GenDBWiki/TermsAndConcepts/RolesAndRights

From BRF-Software
Revision as of 07:17, 26 October 2011 by Admin (talk | contribs) (2 revisions)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

GenDB Roles and Rights

This section describes the Roles and Rights as they were defined for the genome annotation system GenDB which extensively uses different roles for a sophisticated access control.

GenDB Roles

PROJECT_CLASS GENDB

# user with read only permissions and almost completely restricted access
ROLE Guest
        RIGHT basic_access

# user who is allowed to write annotations and recompute the observations
# for a single region
ROLE Annotator
        RIGHT basic_access
        RIGHT annotate
        RIGHT export_region_data
        RIGHT recompute


# (external) user who is allowed do most of the necessary tasks to maintain a project
# (e.g. import/export/edit/delete sequence, add tools and submit all jobs)
# this role should be used if several persons have to edit the sequence e.g. to correct frame-shifts
ROLE Maintainer
        RIGHT basic_access
        RIGHT recompute
        RIGHT submit_jobs
        RIGHT contig_import_export              
        RIGHT edit_sequence
        RIGHT add_tools
        RIGHT export_region_data
        RIGHT delete_contig
        RIGHT annotate
        RIGHT region_prediction

# user who is responsible for the database and for the solution of bugs and problems
# can do almost everything and also MODIFY THE DATABASE (e.g. alter table)
ROLE Developer
        RIGHT contig_import_export
        RIGHT region_prediction
        RIGHT submit_jobs
        RIGHT recompute
        # frame-shift correction and contig update
        RIGHT edit_sequence 
        RIGHT add_tools
        RIGHT export_region_data
        RIGHT delete_contig
        RIGHT configure_project
        RIGHT basic_access
        RIGHT annotate
        RIGHT modify_db

# user who is responsible for the project (in the majority of cases this is one of the 
# GenDB developers in Bielefeld), can do everything (e.g. configure project) except 
# modifying the database
# has to add Maintainers, Annotators and Guests but cannot add Developers
ROLE Chief
        RIGHT annotate
        RIGHT add_user
        RIGHT contig_import_export
        RIGHT region_prediction
        RIGHT submit_jobs
        RIGHT recompute
        # frame-shift correction and contig update
        RIGHT edit_sequence 
        RIGHT add_tools
        RIGHT export_region_data
        RIGHT delete_contig
        RIGHT configure_project
        RIGHT basic_access


GenDB Rights

CLASS GENDB

RIGHT basic_access
        DS_TYPE GENDB
                DB select
        DS_TYPE GPMSDB
                DB select
                TABLE sessions delete update insert 
                TABLE sessions_not_permanent delete update insert
                TABLE sessions_permanent delete update insert
                TABLE Member_User_Project_Configs update delete insert
                TABLE Member_User_Project_Configs_hash_value update delete insert       
                TABLE ProjectManagement_counters update
                        

RIGHT annotate
        DS_TYPE GENDB
                DB insert update 

RIGHT export_region_data


RIGHT recompute
        DS_TYPE GENDB
                DB delete update insert

RIGHT submit_jobs
        DS_TYPE GENDB
                DB insert update delete

RIGHT contig_import_export
        DS_TYPE GENDB
                DB insert update delete

# may only be granted to user if user has right annotate
RIGHT edit_sequence 
        DS_TYPE GENDB 
                DB update insert 

RIGHT add_tools
        DS_TYPE GENDB
                DB insert update 
RIGHT delete_contig
        DS_TYPE GENDB
                DB delete 

RIGHT region_prediction
        DS_TYPE GENDB
                DB insert update delete

RIGHT configure_project
        DS_TYPE GENDB
                DB insert update delete


RIGHT modify_db
        DS_TYPE GENDB
                DB insert update delete alter index create drop references

RIGHT add_user
        DS_TYPE GENDB
                DB grant insert update delete 
        DS_TYPE GPMSDB
                DB grant insert update delete