Render Farm Security Controls

  • Blog

Version: Deadline 7.2

BACKGROUND

Bob from VFX.com runs a render farm that has over 100 render nodes and an ever-growing pool of users. The main problem he’s facing these days is that he feels like he’s losing control of the farm. Some users are changing Repository settings, while others are bumping up their job priority and/or suspending other users’ jobs in order for theirs to finish first. This article will show how Deadline can help him solve these problems by locking down what users have access to.

USER SECURITY

The first thing Bob can do to lock down his farm is to create a Super User password. This can be done from the Deadline Monitor while in Super User Mode by selecting Repository Options from the Tools menu. When the Repository Options dialog comes up, select the User Security page on the left. After setting this password, any user that tries to enter Super User Mode in the Monitor will have to enter this password. This will prevent unauthorized users from modifying things like the Repository settings going forward.

While he is here, he might as well enable the Use the System for the Deadline User option as well under Enhanced User Security. This will force the current Deadline user to match the name of the user that is currently logged into the machine and will prevent users from easily impersonating other users to control their jobs. The only way to change Deadline users now is to log out of the machine and log back in as someone else.

USER GROUP PERMISSIONS

Bob now has measures in place to prevent users from accessing administrative tools and impersonating others. But that’s only half the battle.

Bob has two types of users: Artists and Wranglers. He wants to prevent the Artists from changing their job priority and suspending other users’ jobs, but he wants to keep this open to the Wranglers so that they can continue adjusting queue priority as necessary. The solution is to use User Group Permissions, which can be accessed in the Monitor while in Super User mode by selecting Manage User Groups from the Tools menu.

THE EVERYONE GROUP

By default, Deadline creates an Everyone group which will be applied to all current and future Deadline users. Since the Everyone group is applied to all users, it should have the most restrictions applied to it, which means that Bob wants to use the Everyone group to represent the Artists.

So Bob selects the Everyone group in the list on the left and makes the following changes:

  • Under the General Options tab, he disables the Can View Other Users’ Jobs option. Users can’t control other users’ jobs if they can’t see them!
  • Under the Job Properties tab, he disables the Job Priority option. This will prevent users from changing their job priorities.

THE WRANGLERS GROUP

Now that regular users (Artists) are locked down, Bob still needs to ensure that his Wranglers can continue doing their job. So he clicks the Add button in bottom-left corner of the User Group Permissions dialog and calls the new group Wranglers. Note that this new group has the default permissions that the Everyone group originally had, so he doesn’t need to revert any of the settings.

All he has to do is make the following changes under the General Options tab:

  • Enable the Can Modify Other Users’s Jobs option. Now users in the Wranglers group can control other users’ jobs and adjust their priorities as necessary.
  • Add his two wranglers (Brad Hall and Jessica Gutierrez) to the Wranglers group. Even though they are still part of the Everyone group, they will now inherit these additional permissions from the Wranglers group.

WRAPUP

As you followed along with this example, you probably discovered that there are many more things you can lock down via User Group Permissions. For example, you can prevent users from accessing certain menu items via the Menu Items tab, or you can lock down entire data panels from the UI Features tab. More information on User Security and User Group Permissions can be found in the User Management documentation.

With the help of Deadline’s user management features, Administrators like Bob should be able to sleep soundly at night knowing that their farm is secure.