Permissions
Permissions are defined per entity to be accessed: a table, a resource, a project, the DataSHIELD service etc. Note that the following rules apply:
By default, no permissions is granted (apart of user’s home folder).
When an entity is part of a hierarchy (a variable is in a table which is in a project), the parent entities are de-facto read-only.
When an entity is created, the creator has full access to it, including the permission to delete or grant access permission to it.
When an entity refers to another entity, the most restrictive permissions applies.
Project
Depending on the permission applied to the considered entity, the services DataSHIELD, R, SQL and Export/Copy may be or not available (driven by the ability to see the individual values).
Note that the R and the DataSHIELD services require an additional specific usage permission.
Resource |
Permission |
Description |
|---|---|---|
A project |
Administrate project |
Full access to the project: tables and resources can be created, modified and deleted at will. Perrmissions to project’s entities can be granted. |
Tables
Entity |
Permission |
Description |
DataSHIELD |
R |
SQL |
Export/Copy |
|---|---|---|---|---|---|---|
A project |
Add tables |
Tables (or views) can be created, either directly or using the import data process.
Full access to the created tables is automatically granted.
|
x |
x |
x |
x |
A table |
View table dictionary
View summaries
|
Read only access to the table dictionary and data summaries (no access to individual values). |
x |
|||
A table |
View table dictionary
View values
|
Read only access to the table dictionary and individual data. |
x |
x |
x |
x |
A table |
Edit table dictionary
View summaries
|
Edit dictionary and view values summary (no access to individual values). |
x |
|||
A table |
Edit table dictionary
View values
|
Edit dictionary and view individual values. |
x |
x |
x |
x |
A table |
Administrate table |
Full access to the table, including edition of the dictionary and individual values. |
x |
x |
x |
x |
A variable |
View variable
View summary
|
Read only access to the variable description and its values summary (no access to individual values). |
x |
x |
x |
x |
Resources
Strictly speaking, permissions are granted to resource references, i.e. it is the ability to connect to a resource that is considered. The resource itself is not directly accessible.
Entity |
Permission |
Description |
DataSHIELD |
R |
|---|---|---|---|---|
A project |
View any resource |
View any resource without having access to the associated credentials. |
x |
|
A project |
Administrate resources |
Full access to the project resources. |
x |
x |
A resource |
View resource |
View resource without having access to the associated credentials. |
x |
|
A resource |
Adinistrate resource |
Full access to the resource. |
x |
x |
System
Entity |
Permission |
Description |
|---|---|---|
System |
Add project |
Add new projects and therefore can import/export data in the context of the project. |
System |
Administrate |
Full access to the system: configuration, users and groups, permissions, taxonomies, databases, R servers, DataSHIELD profiles etc. This is the highest level of permissions. |
R service |
Use |
Use the R service. |
DataSHIELD service |
Use |
Use the DataSHIELD service. |
DataSHIELD service |
Administrate |
Administrate the DataSHIELD service: manage R packages, add and modify profiles. |
DataSHIELD service |
Use profile |
When a DataSHIELD profile access is restricted, the use of the profile also grants the use permission of the DataSHIELD service. |