We have enabled Cluster, Pool and Job access, and non-job owners can not run a job even though they are administrators. This disables users from creating cluster resources.
When a non-owner of a job attempts to run, they get a permission denied.
My understanding is admins should always be able to run jobs no matter who the owner is, however this is not what we're observing. Even though we've specified all users/groups who "Can Manage" the job they are still not able to run. Only the owner can.
We also see that the job definition itself has an attribute "run_as_owner" always set to true - appears not to be modifiable from the UI. Is it possible to modify it through the api?
We have additionally created a cluster policy that allows creation of cluster resources. If the job's cluster policy includes this, then rather than unrestricted, then non-owners can run it.
Setting the cluster policy on each job's cluster is fine, however just wanted an explanation on the above.
Thank you!