TDM Users and Access
From ICISWiki
Contents |
USERS AND ACCESS
ICIS INSTALLATIONS, USERS AND ACCESS PRIVILEGES
ICIS is implemented separately for each crop and operated through multiple installations. Users assigned to each installation have read-only access to the central database (or a copy of it), and different levels of access to a local database. Information on all installations is retained in an INSTALLATION table in the central database. A similar table in each local database, contains only information pertaining to the specific installation. Applications are thus able to determine which installation is being opened.
The GMS INSTALLATION Table (INSTLN)
| Columns - Long Name (Name) | Description | Type | Length (bytes) |
|---|---|---|---|
| INSTALLATION_NO (INSTALID) | Unique number for each installation. 1 for central GMS. | Integer | 2 |
| ADMIN_USER_ID (ADMIN) | USER_ID of the administrator for this installation | Integer | 2 |
| UPDATE_DATE (UDATE) | Date of last central GMS update from this installation | Long | 4 |
| UPDATE_GID (UGID) | Last local germplasm ID updated | Long | 4 |
| UPDATE_LOCN (ULOCN) | Last local location ID updated | Long | 4 |
| UPDATE_CID (UCID) | Last local change ID updated | Long | 4 |
| UPDATE_NID (UNID) | Last local name ID updated | Long | 4 |
| UPDATE_AID (UAID) | Last local attribute ID updated | Long | 4 |
| UPDATE_LDID (ULDID) | Last local location descriptor updated | Long | 4 |
| UPDATE_METHN (UMETHN) | Last local method ID updated | Integer | 2 |
| UPDATE_FLDNO (UFLDNO) | Last local user field ID updated | Integer | 2 |
| UPDATE_REFNO (UREFNO) | Last local reference ID updated | Integer | 2 |
| UPDATE_PERSONID (UPID) | Last Person ID updated | Long | 4 |
| UPDATE_LISTID (ULISTID) | Last List ID updated | Long | 4 |
| INSTALLATION_DES (IDESC) | Description of the installation | Text | 255 |
| DMS_STATUS (DMS_STATUS) | Zero unless the local DMS is being updated in which case it is one. | Long | 4 |
The USER Table (USERS)
| Columns - Long Name (Name) | Description | Type | Length (bytes) |
|---|---|---|---|
| USER_ID (USERID) | Unique user identification number | Integer | 2 |
| INSTALLATION_NO (INSTALID) | Number of the ICIS installation to which the user belongs
If zero, the user has access to any local database up to the level of access privilege (set by central administrator) | Integer | 2 |
| USER_STATUS (USTATUS) | Status of the user – UNASSIGNED (0), ACTIVE (1), SECURE (2) or CLOSED (9). USERID can be allocated to a particular installation without being assigned. The local administrator can then assign them. Thereafter he/she may only close them, and the sequence is not reversible. SECURE users have their passwords encrypted so that they can only log on through the DLL and cannot log on to other users accounts even if they see the encrypted passwords. | Integer | 2 |
| USER_ACCESS (UACCESS) | Number indicating the access privilege level of the user. See table below for privilege levels. | Integer | 2 |
| USER_TYPE (UTYPE) | Description of user type. For example: (420) Central administrator, (422) Local administrator, (423) Local User, (421) Guest user, Programmer, Data capture project, Breeding project, Genetics research, Genetic resources. | Integer | 2 |
| USER_NAME (UNAME) | Unique user name assigned by the user. | Text | 30 |
| USER_PASSWORD (UPSWD) | Password allocated by the system, but changed by the user. | Text | 10 |
| PERSON_ID (PERSONID) | Person ID linking the user to information such as names, addresses, institute etc. in the PERSONS table | Long | 4 |
| ASSIGN_DATE (ADATE) | Date the user ID was assigned as YYYYMMDD | Long | 4 |
| CLOSE_DATE (CDATE) | Date the user ID was closed as YYYYMMDD | Long | 4 |
Selected users, such as the central database administrator have full access to the central database and to all local ICIS databases. There will also be a “guest user” who will have read access to the central database and to any local database to which physical access is available. All other registered users are linked to a specific installation, with read only access to the central database and varying levels of access to one or more tables of their local database. The user ID, user name, and password will be checked by the open database routine called by all applications, and access to different functions controlled by a system of access privileges.
ICIS Access Privileges
Access to the ICIS database is controlled by a USER_PASSWORD and USER_ACCESS privileges. The list of access privileges is given in the table below. The privileges are cumulative so that a user with privilege N has access to all operations controlled with privilege levels less than or equal to N. Anyone starting an ICIS application automatically has access code 10 as a guest user. When a remote installation is allocated, the local ICIS administrator, who must be identified, is assigned a USER_ID with ACCESS_PRIVILEGE 100. Local USERIDs may be assigned to local users by the local administrator, and given ACCESS_PRIVILEGES less than 100. The local administrator may not change assignments of these USER_IDs once they have been made, but may change the access privileges of all local users except his own. When the database is opened, the supplied user name and password are checked against values in the USERS table. If valid, the databases are opened. Then the single record from the installation table in the local database is read and a check is made that the user has access privileges for the local database. If not, the local database is closed, otherwise access to individual functions in the GMS DLL is checked against the user’s access privileges as calls are made to those functions.
ICIS_GMS Access Privilege Codes
| Code | Meaning |
|---|---|
| 10 | READ CENTRAL DBMS |
| 20 | READ LOCAL AND CENTRAL DBMS |
| 30 | ADD LOCAL GERMPLASM DATA RECORDS |
| 40 | CORRECT OWN, LOCAL GERMPLASM RECORDS |
| 50 | ADD LOCAL SUPPORT DATA (METHODS, CONSTANTS, LOCATIONS) |
| 60 | CORRECT OWN, LOCAL SUPPORT DATA |
| 70 | CORRECT ALL LOCAL GERMPLASM AND SUPPORT DATA |
| 80 | ALLOCATE LOCAL USER_IDS AND PRIVILEGES |
| 90 | SUBMIT LOCAL DATA RECORDS TO CENTRAL DATABASE FOR UPDATE |
| 100 | LOCAL ICIS ADMINISTRATOR |
| 110 | UPDATE central GMS |
| 120 | CORRECT RECORDS IN central GMS |
| 130 | ALLOCATE USER-IDS FOR REMOTE INSTALLATIONS |
| 140 | ALLOCATE REMOTE INSTALLATIONS |
| 150 | CENTRAL ICIS ADMINISTRATOR |
