NIH | National Cancer Institute | NCI Wiki   New Account Help Tips
Skip to end of metadata
Go to start of metadata

This chapter describes how to set up security for image data you submit to NBIA.

Topics in this chapter include:

Data Security Overview

The User Authorization Tool in NBIA enables NBIA administrators to authorize users access to submitted image data. Administrators create protection group(s) and then assign protection elements to limit access and visibility of the image data. NBIA creates protection elements automatically based on image collection and site(s) of submitted data. Once the protections groups are set up, a user can be assigned to protection group(s) with the associated role(s). With the protection group/role combination, a user can only access the protection group data in the way specified by the role.

For example, user JoanSmith can access NCIA Mouse Astrocytoma as role CURATOR, but JohnJones can only access NCIA Mouse Astrocytoma as role READER.

Return to top of page

Accessing the User Authorization Tool

To access the User Authorization Tool, you must be an NBIA administrator. Documentation about how to use the User Authorization Tool is in the NBIA Administrator's Guide.

  1. Log into NBIA.
  2. Select Administration > User Authorization.
    The User Authorization Tool window appears with the User, Protection Group, and User Authorization tabs.

Tip

You must be an NBIA administrator to use the User Authorization Tool.

Managing Users

Tip

Do to caching of user permissions it can take up to an hour for user changes to be reflected throughout the system.

Once a user submits data, an administrator adds the user to NBIA. The administrator must create the user in LDAP to manage data access privileges.

What to do if the user is not in LDAP

Contact Application Support to request that they add a user to LDAP.

Managing users involves:

Adding a User to NBIA

  1. Select Admin > User Authorization Tool.
    User tab of the User Authentication Tool
  2. Select the User tab.

  3. Click Add User button.
    The User Details window appears.
    User Details page
  4. Add the user's Login Name. Do not use special characters in the Login Name. The Login Name is not case-sensitive.
  5. Add a valid Email address of the user.
  6. To activate the user, select Active Status. To deactivate the user in NBIA, clear Active Status.

  7. Click Save button to save the changes.
    The user is added to NBIA and the table on the User tab.

Return to top of page

Finding a User

To find a user on the User tab, narrow the list by adding one or more characters to one or more column header boxes.

In the following example, the displayed users have 5523 as part of their login name and nlsc in their email address.

Example of a user column search

Return to top of page

Updating User Information

  1. Select Admin > User Authentication Tool.
  2. Select the User tab.
  3. Click Edit user button.
    The User Details window appears.
    User Details page

  4. Update the Email address as needed. The Login Name cannot be updated.

  5. For an active user, maintain Active Status. To deactivate the user in NBIA, clear Active Status.

  6. Click Save to save the changes.
    The user information is updated in the table.

Return to top of page

Deactivating a User

A user cannot be deleted from NBIA, only deactivated.

  1. Select Admin > User Authentication Tool.
  2. Select the User tab.

  3. Find the user you want to deactivate.

  4. Click Edit user button.
    The User Details window appears.
    User Details page

  5. Clear the Active Status box and then click Save.
    The user's Active Status value changes to False.

Return to top of page

Managing Protection Groups

An NBIA administrator uses the Protection Group tab to add protection groups and assign protection elements to limit data access and visibility by image collection and site(s).

Protection elements are created automatically

NBIA automatically creates protection elements when data is submitted based on the image collection and site(s).

Managing protection groups involves:

Adding a Protection Group

  1. From the Protection Group tab, click Add Protection Group.
    The Protection Group Details window appears.
    Protection Group Details

    The following table lists and describes protection group information.

    Name

    Description

    Protection Group Name

    Start the name with "NCIA” and enter your name of choice.

    No Special Characters

    Do not use special characters such as # or \ in group names.

    Protection Group Description

    Add a description (optional).

  2. Click Save button to save the changes.
    The protection group is added to the table.

Return to top of page

Associating Protection Elements with a Protection Group

Once you create the necessary protection group(s), assigning the associated protection element(s) is the beginning of setting up security for a collection's visibility in NBIA. The protection element identifies the collection, as well as the site, associated with the data.

Data Access and Protection Elements

If the protection element is set to Public, a user can be assigned the Public role and have access. For limited access to the data, assign a user to a protection group and a role that allows the user data access.

To associate a protection element with a protection group

  1. On the Protection Group tab, find the protection group.
  2. Click Add button in the Assign Protection Element column.
    The Add Protection Element(s) to Protection Group window appears.
    Add Protection Element(s) to Protection Group window
  3. Click Available Protection Elements.

  4. Select the elements to be associated with the protection group.

    Narrowing a List

    To narrow a list, type the name or part of the name next to the magnifying glass icon (Magnifying glass icon).

  5. Click Add button to save the changes.

  6. The Associated Protection Element(s) column lists the elements that you added.

    In the following example protection element, NCIA.SportInjury//ACL

    • NCIA.SportInjury is the collection.
    • ACL is the site.

      Multiple Sites

      If there are multiple sites for a collection, you might want to create a protection group for each site. This process would grant access to verify submissions per site.

Return to top of page

Removing Protection Elements from a Protection Group

  1. Click Remove button in the Remove Protection Element(s) column.
    The Remove Protection Element(s) from Protection Group window appears.
    Remove Protection Element(s) from Protection Groups window
    The Protection Group Name cannot be changed.
  2. Click Included Protection Elements, and select the elements to remove.

    Narrowing a List

    To narrow a list, type the name or part of the name next to the magnifying glass icon (Magnifying glass icon).

    Click x to return without saving.

  3. Click Remove button to save the changes.
    The protection element(s) is no longer listed in the Associated Protection Elements column.

Return to top of page

Finding a Protection Group

On the Protection Group tab, you can perform a global search or a column search both described in the following table.

 You can perform both searching techniques to further filter a list, but do not forget to clear the search boxes to expand the list.

Type of SearchPerforming a Search
Global Search

You can search for a term or part of a term in all the protection group columns in the table. All protection groups with the characters you entered are returned.

In the following example, a Global Search of colonography finds protection groups with the word in the Protection Group name and the Associated Protection Elements.

Global search of a protection group
Column Search

You can also find protection groups in the table by adding a term to a column header or more than one column header to further narrow the list.

In the following example, bbb in the Protection Group column and demo in the Description column, displays two results.

Search of protection groups by columns

Return to top of page

Updating a Protection Group Description

  1. On the Protection Group tab, find the protection group you want to update.
  2. Click Edit button.
    The Protection Group Details window appears.

  3. Update the group description.
    Note that you cannot update the protection group name.

  4. Click Save button to save the changes.

Return to top of page

Deleting a Protection Group

  1. On the Protection Group tab, find the protection group you want to delete.
  2. Click Edit button.
    The Protection Group Details window appears.

  3. Click Delete button.
    The row is removed from the table.

Return to top of page

Adding Protection Groups and Assigning Roles

An NBIA administrator creates protection groups to limit data access and visibility by image collection and site(s). Administrators add users to protection groups and can then further manage their access by assigning them one or more roles. Users can only access the protection group data in the way that the role specifies.

For example, John Smith needs to be a curator within the Mouse Astrocytoma protection group, so user johnsmith is assigned to protection group NBIA Mouse Astrocytoma with the role of CURATOR.

Topics in this section include:

Adding a Protection Group

  1. Select Admin > User Authentication Tool.
  2. Select the Protection Group tab.
  3. Scroll down to the bottom of the page and click Add Protection Group button.
    The Protection Group Details window appears.
    Protection Group Details window
  4. Enter a name for the new group and optionally, a description.

    No Special Characters

    Do not use special characters such as # or \ in group names.

  5. Click Save button.
    The protection group appears on the Protection Group tab.

Return to top of page

Assigning a User to a Protection Group with Roles

Super Administrator

If you are a Super Administrator for one protection group, your privileges extend to all of the protection groups.

To assign a user to a protection group and assign roles

  1. Select Admin > User Authentication Tool.
  2. Select the User Authorization tab.

  3. Select a user from the list.
    A page listing the protection groups and access roles associated with the selected user opens.
    User Authorization tab of the User Authorization tool

  4. Click Add Protection Group and Access Role button.
    The Grant Access to Selected User window opens.
    Grant Access to Selected User page

  5. From the Protection Group list, select the group to which you want to assign the user.
  6. From the Role list, select the access role that the user should have in that protection group.
    The following table lists and describes the access roles available in NBIA.

    Access Role
    Description of Access Role
    NCIA ADMIN

    Access the User Authorization Tool to manage users

    NCIA CURATE

    Add or modify curation data

    NCIA DELETE_ADMIN

    Super Administrator role for deletions

    NCIA MANAGE_COLLECTION_DESCRIPTION

    Manage collection descriptions

    NCIA MANAGE_VISIBILITY_STATUS

    Access the Quality Control (QC) Tool

    NCIA READ

    Public role for searching

    NCIA SUPER_CURATOR

    Super Administrator role for approving deletions

    NCIA VIEW_SUBMISSION_REPORT

    Access the Submission Reports option to verify submissions.

  7. Click Save to save the changes.

    The row is added to the table.

    Working with the table

    To adjust how the table is sorted, click the arrows in the column header. To narrow the list, type the name or part of the name in the column header. You can also enter information in multiple column headers to further narrow the list.

Return to top of page

Changing a User's Access Role Within a Protection Group

  1. Select Admin > User Authentication Tool.
  2. Select the User Authorization tab.

  3. Select a user from the list.
    A page listing the protection groups and access roles associated with the selected user opens.
    User Authorization tab of the User Authorization tool

  4. In the row of the protection group you want to change, click Update Access icon.
    The Grant Access to Selected User dialog box opens.

    Grant Access to Selected User, Update

  5. To change the user's access to roles in this protection group, click the down arrow to open the Role list. Select the boxes next to roles you want to assign to the selected user. Clear the boxes next to roles you do not want the user to have. Click Update button to save your changes.

    To delete a role, open the Role list, select a role, and click Delete button.

    The User Authentication tab appears.

Return to top of page

Resolving Errors During Security Configuration

The following table lists and describes how to resolve error messages returned by the User Authorization Tool (UAT). Error messages appear in a red box.

Info Messages

Messages in a blue box, such as Info: Request sent to server. or Info: Sent., indicate that a request was sent to the server to save, update, or delete an item.

UAT Error MessageResolving a UAT Error
Error:  No data found from server

You performed a search and there were no results. Enter different search criteria.

Note

If a selected user has not been assigned to a protection group with a role, you will receive "Error: No data found from server."

Error: Session expired. Please log in again.You logged in but your session was too long and the session expired. You need to log in again.
Error: Error occurred while retrieving data from server. Check the server connection please. Error code: <a number>. An unexpected error occurred. The Error code shows a return HTTP status code which may or may not be useful for debugging.

Return to top of page



  • No labels