Administration

Introduction

GAMS Engine comes with a highly flexible model- and user management system that allows you to restrict the activities of your users according to your organizational hierarchy. To understand this in its entirety, we need to address a few concepts in more detail: models, namespaces, permissions and user types.

Note:

To illustrate some of the aspects, the Engine UI is used here. However, each of the steps shown below can also be achieved with the help of custom clients.

Models

When submitting a GAMS job, it usually consists of model files and data files. While the latter usually differ with each job, the actual GAMS model remains mostly unchanged. In order to avoid submitting the same files to Engine with each job, models can be registered with Engine. Files of registered models are stored by Engine and used for subsequent jobs. You only need to provide the name under which the model is registered and send the dynamic data.

  • Job with unregistered model
    The user provides both the model files as well as the data to run the model with.

Unregistered model

  • Job with registered model
    The GAMS model is registered with Engine and the user only provides the model name and dynamic data to run the model with.

Registered model
Note:

If a job submit includes files that are already stored as part of the registered model at Engine, the files submitted by the user will be used.

Namespaces and Permissions

Models are organized in namespaces, which you can think of as file directories. Models are always registered in a namespace and submitted GAMS jobs are also executed there. Each model name can only occur once within a namespace. If two models with the same name are to be registered, this must be done in different namespaces. Apart from the ability to manage multiple models with the same name, namespaces are particularly useful for representing hierarchical (user) structures. This is due to an important property of namespaces, namely the concept of permissions.

Namespaces are similar to directories in the UNIX file system: you can specify which users have access to which namespaces. Just like the UNIX file system, GAMS Engine has three types of permissions on namespaces:
  • Read Permission
    Users can download GAMS models registered in this namespace
  • Write Permission
    Users can register new models in this namespace
  • Execute Permission
    Users can execute models in this namespace
The table below shows the mapping of these permissions to the permission codes used by GAMS Engine.

Permission Code Read Permission Write Permission Execute Permission
0 - - -
1 - -
2 - -
3 -
4 - -
5 -
6 -
7

In the following example, two namespaces are used by three people with different permissions to represent the structure and workflow of a company with a customer.

  • Developer:
    The Model Developer is responsible for maintaining existing models and developing future models. He only accesses the namespace R&D provided for this purpose, in which he has all permissions.
  • Manager:
    The manager has read and execute permissions on the namespace R&D. There she checks the models for customer suitability. If a model (update) is ready, then the manager registers it in the namespace production.
  • Customer:
    The customer has read and execute permissions on the namespace production. With these permissions she can submit jobs with her data and receive the results.

Permission hierarchy
Warning:

By default, the result files to which the customer has access also contain the model files. In order to restrict a user from accessing your model files, you have to specify a proper INEX file in addition to revoking read permission from this user!

Tip:

After setting up GAMS Engine, there is a single namespace available with the name: global. Adding namespaces as well as registering models can easily be done via the Engine UI in the Models view.

Add namespace and register model

User management

After first installing the system, there is a single default user available with the name: admin and password: admin.

Note:

We strongly recommend that you change the default password for the admin user immediately after installing Engine to prevent unauthorized users from accessing your system!

If you are administrator, you can invite other users. If you are using the Engine UI, you will find an invite user button in the upper right corner of the Users section.

Invite a new user

GAMS Engine distinguishes three types of users:

  • Users
  • Inviters
    Inviters are users with the additional privilege to invite new users to use GAMS Engine. However, inviters can only invite users who have the same or fewer permissions than themselves. For example, if an inviter has read and execute permissions on the namespace global, she is not allowed to invite a user with write permission on this namespace. Inviters can invite other inviters, but not admins.
  • Administrators
    Administrators are the most privileged users. They have full permissions for each namespace and are allowed to invite new users, even new administrators. Administrators can also add new namespaces or remove existing ones.

In order to add a new user to GAMS Engine, you need to generate an invitation code. Users can then register themselves by providing this invitation code, a username and a password. Invitation codes can be generated by administrators and inviters. When creating an invitation code, permissions to namespaces can be assigned so that the new user can start interacting with the system directly. Note that the invitee's permissions may be lower than the inviter's, but not higher. Furthermore, inviters are able to manage - i.e. modify permissions and delete - their children (invitees) as well as any grandchildren. In this way, you can set up several hierarchy levels.

User hierarchy example:

User hierarchy

Cleanup

Result data is not automatically deleted by Engine. Over time, the storage usage on the server can grow accordingly. It is up to the admin to ensure that result data is deleted if necessary. The Engine API provides a cleanup endpoint for this.

If you are working with the Engine UI you can reduce the amount of storage used by GAMS Engine via the cleanup view. You can either remove result files of individual jobs one by one or clean up multiple files at once with the Run housekeeping dialog. This allows you to remove all files created more than x days ago and/or files created by users who have been removed from the system.

Run housekeeping