATLAB® Job Scheduler cluster.
In the following instructions, matlabroot
refers to the
location of your installed MATLAB
Parallel Server™ software. Where you see this term used in the instructions that follow,
substitute the path to your location.
You can find the mjs_def
file in
for Linux® (matlabroot
/toolbox/parallel/binmjs_def.sh
) and Windows® (mjs_def.bat
). To learn more about the parameters in
mjs_def
file, see Define MATLAB Job Scheduler Startup Parameters.
Set Security Level
Set the MATLAB Job Scheduler security level with the SECURITY_LEVEL
parameter
in the mjs_def
file before starting the mjs
service on
your cluster nodes. The mjs_def
file indicates what values you can set and
briefly describes each security level.
This table describes the available security levels for accessing MATLAB Job Scheduler and its jobs.
Security Level | Description | User Restrictions |
---|---|---|
0 | No security.
| None |
1 | Jobs are associated with the submitting user.
|
|
2 | Jobs have MATLAB Job Scheduler password protection.
|
|
3 | In addition to the security of level 2, tasks are associated with the submitting user on worker machines.
|
|
Tip
Run the job manager and the workers at the same security level. The job manager does not register a worker running at a lower security level.
Local, MATLAB Job Scheduler, and Network Passwords
For any security level above level 0, when you start MATLAB Job Scheduler (for example, with the startjobmanager
command), the software creates a cluster administrator account with
the username specified in the ADMIN_USER
parameter in the
mjs_def
file. If you do not specify a username, the administrator account
username defaults to admin
. The software prompts you to provide a password
for the new administrator account. The administrator account has all the necessary permissions
for accessing the cluster and all its jobs. To use LDAP server authentication, the username
specified in ADMIN_USER
must be in the LDAP server.
For any security level, MATLAB Job Scheduler associates every job with the user who submits it. Therefore, whenever you access MATLAB Job Scheduler or a job, MATLAB Job Scheduler must verify your identity.
At security level 0, the software sets the Username
property to the
login name of the person who creates the job. You can change this value at any time. For all
higher security levels, the first time you access MATLAB Job Scheduler, a dialog box prompts you for your username. If the security level
is 2 or 3, you must also provide a password. The username and password you provide for
MATLAB Job Scheduler must match your network username and password if you are using
security level 3 or if the MATLAB Job Scheduler cluster has LDAP server authentication configured. Otherwise, you
can create a new username and password for MATLAB Job Scheduler. For convenience, you can choose to save your username and password
on the local computer so you do not need to enter them every time you access your job.
For information about changing a password and logging out of a MATLAB Job Scheduler cluster, see changePassword
(Parallel Computing Toolbox) and logout
(Parallel Computing Toolbox). For more information about LDAP server
authentication for MATLAB Job Scheduler clusters, see Configure LDAP Server Authentication for MATLAB Job Scheduler.
Authorize Users for Job and Task Access
This example shows how to authorize users to access your job on a MATLAB Job Scheduler cluster with security level 2 or 3. When you create a job and submit it to a MATLAB Job Scheduler cluster, jobs and tasks are associated with the submitting user. These jobs and tasks are password protected so unauthorized users cannot access your jobs.
Use parcluster
(Parallel Computing Toolbox) to create a cluster object using the cluster profile 'MyMJSCluster'
. Replace 'MyMJSCluster'
with the name of your cluster profile. Then, use batch
(Parallel Computing Toolbox) to create and submit a job on the cluster.
c = parcluster('MyMJSCluster');
j = batch(c,@rand,1,{2});
You can set the AuthorizedUsers
property of a job to authorize user access to that job and its tasks. Each user that you specify must have already used the MATLAB Job Scheduler cluster. Authorize access to a job for users "user1
" and "user2
".
j.AuthorizedUsers = ["user1","user2"];
See Also
startjobmanager
| changePassword
(Parallel Computing Toolbox) | logout
(Parallel Computing Toolbox) | mjs