GPMSWiki/AdministratorDocumentation/DefiningRolesAndRights: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
m (2 revisions) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 2: | Line 2: | ||
= Role and Right definitions = | = Role and Right definitions = | ||
The following paragraphs describe the roles and rights | The following paragraphs describe the roles and rights | ||
as defined for the genome annotation system | as defined for the genome annotation system GenDB-2.0 which | ||
extensively uses different roles for a sophisticated access control. | extensively uses different roles for a sophisticated access control. | ||
# | # ROLES defined for GenDB-2.0 | ||
# | # | ||
PROJECT_CLASS GENDB | |||
# user with read only permissions and almost completely restricted access | # user with read only permissions and almost completely restricted access | ||
# Roles with the tag ext can be assigned to members via the external | # Roles with the tag ext can be assigned to members via the external | ||
# GPMS web frontend. | # GPMS web frontend. Roles without this tag are not listed in the ext. | ||
# web frontend. | # web frontend. | ||
ROLE Guest ext | |||
RIGHT basic_access | |||
# user who is allowed to write annotations and recompute the observations | # user who is allowed to write annotations and recompute the observations | ||
# for a single region | # for a single region | ||
ROLE Annotator ext | |||
RIGHT basic_access | |||
RIGHT annotate | |||
RIGHT export_region_data | |||
RIGHT recompute | |||
# (external) user who is allowed do most of the necessary tasks to maintain a project | # (external) user who is allowed do most of the necessary tasks to maintain a project | ||
# (e.g. import/export/edit/delete sequence, add tools and submit all jobs) | # (e.g. import/export/edit/delete sequence, add tools and submit all jobs) | ||
# this role should be used if several persons have to edit the sequence e.g. to correct frameshifts | # this role should be used if several persons have to edit the sequence e.g. to correct frameshifts | ||
ROLE Maintainer | |||
RIGHT basic_access | |||
RIGHT recompute | |||
RIGHT submit_jobs | |||
RIGHT contig_import_export | |||
RIGHT edit_sequence | |||
RIGHT add_tools | |||
RIGHT export_region_data | |||
RIGHT delete_contig | |||
RIGHT annotate | |||
RIGHT region_prediction | |||
# user who is responsible for the database and for the solution of bugs and problems | # user who is responsible for the database and for the solution of bugs and problems | ||
# can do almost everything and also MODIFY THE DATABASE (e.g. alter table) | # can do almost everything and also MODIFY THE DATABASE (e.g. alter table) | ||
ROLE Developer | |||
RIGHT contig_import_export | |||
RIGHT region_prediction | |||
RIGHT submit_jobs | |||
RIGHT recompute | |||
# frame-shift correction and contig update | # frame-shift correction and contig update | ||
RIGHT edit_sequence | |||
RIGHT add_tools | |||
RIGHT export_region_data | |||
RIGHT delete_contig | |||
RIGHT configure_project | |||
RIGHT basic_access | |||
RIGHT annotate | |||
RIGHT modify_db | |||
# user who is responsible for the project (in the majority of cases this is one of the | # user who is responsible for the project (in the majority of cases this is one of the | ||
# | # GenDB developers in Bielefeld), can do everything (e.g. configure project) except | ||
# modifying the database | # modifying the database | ||
# has to add Maintainers, Annotators and Guests but cannot add Developers | # has to add Maintainers, Annotators and Guests but cannot add Developers | ||
ROLE Chief | |||
RIGHT annotate | |||
RIGHT add_user | |||
RIGHT contig_import_export | |||
RIGHT region_prediction | |||
RIGHT submit_jobs | |||
RIGHT recompute | |||
# frame-shift correction and contig update | # frame-shift correction and contig update | ||
RIGHT edit_sequence | |||
RIGHT add_tools | |||
RIGHT export_region_data | |||
RIGHT delete_contig | |||
RIGHT configure_project | |||
RIGHT basic_access | |||
### | ### RIGHTS defined for GenDB-2.0 ### | ||
PROJECT_CLASS GENDB | |||
RIGHT basic_access | |||
DS_TYPE GENDB | |||
DB select | |||
DS_TYPE GPMSDB | |||
DB select | |||
TABLE sessions delete update insert | TABLE sessions delete update insert | ||
TABLE sessions_not_permanent delete update insert | TABLE sessions_not_permanent delete update insert | ||
TABLE sessions_permanent delete update insert | TABLE sessions_permanent delete update insert | ||
TABLE | TABLE Member_User_Project_Configs update delete insert | ||
TABLE | TABLE Member_User_Project_Configs_hash_value update delete insert | ||
TABLE ProjectManagement_counters update | TABLE ProjectManagement_counters update | ||
RIGHT annotate | |||
DS_TYPE GENDB | |||
DB insert update | |||
RIGHT export_region_data | |||
RIGHT recompute | |||
DS_TYPE GENDB | |||
DB delete update insert | |||
RIGHT submit_jobs | |||
DS_TYPE GENDB | |||
DB insert update delete | |||
RIGHT contig_import_export | |||
DS_TYPE GENDB | |||
DB insert update delete | |||
# may only be granted to user if user has right annotate | # may only be granted to user if user has right annotate | ||
RIGHT edit_sequence | |||
DS_TYPE GENDB | |||
DB update insert | |||
RIGHT add_tools | |||
DS_TYPE GENDB | |||
DB insert update | |||
RIGHT delete_contig | |||
DS_TYPE GENDB | |||
DB delete | |||
RIGHT region_prediction | |||
DS_TYPE GENDB | |||
DB insert update delete | |||
RIGHT configure_project | |||
DS_TYPE GENDB | |||
DB insert update delete | |||
RIGHT modify_db | |||
DS_TYPE GENDB | |||
DB insert update delete alter index create drop references | |||
RIGHT add_user | |||
DS_TYPE GENDB | |||
DB grant insert update delete | |||
DS_TYPE GPMSDB | |||
Author: [http://www.cebitec.uni-bielefeld.de/~lkrause Lutz Krause] | Author: [http://www.cebitec.uni-bielefeld.de/~lkrause Lutz Krause] | ||
Latest revision as of 07:15, 26 October 2011
Role and Right definitions
The following paragraphs describe the roles and rights as defined for the genome annotation system GenDB-2.0 which extensively uses different roles for a sophisticated access control.
# ROLES defined for GenDB-2.0 #
PROJECT_CLASS GENDB
# user with read only permissions and almost completely restricted access
# Roles with the tag ext can be assigned to members via the external
# GPMS web frontend. Roles without this tag are not listed in the ext.
# web frontend.
ROLE Guest ext
RIGHT basic_access
# user who is allowed to write annotations and recompute the observations
# for a single region
ROLE Annotator ext
RIGHT basic_access
RIGHT annotate
RIGHT export_region_data
RIGHT recompute
# (external) user who is allowed do most of the necessary tasks to maintain a project
# (e.g. import/export/edit/delete sequence, add tools and submit all jobs)
# this role should be used if several persons have to edit the sequence e.g. to correct frameshifts
ROLE Maintainer
RIGHT basic_access
RIGHT recompute
RIGHT submit_jobs
RIGHT contig_import_export
RIGHT edit_sequence
RIGHT add_tools
RIGHT export_region_data
RIGHT delete_contig
RIGHT annotate
RIGHT region_prediction
# user who is responsible for the database and for the solution of bugs and problems
# can do almost everything and also MODIFY THE DATABASE (e.g. alter table)
ROLE Developer
RIGHT contig_import_export
RIGHT region_prediction
RIGHT submit_jobs
RIGHT recompute
# frame-shift correction and contig update
RIGHT edit_sequence
RIGHT add_tools
RIGHT export_region_data
RIGHT delete_contig
RIGHT configure_project
RIGHT basic_access
RIGHT annotate
RIGHT modify_db
# user who is responsible for the project (in the majority of cases this is one of the
# GenDB developers in Bielefeld), can do everything (e.g. configure project) except
# modifying the database
# has to add Maintainers, Annotators and Guests but cannot add Developers
ROLE Chief
RIGHT annotate
RIGHT add_user
RIGHT contig_import_export
RIGHT region_prediction
RIGHT submit_jobs
RIGHT recompute
# frame-shift correction and contig update
RIGHT edit_sequence
RIGHT add_tools
RIGHT export_region_data
RIGHT delete_contig
RIGHT configure_project
RIGHT basic_access
### RIGHTS defined for GenDB-2.0 ###
PROJECT_CLASS GENDB
RIGHT basic_access
DS_TYPE GENDB
DB select
DS_TYPE GPMSDB
DB select
TABLE sessions delete update insert
TABLE sessions_not_permanent delete update insert
TABLE sessions_permanent delete update insert
TABLE Member_User_Project_Configs update delete insert
TABLE Member_User_Project_Configs_hash_value update delete insert
TABLE ProjectManagement_counters update
RIGHT annotate
DS_TYPE GENDB
DB insert update
RIGHT export_region_data
RIGHT recompute
DS_TYPE GENDB
DB delete update insert
RIGHT submit_jobs
DS_TYPE GENDB
DB insert update delete
RIGHT contig_import_export
DS_TYPE GENDB
DB insert update delete
# may only be granted to user if user has right annotate
RIGHT edit_sequence
DS_TYPE GENDB
DB update insert
RIGHT add_tools
DS_TYPE GENDB
DB insert update
RIGHT delete_contig
DS_TYPE GENDB
DB delete
RIGHT region_prediction
DS_TYPE GENDB
DB insert update delete
RIGHT configure_project
DS_TYPE GENDB
DB insert update delete
RIGHT modify_db
DS_TYPE GENDB
DB insert update delete alter index create drop references
RIGHT add_user
DS_TYPE GENDB
DB grant insert update delete
DS_TYPE GPMSDB
Author: Lutz Krause