A CO-Admin is not automatically a workspace-admin. The membership in the group "src_co_admin" gives a user admin/sudo rights.
The SRC administrator group can be used to grant a user SUDO or administrator privileges in workspaces started for a CO.
For Windows, membership in this group is always required to be able to become a Windows admin in the workspace.
Linux workspaces usually give all users SUDO privileges, unless this has been switched off with a parameter in the workspace's catalog-item (parameter "co_passwordless_sudo").
We have the option to change this to only members of the SRC administrator role in custom created catalog items Create your own catalog items, and in future SURF managed catalog items.
If in your chosen catalog-item, the use of SUDO is constrained to members of the "src_co_admin" group, Linux will prompt you for a password, when using SUDO.
The password is your TOTP code. You can set your TOTP code as described here: Log in to your workspace - Workspace access with TOTP
Windows workspaces require membership in this group anyway, to get admin-rights.
Also, in case of a Windows workspace the user will have to log out and back in, before the change takes effect.
Managing the "src_co_admin" group
An admin of the collaboration can log in to the SRAM portal and add and manage the group as shown below.
- Log in to the SRAM portal
- Select the "Collaborations" tab
- Select the collaboration
- Select the "Groups"-tab
- Select the group "src_co_admin"
- Add or remove the group-members as required
If the group "src_co_admin " does not exist, yet, create it with "Create new group".
Use "src_co_admin" as the short name, too. Otherwise the group will not be recognized as the SRC administrators group.
Note that it might take up to five minutes for these changes to take effect in the Research Cloud portal!