GPMSWiki/DeveloperDocumentation/MigrationHelp/RightsAndRoleFiles: Difference between revisions
Jump to navigation
Jump to search
imported>HeikoNeuweger No edit summary |
m (2 revisions) |
||
(One intermediate revision by one other user not shown) | |||
Line 2: | Line 2: | ||
= Rights and Roles (RnR) = | = Rights and Roles (RnR) = | ||
The following is the sample MeltDB rights and roles definition file. | |||
A .rnr file consists of three blocks: | |||
* HEADER | |||
* RIGHT defintions | |||
* ROLE defintions | |||
The first line of the file defines the Project class and the spelling has to match your GPMS project class (of course) | |||
<pre><nowiki> | <pre><nowiki> | ||
PROJECT_CLASS MeltDB | PROJECT_CLASS MeltDB | ||
</nowiki></pre> | </nowiki></pre> | ||
The next section defines the rights, take care for the indenting and the correct spelling of your GPMS [[DataSource]] Type. The following list are mysql rights that can be associated to your GPMS rights. | |||
* select | * select | ||
* grant | * grant | ||
Line 24: | Line 27: | ||
* references | * references | ||
Please notice the special right GPMS_USERMGT which is assigned to roles that are allowed to add users to the GPMS! | |||
<pre><nowiki> | <pre><nowiki> | ||
RIGHT basic_access | RIGHT basic_access | ||
Line 98: | Line 103: | ||
# Rights specific to the user(s) associated with the current meta experiment # | # Rights specific to the user(s) associated with the current meta experiment # | ||
################################################################################################# | ################################################################################################# | ||
# experimental_data refers to MeltDB::AC meaning the actual data produced by the user | # experimental_data refers to MeltDB::AC meaning the actual data produced by the user | ||
Line 154: | Line 158: | ||
DB delete | DB delete | ||
</nowiki></pre> | </nowiki></pre> | ||
The last section of the .rnr file defines the Roles of your Project Class. | |||
* ROLE <NAME> <RIGHT_A> <RIGHT_B> <RIGHT_C> ... <RIGHT_N> | * ROLE <NAME> <RIGHT_A> <RIGHT_B> <RIGHT_C> ... <RIGHT_N> | ||
<pre><nowiki> | <pre><nowiki> | ||
# user with read only permissions and almost completely restricted access | # user with read only permissions and almost completely restricted access | ||
Line 183: | Line 187: | ||
# the super-user that has all rights. | # the super-user that has all rights. | ||
ROLE Admin basic_access modify_db modify_data delete_data add_user modify_user delete_user administer_database view_experimental_factors add_experimental_factors delete_experimental_factors modify_experimental_factors view_tools add_tools delete_tools modify_tools view_experimental_data add_experimental_data delete_experimental_data modify_experimental_data evaluate_chromatograms evaluate_chromatograms_unrestricted export_data GPMS_USERMGT | ROLE Admin basic_access modify_db modify_data delete_data add_user modify_user delete_user administer_database view_experimental_factors add_experimental_factors delete_experimental_factors modify_experimental_factors view_tools add_tools delete_tools modify_tools view_experimental_data add_experimental_data delete_experimental_data modify_experimental_data evaluate_chromatograms evaluate_chromatograms_unrestricted export_data GPMS_USERMGT | ||
</nowiki></pre> | </nowiki></pre> |
Latest revision as of 07:17, 26 October 2011
Rights and Roles (RnR)
The following is the sample MeltDB rights and roles definition file. A .rnr file consists of three blocks:
- HEADER
- RIGHT defintions
- ROLE defintions
The first line of the file defines the Project class and the spelling has to match your GPMS project class (of course)
PROJECT_CLASS MeltDB
The next section defines the rights, take care for the indenting and the correct spelling of your GPMS DataSource Type. The following list are mysql rights that can be associated to your GPMS rights.
- select
- grant
- insert
- update
- delete
- alter
- index
- create
- drop
- references
Please notice the special right GPMS_USERMGT which is assigned to roles that are allowed to add users to the GPMS!
RIGHT basic_access DS_TYPE MeltDB DB select ################################################################################################# # Global rights # ################################################################################################# RIGHT add_user DS_TYPE MeltDB DB grant insert update delete select RIGHT modify_user DS_TYPE MeltDB DB grant insert update delete select RIGHT delete_user DS_TYPE MeltDB DB grant insert update delete select RIGHT administer_database DS_TYPE MeltDB DB insert update delete select RIGHT export_project DS_TYPE MeltDB DB select RIGHT import_project DS_TYPE MeltDB DB insert update select ################################################################################################# # Rights that refer to all experiments of a certain project # ################################################################################################# RIGHT view_basetypes DS_TYPE MeltDB DB select RIGHT add_basetypes DS_TYPE MeltDB DB insert select RIGHT modify_basetypes DS_TYPE MeltDB DB update select RIGHT delete_basetypes DS_TYPE MeltDB DB delete select # a tool is a configured preprocessing method (MeltDB::Tool) RIGHT view_tools DS_TYPE MeltDB DB select RIGHT add_tools DS_TYPE MeltDB DB insert select RIGHT modify_tools DS_TYPE MeltDB DB update select RIGHT delete_tools DS_TYPE MeltDB DB delete select ################################################################################################# # Rights specific to the user(s) associated with the current meta experiment # ################################################################################################# # experimental_data refers to MeltDB::AC meaning the actual data produced by the user RIGHT view_experimental_data DS_TYPE MeltDB DB select RIGHT add_experimental_data DS_TYPE MeltDB DB insert select RIGHT modify_experimental_data DS_TYPE MeltDB DB update select RIGHT delete_experimental_data DS_TYPE MeltDB DB delete select RIGHT evaluate_chromatograms RIGHT evaluate_chromatograms_restricted RIGHT evaluate_chromatograms_unrestricted RIGHT view_experimental_factors DS_TYPE MeltDB DB select RIGHT add_experimental_factors DS_TYPE MeltDB DB insert select RIGHT modify_experimental_factors DS_TYPE MeltDB DB update select RIGHT delete_experimental_factors DS_TYPE MeltDB DB delete select RIGHT export_data DS_TYPE MeltDB DB select RIGHT import_data DS_TYPE MeltDB DB insert update select RIGHT modify_db DS_TYPE MeltDB DB insert update delete alter index create drop references RIGHT modify_data DS_TYPE MeltDB DB insert update RIGHT delete_data DS_TYPE MeltDB DB delete
The last section of the .rnr file defines the Roles of your Project Class.
- ROLE <NAME> <RIGHT_A> <RIGHT_B> <RIGHT_C> ... <RIGHT_N>
# user with read only permissions and almost completely restricted access ROLE Guest basic_access view_experimental_data view_tools view_experimental_factors ROLE User basic_access modify_data view_experimental_factors view_tools view_experimental_data add_tools add_experimental_data modify_experimental_data delete_experimental_data evaluate_chromatograms evaluate_chromatograms_restricted ROLE Maintainer basic_access modify_data delete_data modify_experimental_factors delete_experimental_factors view_experimental_factors view_tools view_experimental_data add_tools add_experimental_data modify_experimental_data delete_experimental_factors modify_tools delete_tools evaluate_chromatograms evaluate_chromatograms_restricted # user who is responsible for the database and for the solution of bugs and problems # can do almost everything and also MODIFY THE DATABASE (e.g. alter table) ROLE Developer basic_access modify_db modify_data delete_data administer_database view_experimental_factors add_experimental_factors delete_experimental_factors modify_experimental_factors view_tools add_tools delete_tools modify_tools view_experimental_data add_experimental_data delete_experimental_data modify_experimental_data evaluate_chromatograms evaluate_chromatograms_unrestricted export_data # user who is responsible for the project (in the majority of cases this is one of the # MeltDB developers in Bielefeld), can do everything (e.g. configure project) except # modifying the database # has to add Maintainers, Annotators and Guests but cannot add Developers ROLE Chief basic_access add_user view_experimental_data view_tools view_experimental_factors add_tools add_experimental_data modify_user delete_user evaluate_chromatograms evaluate_chromatograms_unrestricted GPMS_USERMGT # the super-user that has all rights. ROLE Admin basic_access modify_db modify_data delete_data add_user modify_user delete_user administer_database view_experimental_factors add_experimental_factors delete_experimental_factors modify_experimental_factors view_tools add_tools delete_tools modify_tools view_experimental_data add_experimental_data delete_experimental_data modify_experimental_data evaluate_chromatograms evaluate_chromatograms_unrestricted export_data GPMS_USERMGT