This is the documentation for SuperSTAR 9.8

SuperSTAR 9.9 is now available.
View this page in the SuperSTAR 9.9 documentation or visit the SuperSTAR 9.9 documentation home.

Skip to end of metadata
Go to start of metadata

Once you have created some user accounts, you need to give those users permission to access datasets. Typically, you will find it easiest to manage permissions by adding users to groups and then giving those groups the appropriate permissions, rather than trying to manage permissions on a per-user basis.

You are recommended to outline the permissions on paper before you start allocating permissions in SuperADMIN. This will help you to define the appropriate group structure and allocate permissions accordingly.

You can apply permissions to any item in the catalogue, including whole datasets, folders and individual fields or value sets. For more information about applying permissions at the field level, see Configure Field Level Security.

If you have configured SuperADMIN to use an external authentication service (such as LDAP or Active Directory), then in order to manage user and group permissions you must be logged in to SuperADMIN as a user who has been authenticated via the external authentication service. The user account must also be a member of the administrators group for that authentication service (i.e., it must be a user that belongs to the administrator group you specified using the auth <service_name> adminGroup <group> command when you set up the external authentication service).

Configure Permissions

To configure permissions, use the following command:

cat {<dataset_id>|<folder_id>} [ <item> ] access {<user>|<group>} {read|write|readpermissions|writepermissions} {true|false}

Where:

ParameterDescription
{<dataset_id>|<folder_id>}

The ID of the dataset or folder you are applying the permission to.

<item>

(Optional): the ID of an item within the dataset to apply security to. If you omit this, the permission is applied to the whole dataset.

The item can be a field, summation option, value, or value set (see these instructions for more information about configuring Field Level Security).

{<user>|<group>}

The user or group this setting applies to.

{read|write|readpermissions|writepermissions}

The permission to apply:

  • read - the user can read/view the catalogue item. You must give users read access to at least one dataset.
  • write - the user can write/edit/change the catalogue item (although not the data itself, this is read only).
  • readpermissions - the user can use SuperADMIN to see what permissions other users have.
  • writepermissions - the user can use SuperADMIN to change other users' permissions over the catalogue item.

See below for more details about the four user permissions.

{true|false}
  • Set to true to allow access for the specified user or group.
  • Set to false to deny access for the specified user or group.

For example, the following code gives the user jsmith read access to the entire Retail Banking dataset (ID: bank):

cat bank access jsmith read true

Check Permissions

There are two main ways to check the current permissions:

  • You can check what permissions a user or group have for a particular catalogue item using the following command:

    cat {<dataset_id>|<folder_id>} [ <item> ] access {<user>|<group>}

    For example:

    > cat bank access standardusers
    [Access Settings : standardusers]
        read         : true
        write        : false
        r/permission : false
        w/permission : false
  • You can check which users and groups have permissions set for any item in the catalogue (such as a dataset, table, folder, record group, etc) using the following command:

    cat <id> permissions

    For example:

    > cat bank permissions
    [Access Settings : guest, user2, standardusers, jsmith (Inheritable:true) ]
        read         : true
    
    > cat MyFolder permissions
    [Access Settings : jsmith (Inheritable:true) ]
        read         : true

Read and Write Permissions

There are four types of permission you can assign to users: read, write, readpermissions and writepermissions.

Standard users should only be given the read permission. This allows the user to access the dataset for cross tabulation using one of the SuperSTAR clients.

The other three permission levels are intended for administrator users only:

  • Users with write access to the dataset can amend the dataset settings in the SuperADMIN console (for example, they can change the dataset display name).
  • Users with readpermission access to the dataset can use SuperADMIN to see what permissions other users have.
  • Users with writepermission access to the dataset can use SuperADMIN to change user permissions on the dataset.

The data in the datasets is read-only. Users cannot change any of the underlying data, regardless of their permissions.

  • No labels