Currently, the web UI allows all users with access everything. Only job upload has a separate permission setting.
We should generalize that to more aspects of the UI, such as cancelling jobs, accessing logs, or accessing metrics.
We could add a flag for each feature (enable / disable).
Alternatively, we can add an access level to the UI:
- view job only (dag, timeling, checkpoint stats)
- view dag and metrics + logs
- view dag/metrics/logs plus allow stop / cancel / savepoint
- allow all (before plus submitting new jobs)
The second options is less flexible, but more compact to configure.