A collaboration-admin is not automatically a workspace-admin. The membership in the group "src_co_admin" gives a user admin/sudo rights.
The SRC administrator group can be used to grant a user SUDO or administrator privileges in workspaces started for a collaboration.
For Windows, membership in this group is always required to be able to become a Windows admin in the workspace.
Linux workspaces usually give all users SUDO privileges, unless this has been switched off with a parameter in the workspace's catalog-item (parameter "co_passwordless_sudo").
We have the option to change this to only members of the SRC administrator role in custom created catalog items Catalog items - creation and management, and in future SURF managed catalog items.
If in your chosen catalog-item, the use of SUDO is constrained to members of the "src_co_admin" group, Linux will prompt you for a password, when using SUDO
The password is your TOTP code. You can set your TOTP code as described here: Log in to your workspace - Workspace access with TOTP
Windows workspaces require membership in this group anyway, to get admin-rights.
Also, in case of a Windows workspace the user will have to log out and back in, before the change takes effect.
Managing the "src_co_admin" group
An admin of the collaboration can log in to the SRAM portal and add and manage the group as shown below.
- Log in to the SRAM portal
- Select the "Collaborations" tab
- Select the collaboration
- Select the "Groups"-tab
- Select the group "src_co_admin"
- Add or remove the group-members as required
If the group "src_co_admin " does not exist, yet, create it with "Create new group".
Use "src_co_admin" as the short name, too. Otherwise the group will not be recognized as the SRC administrators group.
Note that it might take a few seconds for these changes to take effect in the Research Cloud portal!