SOCA Projects have been introduced on SOCA 25.3 and let you control visibility for Virtual Desktop, Target Nodes or Applications resources.

For example, you can choose which users are allowed to deploy Virtual Desktop Software Stack, Target Nodes Software Stack or Applications for web-based Job Submission.

Permission Framework¶

Projects can manage an unlimited number of resources. Here's an example demonstrating a scenario with a limited number of resources:

graph LR

    %% Subgraph: Users
    subgraph Users
        U1[User 1]
        U2[User 2]
        U3[User 3]
    end

    %% Subgraph: Projects
    subgraph Projects
        P1[Project A]
        P2[Project B]
    end

    %% Subgraph: Budgets
    subgraph Budgets
        B1[Budget A]
    end

    %% Subgraph: Resources
    subgraph Resources
        VD1[Desktop Stack #1]
        VD2[Desktop Stack #2]
        VD3[Desktop Stack #3]
        TN[Target Node Stack]
        WA[Web Job Submission: Ansys]
        WB[Web Job Submission: Siemens]
        WC[Web Job Submission: Mathworks]
    end

    %% Subgraph: Profiles
    subgraph Profiles
        VDP1[VDI Profile 1]
        VDP2[VDI Profile 2]
        TNP[TN Profile]
    end

    %% Memberships
    U1 -->|member of| P1
    U2 -->|member of| P1
    U2 -->|member of| P2
    U3 -->|member of| P2

    %% Budget
    P1 --> B1

    %% Project controls
    P1 -->|control| VD1
    P2 -->|control| VD2
    P2 -->|control| VD3
    P2 -->|control| TN
    P1 -->|control| WA
    P1 -->|control| WB
    P1 -->|control| WC

    %% Configurations
    VD1 -->|configured by| VDP1
    VD2 -->|configured by| VDP1
    VD3 -->|configured by| VDP2
    TN -->|configured by| TNP

    %% Styling
    classDef user fill:#ADD8E6,color:white;
    classDef project fill:#FFFFE0,color:white;
    classDef budget fill:#2ecc71,color:white;

    classDef VDI fill:#a8e6a3,color:black;
    classDef WebApp fill:#ffd8a8,color:black;

    %% Profiles (neutral)
    classDef profile fill:#FFC0CB,color:white;

    %% Apply styles
    class U1,U2,U3 user;
    class P1,P2 project;
    class B1 budget;

    class WA,WB,WC WebApp;
    class VD2,VD3,VD1 VDI;

    class VDP1,VDP2,TNP profile;

Notes:

Associating AWS Budget to a SOCA Project is optional
Projects can control visibility to one or more Web Based Job Submission applications
A Virtual Desktop Profiles can be tied to one or more Virtual Desktop Software Stacks
A Target Node Profiles can be tied to one or more Target Nodes Software Stacks
Virtual Desktops / Target Nodes and Application can be shared by multiple projects. – Access to any SOCA group can be explicitly allowed or denied for LDAP users or groups.

Create/Edit Project¶

To create or edit a project, navigate to Admin Section > ** SOCA Projects ** > Projects

Associate AWS Budget¶

If necessary, you can link a SOCA project to an existing AWS Budget. When this association is made, any resources submitted under the project will only be approved if the AWS Budget has not reached its defined threshold.

Allow/Deny User/Groups¶

Fill out the form and specify which SOCA users/groups will be allowed to view resources associated to this project.

Deny > Allow

deny takes precedent over allow. For example, a user in the allowed_users will be denied if he/she belongs to a group mentioned in the denied_groups

Example:

Username	Allowed Users	Denied Users	Allowed Groups	Denied Groups	Access Granted?
`user1`	❌	❌	❌	❌	❌
`user2`	✅	❌	❌	❌	✅
`user3`	✅	❌	✅	❌	✅
`user4`	❌	❌	✅	❌	✅
`user5`	✅	✅	❌	❌	❌
`user6`	✅	❌	❌	✅	❌

Associate Resources¶

Select the resources authorized for this project:

View Project Membership for a given user¶

Navigate to Admin Section > User Membership to quickly find all projects associated to a given user: