NERSCPowering Scientific Discovery Since 1974

Collaboration Accounts


Most NERSC login accounts are associated with specific individuals and must not be shared. Sometimes it is advantageous to have a login account which is not tied to a person but instead to the group for the purposes of shared access to batch jobs or data. Collaboration Accounts are designed to facilitate collaborative computing by allowing multiple users to use the same account.  All actions performed by the Collaboration Account are traceable back to the individual who used the Collaboration Account to perform those actions via gsisshd accounting logs. PIs and PI Proxies can request a Collaboration Account by logging into nim and selecting "Request a Collaboration Account" under the blue "Actions" tab.

Logging Into Collaboration Accounts

To access your collaboration account with your NERSC grid certificate, first login to any PDSF interactive node, edisongrid, or corigrid (to access corigrid, you must first log into as yourself and then do the following commands:

module load globus
myproxy-logon -s
gsissh localhost -l <project account name>

If you're using the port to 22 in your .ssh/config file, you may also need to add a "-p 2222" flag to the gsissh command.

Alternatively you can get a proxy using grid-proxy-init instead of myproxy-logon. In this case you use your GRID pass phrase instead of your NIM password.

Controlling Project Account Access

PIs and PI Proxies can give users in their repo access to the Collaboration account by adding them in NIM. Log into and click on the repo with the Collaboration account you wish to change. Then click on the "Project Access" tab in the yellow bar partway down the page. This will bring you to a page with a pull down menu where you can select project account and the user you wish to give access to it. If you encounter any errors with this, please open a ticket with NERSC consulting (

Use Cases

Collaborative Production Data Management

Production Data refers to larger-scale datasets (many TBs now, PBs in the future), as opposed to, e.g., an individual’s own personal analysis files.  The data is typically managed by multiple collaborators, is kept on disk for long periods, and is produced either by running jobs locally or transferring data from remote locations.  A problem that often arises is that the files are owned by the collaborator who did the work and if that collaborator changes roles the default unix file permissions usually are such that the files cannot be managed (deleted) by other members of the collaboration and system administrators must be contacted.  While the problem can be addressed with the appropriate use of unix groups and file permissions in practice this tends to be problematic and a more seamless solution would be of great utility.

Collaborative Software Management 

The issue with managing software is similar to that of managing data – different collaborators often need to work with the same files in a particular software installation and unix groups and file permissions tend to be problematic for them.  The main difference between collaborative data and software management is that software is typically managed on a short-tem basis (hours/days) whereas production data is managed on a long-term basis (months/years).

Collaborative Job Management

Production level jobs are often run by a small team of collaborators.  Project accounts would enable members of the team to manipulate jobs submitted by other team members as necessary.

Role Management

Not only do project accounts enable collaborative work but they also allow for precise role management through membership control.