GenDB Roles and Rights

This section describes the Roles and Rights as they were defined for the genome annotation system GenDB which extensively uses different roles for a sophisticated access control.

GenDB Roles

PROJECT_CLASS GENDB

# user with read only permissions and almost completely restricted access
ROLE Guest
        RIGHT basic_access

# user who is allowed to write annotations and recompute the observations
# for a single region
ROLE Annotator
        RIGHT basic_access
        RIGHT annotate
        RIGHT export_region_data
        RIGHT recompute


# (external) user who is allowed do most of the necessary tasks to maintain a project
# (e.g. import/export/edit/delete sequence, add tools and submit all jobs)
# this role should be used if several persons have to edit the sequence e.g. to correct frame-shifts
ROLE Maintainer
        RIGHT basic_access
        RIGHT recompute
        RIGHT submit_jobs
        RIGHT contig_import_export              
        RIGHT edit_sequence
        RIGHT add_tools
        RIGHT export_region_data
        RIGHT delete_contig
        RIGHT annotate
        RIGHT region_prediction

# user who is responsible for the database and for the solution of bugs and problems
# can do almost everything and also MODIFY THE DATABASE (e.g. alter table)
ROLE Developer
        RIGHT contig_import_export
        RIGHT region_prediction
        RIGHT submit_jobs
        RIGHT recompute
        # frame-shift correction and contig update
        RIGHT edit_sequence 
        RIGHT add_tools
        RIGHT export_region_data
        RIGHT delete_contig
        RIGHT configure_project
        RIGHT basic_access
        RIGHT annotate
        RIGHT modify_db

# user who is responsible for the project (in the majority of cases this is one of the 
# GenDB developers in Bielefeld), can do everything (e.g. configure project) except 
# modifying the database
# has to add Maintainers, Annotators and Guests but cannot add Developers
ROLE Chief
        RIGHT annotate
        RIGHT add_user
        RIGHT contig_import_export
        RIGHT region_prediction
        RIGHT submit_jobs
        RIGHT recompute
        # frame-shift correction and contig update
        RIGHT edit_sequence 
        RIGHT add_tools
        RIGHT export_region_data
        RIGHT delete_contig
        RIGHT configure_project
        RIGHT basic_access

GenDB Rights

CLASS GENDB

RIGHT basic_access
        DS_TYPE GENDB
                DB select
        DS_TYPE GPMSDB
                DB select
                TABLE sessions delete update insert 
                TABLE sessions_not_permanent delete update insert
                TABLE sessions_permanent delete update insert
                TABLE Member_User_Project_Configs update delete insert
                TABLE Member_User_Project_Configs_hash_value update delete insert       
                TABLE ProjectManagement_counters update
                        

RIGHT annotate
        DS_TYPE GENDB
                DB insert update 

RIGHT export_region_data


RIGHT recompute
        DS_TYPE GENDB
                DB delete update insert

RIGHT submit_jobs
        DS_TYPE GENDB
                DB insert update delete

RIGHT contig_import_export
        DS_TYPE GENDB
                DB insert update delete

# may only be granted to user if user has right annotate
RIGHT edit_sequence 
        DS_TYPE GENDB 
                DB update insert 

RIGHT add_tools
        DS_TYPE GENDB
                DB insert update 
RIGHT delete_contig
        DS_TYPE GENDB
                DB delete 

RIGHT region_prediction
        DS_TYPE GENDB
                DB insert update delete

RIGHT configure_project
        DS_TYPE GENDB
                DB insert update delete


RIGHT modify_db
        DS_TYPE GENDB
                DB insert update delete alter index create drop references

RIGHT add_user
        DS_TYPE GENDB
                DB grant insert update delete 
        DS_TYPE GPMSDB
                DB grant insert update delete