source: trunk/doc/src/docbook/admindoc/user_administration.xml @ 4477

Last change on this file since 4477 was 4477, checked in by Jari Häkkinen, 14 years ago

Addresses #1106. Moving to GPLv3 in chunked commits.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 37.0 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE chapter PUBLIC
3    "-//Dawid Weiss//DTD DocBook V3.1-Based Extension for XML and graphics inclusion//EN"
4    "../../../../lib/docbook/preprocess/dweiss-docbook-extensions.dtd">
5<!--
6  $Id: user_administration.xml 4477 2008-09-05 15:15:25Z jari $
7
8  Copyright (C) 2007 Peter Johansson, Nicklas Nordborg, Martin Svensson
9
10  This file is part of BASE - BioArray Software Environment.
11  Available at http://base.thep.lu.se/
12
13  BASE is free software; you can redistribute it and/or
14  modify it under the terms of the GNU General Public License
15  as published by the Free Software Foundation; either version 3
16  of the License, or (at your option) any later version.
17
18  BASE is distributed in the hope that it will be useful,
19  but WITHOUT ANY WARRANTY; without even the implied warranty of
20  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21  GNU General Public License for more details.
22
23  You should have received a copy of the GNU General Public License
24  along with this program; if not, write to the Free Software
25  Foundation, Inc., 59 Temple Place - Suite 330,
26  Boston, MA  02111-1307, USA.
27-->
28
29<chapter id="user_administration">
30  <?dbhtml dir="user_administration"?>
31  <title>Account administration</title>
32
33  <important>
34    <title>Read <link linkend="project_permission"><xref linkend="project_permission" /></link></title>
35    <para>
36      This chapter contains importants information about the
37      permission system BASE uses. It is essential that an
38      administrator knows how this works to be able to set up
39      user, groups and roles smoothly.
40    </para>
41  </important>
42
43  <sect1 id="user_administration.users">
44    <title>Users administration</title>
45    <para>
46      The user list is accessed with
47      <menuchoice>
48        <guimenu>Administrate</guimenu>
49        <guimenuitem>Users</guimenuitem>
50      </menuchoice>
51      and from here are the users' account and contact information managed.
52    </para>
53
54    <sect2 id="user_administration.users.edit">
55      <title>Edit user</title>
56      <para>
57        The pop-up window where information and settings for a user can be edited has three
58        tabs, one for the account related, one with information about the user and one that
59        shows the user's memberships.
60      </para>
61      <sect3 id="user_administration.users.edit.properties">       
62        <title>Properties</title>
63        <helptext external_id="user.edit" title="Edit user account">
64          <para>These are the properties for a user account.</para>
65          <variablelist>
66            <varlistentry>
67              <term>
68                <guilabel>Name</guilabel>
69              </term>
70              <listitem>
71                <para>
72                  The full name of the user that is associated with the account.
73                </para>
74              </listitem>
75            </varlistentry>
76            <varlistentry>
77              <term>
78                <guilabel>Login</guilabel>
79              </term>
80              <listitem>
81                <para>
82                  A login name to use when logging in to the account. The login
83                  must be unique among all users.
84                </para>
85              </listitem>
86            </varlistentry>
87            <varlistentry>
88              <term>
89                <optional>
90                  <guilabel>External ID</guilabel>
91                </optional>
92              </term>
93              <listitem>
94                <para>
95                  An id that is used to identify the user outside BASE (optional).
96                  If a valus is given it must be unique among all users.
97                </para>
98              </listitem>
99            </varlistentry>
100            <varlistentry>
101              <term>
102                <guilabel>New password</guilabel>
103              </term>
104              <listitem>
105                <para>
106                  This is used together with the login name to log in to the
107                  account. This is a required field for a new user or if the
108                  password should be changed. If the field is left empty the
109                  password will be unchanged
110                </para>
111              </listitem>
112            </varlistentry>
113            <varlistentry>
114              <term>
115                <guilabel>Retype password</guilabel>
116              </term>
117              <listitem>
118                <para>
119                  Retype the password that is written in
120                  <guilabel>New password</guilabel>.
121                </para>
122              </listitem>
123            </varlistentry>
124            <varlistentry>
125              <term>
126                <optional>
127                  <guilabel>Quota</guilabel>
128                </optional>
129              </term>
130              <listitem>
131                <para>Set disk quota for the account.</para>
132              </listitem>
133            </varlistentry>
134            <varlistentry>
135              <term>
136                <optional>
137                  <guilabel>Quota group</guilabel>
138                </optional>
139              </term>
140              <listitem>
141                <para>
142                  Set this if the account should belong to a group with specified
143                  quota (optional). With this set the user's possibilities to save items to
144                  disk will also depend on how much the rest of the group has
145                  saved.
146                </para>
147              </listitem>
148            </varlistentry>
149            <varlistentry>
150              <term>
151                <optional>
152                  <guilabel>Home directory</guilabel>
153                </optional>
154              </term>
155              <listitem>
156                <para>
157                  Set the account's home directory (optional). A new directory, either empty
158                  or from a template, can be created if editing a new user. Select
159                  <guilabel>- none -</guilabel>
160                  if there should not be any home directory asocciated with the
161                  account.
162                </para>
163              </listitem>
164            </varlistentry>
165            <varlistentry>
166              <term>
167                <optional>
168                  <guilabel>Expiration date</guilabel>
169                </optional>
170              </term>
171              <listitem>
172                <para>
173                  Define a date in this field if the account should expire on a
174                  certain day (optional). The account will be disabled after this date.
175                  Leave this empty if the account never should expire.
176                  <tip>
177                    <para>
178                      Use the
179                      <guibutton>Calendar&hellip;</guibutton>
180                      button to pick a date from a calendar in a pop-up window.
181                    </para>
182                  </tip>
183                </para>
184              </listitem>
185            </varlistentry>
186            <varlistentry>
187              <term>
188                <guilabel>Multi-user account</guilabel>
189              </term>
190              <listitem>
191                <para>
192                  This checkbox should be checked if the account should be used by
193                  more one user. This will prevent the users from changing the
194                  password, contact information and other settings. It will
195                  also reset all list filters, column configurations, etc.
196                  when the user logs out. Normally, these settings are rememembered
197                  between logins.
198                </para>
199              </listitem>
200            </varlistentry>
201            <varlistentry>
202              <term>
203                <guilabel>Disabled</guilabel>
204              </term>
205              <listitem>
206                <para>
207                  Disable the account.
208                </para>
209              </listitem>
210            </varlistentry>
211          </variablelist>
212          <para>
213            Go to the other tabs if there are any changes to do otherwise press
214            &gbSave;
215            to save the values or
216            &gbCancel;
217            to abort.
218          </para>
219          <seeother>
220            <other external_id="user.edit.contact">Edit contact information</other>
221            <other external_id="user.additional">Edit additional info</other>
222            <other external_id="user.edit.membership">Group and role membership</other>
223          </seeother>
224        </helptext>
225      </sect3>
226
227      <sect3 id="user._administration.users.edit.contact">
228        <title>Contact information</title>
229        <helptext external_id="user.edit.contact" title="Edit user's contact information">
230          <para>
231            Information about how to get in contact with the user that is asocciated
232            with the account. All fields on this tab are optional and do not necessarily
233            need to have a value but some can be good to set, like email or phone
234            number.
235          </para>
236          <variablelist>
237            <varlistentry>
238              <term>
239                <optional>
240                  <guilabel>Email</guilabel>
241                </optional>
242              </term>
243              <listitem>
244                <para>
245                  User's email address. There is some verification of the value
246                  but there is no check if the email really exists.
247                </para>
248              </listitem>
249            </varlistentry>
250            <varlistentry>
251              <term>
252                <optional>
253                  <guilabel>Organization</guilabel>
254                </optional>
255              </term>
256              <listitem>
257                <para>The company or organization that the user works for.</para>
258              </listitem>
259            </varlistentry>
260            <varlistentry>
261              <term>
262                <optional>
263                  <guilabel>Address</guilabel>
264                </optional>
265              </term>
266              <listitem>
267                <para>
268                  User's mail address. Use the magnifying glass down to the right,
269                  to edit this property in a larger window.
270                </para>
271              </listitem>
272            </varlistentry>
273            <varlistentry>
274              <term>
275                <optional>
276                  <guilabel>Phone</guilabel>
277                </optional>
278              </term>
279              <listitem>
280                <para>
281                  User's phone number(s)
282                  <note>
283                    <para>
284                      There is no special field for mobile phone, but it works
285                      fine to put more then one number in this field.
286                    </para>
287                  </note>
288                </para>
289              </listitem>
290            </varlistentry>
291            <varlistentry>
292              <term>
293                <optional>
294                  <guilabel>Fax</guilabel>
295                </optional>
296              </term>
297              <listitem>
298                <para>User's fax number.</para>
299              </listitem>
300            </varlistentry>
301            <varlistentry>
302              <term>
303                <optional>
304                  <guilabel>Url</guilabel>
305                </optional>
306              </term>
307              <listitem>
308                <para>A URL that is associated with the user.</para>
309              </listitem>
310            </varlistentry>
311            <varlistentry>
312              <term>
313                <optional>
314                  <guilabel>Description</guilabel>
315                </optional>
316              </term>
317              <listitem>
318                <para>
319                  Other useful contact information or description about the user
320                  can be written in this field. Use the magnifying glass to edit
321                  the information in a pop-up window with a larger text-area.
322                </para>
323              </listitem>
324            </varlistentry>
325          </variablelist>
326          <para>
327            Go to the other tabs if there are any changes to do otherwise press
328            &gbSave;
329            to save the values or
330            &gbCancel;
331            to abort.
332          </para>
333          <seeother>
334            <other external_id="user.edit">Edit account</other>
335            <other external_id="user.additional">Edit additional info</other>
336            <other external_id="user.edit.membership">Group and role membership</other>
337          </seeother>
338        </helptext>
339      </sect3>
340
341      <sect3 id="user_administration.users.edit.additional">
342        <title>Additional information</title>
343        <helptext external_id="user.edit.additional" title="Additional information">
344          <para>
345            This tab contains fields that hold various information about the user. There are
346            by default two fields in BASE2 but this could easily be changed by the
347            server administrator. How this configuration is done can be read in
348            <xref linkend="appendix.extendedproperties" />
349            <note>
350              <para>
351                The
352                <guilabel>Additional info</guilabel>
353                tab is only visible if there is one or more property defined for
354                <classname docapi="net.sf.basedb.core.data">UserData</classname>
355                in the configuration file for extended properties.
356              </para>
357            </note>
358           
359            These are the fields that are installed with BASE2
360            <variablelist>
361              <varlistentry>
362                <term>
363                  <guilabel>Mobile</guilabel>
364                </term>
365                <listitem>
366                  <para>
367                    The user's mobile number could be put in this field. This
368                    field could be left empty.
369                  </para>
370                </listitem>
371              </varlistentry>
372              <varlistentry>
373                <term>
374                  <guilabel>Skype</guilabel>
375                </term>
376                <listitem>
377                  <para>
378                    Skype contact information, if the user has a registered
379                    skype account. This field could be left empty.
380                  </para>
381                </listitem>
382              </varlistentry>
383            </variablelist>
384          </para>
385          <para>
386            Go to the other tabs if there are any changes to do otherwise press
387            &gbSave;
388            to save the values or
389            &gbCancel;
390            to abort.
391          </para>
392          <seeother>
393            <other external_id="user.edit">Edit account</other>
394            <other external_id="user.contact">Edit contact</other>
395            <other external_id="user.edit.membership">Group and role membership</other>
396          </seeother>
397        </helptext>
398      </sect3>
399
400      <sect3 id="user_administration.users.edit.membership">
401        <title>Group and role membership</title>
402        <helptext external_id="user.edit.membership" title="Group and role membership">
403          <para>
404            On this tab, the group and role membership of a user can be
405            specified. The membership can also be changed by editing the
406            group and/or role.
407           
408            <note>
409              <para>
410              When adding a new user, the user is automatically added
411              as a member to all groups and roles that has been marked
412              as <emphasis>default</emphasis>. In the standard BASE distribution
413              the <emphasis>User</emphasis> role is marked as a default role.
414              </para>
415            </note>
416          </para>
417         
418          <variablelist>
419            <varlistentry>
420              <term><guilabel>Member in</guilabel></term>
421              <listitem>
422                <para>
423                Lists the groups and roles the user already is a member of.
424                </para>
425              </listitem>
426            </varlistentry>
427           
428            <varlistentry>
429              <term><guilabel>Add groups&hellip;</guilabel></term>
430              <listitem>
431                <para>
432                Opens a popup window that allows you to select
433                groups. In the popup window, mark
434                one or more groups and click on the &gbOk;
435                button. The popup window will not list groups that
436                the user already is a member of.
437                </para>
438              </listitem>
439            </varlistentry>
440           
441            <varlistentry>
442              <term><guilabel>Add roles&hellip;</guilabel></term>
443              <listitem>
444                <para>
445                Opens a popup window that allows you to select
446                roles. In the popup window, mark
447                one or more roles and click on the &gbOk;
448                button. The popup window will not list roles that
449                the user already is a member of.
450                </para>
451              </listitem>
452            </varlistentry>
453           
454            <varlistentry>
455              <term><guilabel>Remove</guilabel></term>
456              <listitem>
457                <para>
458                Use this button to remove the user from the selected
459                groups and/or roles. The selected items will then disappear
460                from the list of memberships.
461                </para>
462              </listitem>
463            </varlistentry>
464          </variablelist>
465         
466          <para>
467            Go to the other tabs if there are any changes to do otherwise press
468            &gbSave;
469            to save the values or
470            &gbCancel;
471            to abort.
472          </para>
473          <seeother>
474            <other external_id="user.edit">Edit user</other>
475            <other external_id="user.edit.contact">Edit contact information</other>
476            <other external_id="user.additional">Edit additional info</other>
477            <other external_id="user.edit.default_membership">Default group and role membership</other>
478          </seeother>
479        </helptext>
480      </sect3>
481    </sect2>
482   
483    <sect2 id="user_administration.users.default_membership">
484      <title>Default group and role membership</title>
485     
486      <helptext external_id="user.edit.default_membership" 
487        title="Default group and role membership">
488        <para>
489          It is possible to automatically let BASE add new users
490          as a member of a pre-defined list of groups and/or roles. This is done
491          by marking those groups and roles as <emphasis>default</emphasis>
492          groups and roles. There are two ways to do this.
493        </para>
494       
495        <orderedlist>
496        <listitem>
497          <para>
498          Change the flag in the edit-dialog for each of the groups/roles
499          that you want to assign as default.
500          </para> 
501        </listitem>
502       
503        <listitem>
504          <para>
505          Use the <guibutton>Default membership</guibutton> button on the
506          <menuchoice>
507            <guimenu>Administrate</guimenu>
508            <guimenuitem>Users</guimenuitem>
509          </menuchoice>
510          page and select groups and roles in a popup dialog.
511          The dialog lists all groups and roles that are currently
512          assigned as default. Use the <guibutton>Add groups</guibutton>
513          and <guibutton>Add roles</guibutton> buttons to select more
514          groups and roles. Use the <guibutton>Remove</guibutton> button
515          to remove the selected groups/roles.
516          </para>
517        </listitem>
518        </orderedlist>
519       
520        <note>
521          <para>
522          Changing which groups and roles that are the default does not affect
523          existing user accounts. They are only used to assign membership to
524          new users.
525          </para>
526        </note>
527        <seeother>
528          <other external_id="user.edit.membership">Edit user group and role membership</other>
529        </seeother>
530      </helptext>
531    </sect2>
532  </sect1>
533
534  <sect1 id="user_administration.groups">
535    <title>Groups administration</title>
536    <para>
537      Groups in BASE are meant to represent the organizational structure of
538      a company or instituion. For example, there can be one group for each
539      department and subgroups for the teams in the departments.
540      The group-membership is normally set when the user is added to BASE and
541      should not have to be changed later, except when the company is re-organizing.
542    </para>
543    <para>
544      There is one pre-installed group in BASE, a system group, called Everyone. It is, like
545      the name says, a group in which everyone (all users) are members. The users that are
546      allowed to share to everyone can easily share items to all users by sharing the item to
547      this group.
548    </para>
549
550    <sect2 id="user_administration.groups.edit">
551      <title>Edit group</title>
552      <para>
553        The pop-up window where a group can be edited has two tabs,
554        <guilabel>Group</guilabel>
555        and
556        <guilabel>Members</guilabel>.
557      </para>
558      <sect3 id="user_administration.groups.edit.properties">
559        <title>Properties</title>
560        <helptext external_id="group.edit" title="Edit group">
561          <variablelist>
562            <varlistentry>
563              <term>
564                <guilabel>Name</guilabel>
565              </term>
566              <listitem>
567                <para>The name of the group.</para>
568              </listitem>
569            </varlistentry>
570            <varlistentry>
571              <term>
572                <guilabel>Default</guilabel>
573              </term>
574              <listitem>
575                <para>
576                  Mark this checkbox to let BASE automatically add new users
577                  as members to this group.
578                </para>
579              </listitem>
580            </varlistentry>
581            <varlistentry>
582              <term>
583                <optional>
584                  <guilabel>Description</guilabel>
585                </optional>
586              </term>
587              <listitem>
588                <para>
589                  Description about the group. The magnifying glass, down to the
590                  right, can be used to open and edit the text in a larger text
591                  area.
592                </para>
593              </listitem>
594            </varlistentry>
595            <varlistentry>
596              <term>
597                <optional>
598                  <guilabel>Quota</guilabel>
599                </optional>
600              </term>
601              <listitem>
602                <para>
603                  With this property it's possible to limit the quota of total
604                  disk space for the group members. Select
605                  <guilabel>-none-</guilabel>
606                  from the drop-down list if the group should not have any quota.
607                  There are some presets of quotas that comes with the BASE2
608                  installation, besides a couple with different size of total disk
609                  space there are one called
610                  <guilabel>No quota</guilabel>
611                  and one with
612                  <guilabel>Unlimited quota</guilabel>.
613                  Their names speak for them self.
614                </para>
615               
616                <note>
617                  <para>
618                  A user can only take quota from one group, which has
619                  to be specified as the <guilabel>Quota group</guilabel>
620                  of the user.
621                  </para>
622                </note>
623               
624              </listitem>
625            </varlistentry>
626          </variablelist>
627          <para>
628            Go to the other tab,
629            <guilabel>Members</guilabel>,
630            if there are any changes to do otherwise use
631            &gbSave;
632            to save the settings or
633            &gbCancel;
634            to abort.
635          </para>
636          <seeother>
637            <other external_id="group.edit.membership">Edit group members</other>
638            <other external_id="user.edit">Edit user</other>
639          </seeother>
640        </helptext>
641      </sect3>
642
643      <sect3 id="user_administration.groups.edit.members">
644        <title>Group members</title>
645        <helptext external_id="group.edit.membership" title="Edit group members">
646          <para>
647            A group can have both single users and other groups as members. Group
648            members have access to those items that are shared to the group. Each user
649            in the group has the possibility to share their own items to one or more of
650            the other members or to the whole group.
651          </para>
652         
653          <variablelist>
654            <varlistentry>
655              <term><guilabel>Members</guilabel></term>
656              <listitem>
657                <para>
658                  Lists the user and groups that are already
659                  members of this group.
660                </para>
661              </listitem>
662            </varlistentry>
663           
664            <varlistentry>
665              <term><guilabel>Add users&hellip;</guilabel></term>
666              <listitem>
667                <para>
668                Opens a popup window that allows you to add
669                users to the group. In the popup window, mark
670                one or more users and click on the &gbOk;
671                button. The popup window will not list users that
672                are already members of the group.
673                </para>
674              </listitem>
675            </varlistentry>
676           
677            <varlistentry>
678              <term><guilabel>Add groups&hellip;</guilabel></term>
679              <listitem>
680                <para>
681                Opens a popup window that allows you to add
682                other groups to the group. In the popup window, mark
683                one or more groups and click on the &gbOk;
684                button. The popup window will not list groups that
685                are already members of the group.
686                </para>
687              </listitem>
688            </varlistentry>
689           
690            <varlistentry>
691              <term><guilabel>Remove</guilabel></term>
692              <listitem>
693                <para>
694                Use this button to remove the selected
695                users and/or groups from this group. The selected items will
696                disappear from the list of memberships.
697                </para>
698              </listitem>
699            </varlistentry>
700           
701          </variablelist>
702         
703          <para>
704            Go to the other tab if there are any changes to do, otherwise use
705            &gbSave;
706            to save the values or
707            &gbCancel;
708            to abort.
709          </para>
710          <seeother>
711            <other external_id="group.edit">Edit group properties</other>
712          </seeother>
713        </helptext>
714      </sect3>
715    </sect2>
716  </sect1>
717
718  <sect1 id="user_administration.roles">
719    <title>Roles administration</title>
720    <para>
721      Roles are meant to represent different kinds of working positions that users can have,
722      like server administrator or regular user just to mention two.
723      Users are normally assigned a role, perhaps more than one, when they are created and
724      registered in BASE.
725    </para>
726
727
728    <sect2 id="user_administration.roles.defaultroles">
729      <title>Pre-defined system roles</title>
730      <para>
731        BASE comes with some pre-defined roles. These are configured to cover the
732        normal user roles that can appear. A more detailed description of the different
733        roles and when to use them follows here.
734      </para>
735      <variablelist>
736        <varlistentry>
737          <term>Administrator</term>
738          <listitem>
739            <para>
740              This role gives the user full permission to do everything in BASE and
741              also possibility to share items with the system-group 'Everyone'. Users
742              that are supposed to administrate the server, user accounts, groups etc.
743              should have this role.
744            </para>
745          </listitem>
746        </varlistentry>
747        <varlistentry>
748          <term>Supervisor</term>
749          <listitem>
750            <para>
751              Users that are members of this role has permission to read everything in
752              BASE. This role does not let the members to actually do anything in BASE
753              except read and supervise.
754            </para>
755          </listitem>
756        </varlistentry>
757        <varlistentry>
758          <term>Power user</term>
759          <listitem>
760            <para>
761              This role allows it's members to do some things that an ordinary user
762              not is allowed to. Most things are related to global resources
763              like reporters, the array lims and plug-ins.
764              This role can be proper for those users that are in
765              some kind of leading position over workgroups or projects.
766            </para>
767          </listitem>
768        </varlistentry>
769        <varlistentry>
770          <term>User</term>
771          <listitem>
772            <para>
773              A role that is suitable for all ordinary users. This allows the members
774              to do common things in BASE such as creating biomaterials and
775              experiments, uploading raw data and analyse it.
776            </para>
777          </listitem>
778        </varlistentry>
779        <varlistentry>
780          <term>Guest</term>
781          <listitem>
782            <para>
783              This is a role with limited access to create new things. It is useful
784              for those who wants to have peek at the program. It can also be
785              used for someone that is helping out with the analysis of an experiment.
786            </para>
787          </listitem>
788        </varlistentry>
789        <varlistentry>
790          <term>Job agent</term>
791          <listitem>
792            <para>
793              This role is given to the job agents and allows them to read and execute
794              jobs. Job agents always runs the jobs as the user who created the job
795              and therefore it have to be able to act as another user.
796            </para>
797          </listitem>
798        </varlistentry>
799      </variablelist>
800    </sect2>
801
802    <sect2 id="user_administration.roles.edit">
803      <title>Edit role</title>
804      <para>
805        Creating a new role or editing the system-roles are something that do not needs to be
806        done very often. The existing roles will normally be enough but there can be some
807        cases when they need to be complemented, either with a new role or with different
808        permissions.
809      </para>
810      <sect3 id="user_administration.roles.edit.properties">
811        <title>Properties</title>
812        <helptext external_id="role.edit" title="Edit role">
813
814          <variablelist>
815            <varlistentry>
816              <term>
817                <guilabel>Name</guilabel>
818              </term>
819              <listitem>
820                <para>The name of the role.</para>
821              </listitem>
822            </varlistentry>
823            <varlistentry>
824              <term>
825                <guilabel>Share to Everyone</guilabel>
826              </term>
827              <listitem>
828                <para>
829                Allows the user to share items to the
830                system-group 'Everyone'.
831                </para>
832              </listitem>
833            </varlistentry>
834           
835            <varlistentry>
836              <term><guilabel>Act as another user</guilabel></term>
837              <listitem>
838                <para>
839                  Allows the user to login as another user without
840                  knowing the password. This is used by job agents
841                  to make it possible for them to execute a plug-in
842                  as the user that created the job. This permission
843                  will also make it possible to switch user in the web
844                  interface. It can be useful for an administrator who
845                  needs to check out a problem, but use this permission
846                  with care.
847                </para>
848              </listitem>
849            </varlistentry>
850
851            <varlistentry>
852              <term>
853                <guilabel>Select job agent for jobs</guilabel>
854              </term>
855              <listitem>
856                <para>
857                Allows the user to select a specific job agent when running jobs.
858                Users without this permission will always have a randomly selected
859                job agent.
860                </para>
861              </listitem>
862            </varlistentry>
863
864            <varlistentry>
865              <term>
866                <guilabel>Default</guilabel>
867              </term>
868              <listitem>
869                <para>
870                  Mark this checkbox to let BASE automatically add new users
871                  as members to the role.
872                </para>
873              </listitem>
874            </varlistentry>
875            <varlistentry>
876              <term>
877                <guilabel>Description</guilabel>
878              </term>
879              <listitem>
880                <para>Description and information about the role.</para>
881              </listitem>
882            </varlistentry>
883          </variablelist>
884          <para>
885            Set the properties and proceed then to either one of the other tabs or by
886            clicking on one of the buttons:
887            &gbSave;
888            to save the changes or
889            &gbCancel;
890            to abort.
891          </para>
892          <seeother>
893            <other external_id="role.edit.permissions">Role permissions</other>
894            <other external_id="role.edit.members">Role members</other>
895          </seeother>
896        </helptext>
897      </sect3>
898
899      <sect3 id="user_administration.roles.edit.permissions">
900        <title>Permissions</title>
901        <helptext external_id="role.edit.permissions" title="Edit role permissions">
902          <para>
903            A role's permissions are defined for each item type within BASE 2. Set the
904            role's permission on an item type by first selecting the item(s) in the list
905            and then tick those permissions that should be applied. Not all permissions
906            can be applied to every item type, that's why permission check-boxes becomes
907            disabled when selecting some of the item types
908          </para>
909          <para>
910            After each item type in the list is a string inside square brackets that
911            shows what kind of permissions the current role has on that particular item
912            type. The permissions that do not have been set are represented with '-'
913            inside the square brackets and those which have been set are represented
914            with characters that are listed below.
915          </para>
916          <itemizedlist>
917            <listitem>
918              <simpara>
919                <guilabel>DENIED</guilabel>
920                = Deny access to the selected item type. This exclude all the other
921                permissions by unchecking the other check boxes.
922              </simpara>
923            </listitem>
924            <listitem>
925              <simpara>
926                <guilabel>C</guilabel>
927                = Create
928              </simpara>
929            </listitem>
930            <listitem>
931              <simpara>
932                <guilabel>R</guilabel>
933                = Read
934              </simpara>
935            </listitem>
936            <listitem>
937              <simpara>
938                <guilabel>U</guilabel>
939                = Use
940              </simpara>
941            </listitem>
942            <listitem>
943              <simpara>
944                <guilabel>W</guilabel>
945                = Write
946              </simpara>
947            </listitem>
948            <listitem>
949              <simpara>
950                <guilabel>D</guilabel>
951                = Delete
952              </simpara>
953            </listitem>
954            <listitem>
955              <simpara>
956                <guilabel>O</guilabel>
957                = Take ownership
958              </simpara>
959            </listitem>
960            <listitem>
961              <simpara>
962                <guilabel>P</guilabel>
963                = Set permission
964              </simpara>
965            </listitem>
966          </itemizedlist>
967          <para>
968            Set the role's permission on each one of the item types and proceed then to
969            one of the other tabs or click on
970            &gbSave;
971            to save the changes or
972            &gbCancel;
973            to abort.
974          </para>
975          <seeother>
976            <other external_id="role.edit">Edit properties</other>
977            <other external_id="role.edit.members">Role members</other>
978          </seeother>
979        </helptext>
980      </sect3>
981
982      <sect3 id="user_administration.roles.edit.members">
983        <title>Members</title>
984        <helptext external_id="role.edit.members" title="Role members">
985       
986        <variablelist>
987          <varlistentry>
988            <term><guilabel>Members</guilabel></term>
989            <listitem>
990              <para>
991              Users that are members of a role are listed in the list-box located on this
992              tab.
993              </para>
994            </listitem>
995          </varlistentry>
996          <varlistentry>
997            <term><guibutton>Add users</guibutton></term>
998            <listitem>
999              <para>
1000                Select the users that should be added from the list in the
1001                pop-up window. Click on the
1002                &gbOk;
1003                button to close the pop-up window and add the selected users.
1004              </para>
1005            </listitem>
1006          </varlistentry>
1007          <varlistentry>
1008              <term>Remove</term>
1009              <listitem>
1010                <para>
1011                  Removes the selected users from the role.
1012                </para>
1013              </listitem>
1014            </varlistentry>
1015          </variablelist>
1016          <para>
1017            Press
1018            &gbSave;
1019            to save the role or go to one of the other tabs if there are more that needs
1020            to be set. Use
1021            &gbClose;
1022            to abort and close the window without saving the changes.
1023          </para>
1024          <seeother>
1025            <other external_id="role.edit">Edit properties</other>
1026            <other external_id="role.edit.permissions">Role permissions</other>
1027          </seeother>
1028        </helptext>
1029      </sect3>
1030    </sect2>
1031  </sect1>
1032
1033  <sect1 id="user_administration.quota">
1034    <title>Disk space/quota</title>
1035    <para>
1036      The administrator can control the maximum size of disk space for users and groups.
1037      A user must be assigned a quota of their own and may optionally have a group
1038      quota as well. If so, the most restrictive quota is checked whenever the user
1039      tries to do something that counts as disk-consuming, for example uploading a file.
1040    </para>
1041   
1042    <note>
1043      <para>
1044      The quota is checked before an operation, which is allowed to continue if there
1045      is space left. For example, even if you have only one byte left of disk space
1046      you are allowed to upload a 10MB file.
1047      </para>
1048    </note>
1049     
1050    <para>
1051      Read
1052      <xref linkend="user_administration.users.edit" />
1053      and <xref linkend="user_administration.groups.edit" />
1054      for information about how to set a quota for a user and
1055      group.
1056    </para>
1057    <para>
1058      The list of quotas in BASE can be found by using the menu
1059      <menuchoice>
1060        <guimenu>Administrate</guimenu>
1061        <guimenuitem>Quota</guimenuitem>
1062      </menuchoice>.
1063    </para>
1064
1065    <sect2 id="user_administration.quota.edit">
1066      <title>Edit quota</title>
1067      <para>
1068        The edit window has two tabs, one with information about the quota and one where the
1069        limits are defined.
1070      </para>
1071      <sect3 id="user_administration.quota.edit.properties">
1072        <title>Properties</title>
1073        <helptext external_id="quota.edit" title="Edit properties">
1074          <variablelist>
1075            <varlistentry>
1076              <term>
1077                <guilabel>Name</guilabel>
1078              </term>
1079              <listitem>
1080                <para>Name of the quota.</para>
1081              </listitem>
1082            </varlistentry>
1083            <varlistentry>
1084              <term>
1085                <optional>
1086                  <guilabel>Description</guilabel>
1087                </optional>
1088              </term>
1089              <listitem>
1090                <para>
1091                  Description of the quota. It could be a good idea to
1092                  describe the quota's details here. Use the magnifying glass to
1093                  edit the text in a larger text area.
1094                </para>
1095              </listitem>
1096            </varlistentry>
1097          </variablelist>
1098          <para>
1099            Go to the other tab if there are values that have not been set. Otherwise use
1100            &gbSave;
1101            to save the settings or
1102            &gbCancel;
1103            to abort.
1104          </para>
1105        </helptext>
1106      </sect3>
1107
1108      <sect3 id="user_administration.quota.edit.values">
1109        <title>Values</title>
1110        <helptext external_id="quota.edit.values" title="Edit quota values">
1111          <para>
1112            The quota values are defined here, both for the primary location and the
1113            secondary location. Use the check box to the right of the input fields to
1114            set unlimited quota. You can use the abbreviations
1115            <abbrev>kb</abbrev>, <abbrev>Mb</abbrev> and <abbrev>Gb</abbrev>
1116            to specify the quota values.
1117          </para>
1118          <variablelist>
1119            <varlistentry>
1120              <term>
1121                <guilabel>Total</guilabel>
1122              </term>
1123              <listitem>
1124                <para>
1125                  Limit of total quota. The sum of the other three quotas does not
1126                  have to be the same as this, it is always the most restricted
1127                  value that is used.
1128                </para>
1129              </listitem>
1130            </varlistentry>
1131            <varlistentry>
1132              <term>
1133                <optional>
1134                  <guilabel>Files</guilabel>
1135                </optional>
1136              </term>
1137              <listitem>
1138                <para>Limit of disk space to save files in.</para>
1139              </listitem>
1140            </varlistentry>
1141            <varlistentry>
1142              <term>
1143                <optional>
1144                  <guilabel>Raw data</guilabel>
1145                </optional>
1146              </term>
1147              <listitem>
1148                <para>Limit of disk space to save raw data in.</para>
1149              </listitem>
1150            </varlistentry>
1151            <varlistentry>
1152              <term>
1153                <optional>
1154                  <guilabel>Experiments</guilabel>
1155                </optional>
1156              </term>
1157              <listitem>
1158                <para>
1159                  Limit of disk space that can be used by experiments.
1160                </para>
1161              </listitem>
1162            </varlistentry>
1163          </variablelist>
1164          <para>
1165            When everything have been set the quota is saved by using
1166            &gbSave;. To discard changes use
1167            &gbCancel;.
1168          </para>
1169        </helptext>
1170      </sect3>
1171    </sect2>
1172   
1173    <sect2 id="user_administration.quota.diskusage">
1174      <title>Disk usage</title>
1175     
1176      <para>
1177        Go to
1178        <menuchoice>
1179          <guimenu>Administrate</guimenu>
1180          <guimenuitem>Disk usage</guimenuitem>
1181        </menuchoice>
1182        if you want to get statistics about how the disk
1183        is used. There are three tabs:
1184      </para>
1185     
1186      <variablelist>
1187        <varlistentry>
1188          <term><guilabel>Overview</guilabel></term>
1189          <listitem>
1190            <para>
1191              Gives an overview of the total disk usage.
1192              It is divided per location and quota type.
1193            </para>
1194          </listitem>
1195        </varlistentry>
1196
1197        <varlistentry>
1198          <term><guilabel>Per user</guilabel></term>
1199          <listitem>
1200            <para>
1201              Gives an overview of the disk usage
1202              per user. For each user you can get a summary
1203              displaying the total disk usage and
1204              divided per location and quota type.
1205              Use the <guilabel>View details</guilabel>
1206              link to list all items that uses up disk space.
1207              The list displays the name and type of each item
1208              and the amount of disk space it uses.
1209            </para>
1210          </listitem>
1211        </varlistentry>
1212       
1213        <varlistentry>
1214          <term><guilabel>Per group</guilabel></term>
1215          <listitem>
1216            <para>
1217              Gives an overview of the disk usage
1218              per group, with the same functionality
1219              as the per user overview.
1220            </para>
1221          </listitem>
1222        </varlistentry>
1223      </variablelist>
1224     
1225    </sect2>
1226   
1227  </sect1>
1228</chapter>
Note: See TracBrowser for help on using the repository browser.