Commit 6d6a9c33 authored by Ewa Smula's avatar Ewa Smula
Browse files

users management updated

parent 9b382fd8
# 7 Login, Types of Users and Permissions
# 7 Types of Users and Permissions
<!-- # 7 Users' Types and Permissions, login details -->
This paragraph is recommended for DAISY administrators. [**Click here**]({{ "/manual/user_management_details/" | relative_url }}) to find out about DAISY end users and their privileges.
Upon successful installation of DAISY, going to the web address ```https://${IP_ADDRESS_OR_NAME_OF_DEPLOYMENT_SERVER}```
should display the login page.
![Alt](../img/login.png)
<center>DAISY Login Page</center>
Based on the authentication configuration made for your deployment, you may login by:
* user definitions in an existing LDAP directory, e.g. institutional/uni credentials
* user definitions maintained within the DAISY database.
<mark>DAISY is intended to be used mostly by three categories of end users in a Biomedical research institution</mark>; primarily Research staff e.g. principle investigators, lab members, legal support team, and IT and data management specialists.
Specifically, DAISY has the following **user groups** to support record access control;
* **standard**: This is the default role assigned to all users. All DAISY users can view all Dataset, Project, Contract and Definitions (Cohorts, Partner, Contact). The document attachments of records are excluded from this view permission.
* **vip**: This role is typically given to research principle investigators. VIP users have all privileges on the records they own, meaning the records where the user has been appointed as the ``Local Custodian``. They also have the right to give permissions to others on these records.
* **legal**: This role is given to users that will be managing _Contract_ records. Legal personnel will be able to create view and edit contract as well as view all other records in DAISY and manage their document attachments
* **auditor**: This role would designed to an external person, who is given view-only temporary access to all DAISY records. This would typically happening an audit scenario.
DAISY supports fine-grained permission management with the following categories of permissible actions. The ability to _View_ records, _View Document_ attachments of records, ability to _Edit_ and _Delete_ records. The ability to _Administer Permissions_.
| User Category | Administer Permissions | Delete | Edit | View | View Document Attachments |
| -------------|:-------------:|:-------------:|:-------------:|:-------------:|:-----|
| superuser | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub>| P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub>| P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub>|
| standard | | | | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | |
| vip | P<sub>own</sub>, D<sub>own</sub> | P<sub>own</sub>, D<sub>own</sub>| P<sub>own</sub>, D<sub>own</sub>| P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | P<sub>own</sub>, D<sub>own</sub>, C<sub>own</sub> |
| auditor | | | |P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub>| P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> |
| legal | C<sub>all</sub> | C<sub>all</sub> | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> |
<br />
<br />
<br />
<div style="text-align: right;"> <a href="#top">Back to top</a> </div>
<br />
---
<div style="text-align: right"> <strong><a href="#top">Back to top</a></strong></div>
<br />
<br />
\ No newline at end of file
---
layout: page
title: Login and users types
permalink: /manual/user_management_details/
order: -1
---
<small>
[User guide]({{ "/manual/" | relative_url }}) &raquo; [*7 Types of users and permissions (**GO BACK to main page**)*]({{ "/manual/#7-types-of-users-and-permissions" | relative_url }})
</small>
---
<br>
# 7 Types of Users and Permissions
{:.no_toc}
* TOC
{:toc}
---
<br>
DAISY is intended to be used mostly by three categories of end users in a biomedical research institution:
- Research staff (e.g. principle investigators, lab members)
- Legal support team
- IT and data management specialists
Specifically, DAISY has the following **user groups** to support record access control:
- **Standard**
This is the default role assigned to all users. All DAISY users can view all Dataset, Project, Contract and Definitions (Cohorts, Partner, Contact). The document attachments of records are excluded from this view permission.
- **VIP**
This role is typically given to research principle investigators. VIP users have all privileges on the records they own, meaning the records where the user has been appointed as the ``Local Custodian``. They also have the right to give permissions to others on these records.
- **Legal**
This role is given to users that will be managing _Contract_ records. Legal personnel will be able to create view and edit contract as well as view all other records in DAISY and manage their document attachments
- **Auditor**
This role would designed to an external person, who is given view-only temporary access to all DAISY records. This would typically happening an audit scenario.
DAISY supports fine-grained permission management with the following categories of permissible actions.
The abilities to *View*, *Edit* and *Delete* records; to *View Document attachments of records* and to *Administer Permissions*.
<span style="display:block;text-align:center">![Alt]({{ "img/permissions_table.png" | relative_url }}){:width="900px"}<br/><small>Users permissions</small></span>
<!-- <span style="display:block;text-align:center">![Alt]({{ "img/login.png" | relative_url }}){:width="800px"}<br/><small>DAISY Login Page</small></span>
-->
<!--
Upon successful installation of DAISY, going to the web address ```https://${IP_ADDRESS_OR_NAME_OF_DEPLOYMENT_SERVER}```
should display the login page.
<br>
<span style="display:block;text-align:center">![Alt]({{ "img/login.png" | relative_url }}){:width="800px"}<br/><small>DAISY Login Page</small></span>
Based on the authentication configuration made for your deployment, you may log in by:
* user definitions in an existing LDAP directory, e.g. institutional/uni credentials
* user definitions maintained within the DAISY database.
-->
<!-- <mark>DAISY is intended to be used mostly by three categories of end users in a Biomedical research institution</mark>; primarily Research staff e.g. principle investigators, lab members, legal support team, and IT and data management specialists. -->
<!-- Project permissions:
Permissions
- Admin
Grant the right to change permissions on this dataset and grant all other permissions.
- Delete
Grant the right to delete this dataset.
- Edit
Grant the right to edit this dataset.
- Protected
Grant the right to access protected information on this dataset.\
- View
Grant the right to view this dataset. -->
<!-- | User Category | Administer Permissions | Delete | Edit | View | View Document Attachments |
| -------------|:-------------:|:-------------:|:-------------:|:-------------:|:-----|
| superuser | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub>| P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub>| P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub>|
| standard | | | | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | |
| vip | P<sub>own</sub>, D<sub>own</sub> | P<sub>own</sub>, D<sub>own</sub>| P<sub>own</sub>, D<sub>own</sub>| P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | P<sub>own</sub>, D<sub>own</sub>, C<sub>own</sub> |
| auditor | | | |P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub>| P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> |
| legal | C<sub>all</sub> | C<sub>all</sub> | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | P<sub>all</sub>, D<sub>all</sub>, C<sub>all</sub>, Def<sub>all</sub> | -->
<br />
---
<div style="text-align: right;"> <a href="#top">Back to top</a> </div>
<br />
<!-- WHERE PUT THAT ? -->
<!-- The dependencies between DAISY modules are given below. There are no hard dependencies between Projects, Contracts and Datasets modules. In principle you may start using any of these modules once DAISY is deployed with the pre-packed definitions. -->
<!-- ![Alt](../img/dependencies.png "DAISY module dependencies") -->
<!-- <center>DAISY module dependencies</center> -->
<!-- <span style="display:block; text-align:center">![Alt](../img/dependencies.png "DAISY module dependencies"){:width="800px"}<br/><small>DAISY module dependencies</small></span>
<br /> -->
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment