 |
 |
 |
This chapter describes how to set up security for image data you submit to NBIA.
Topics in this chapter include:
Data Security Overview
The User Authorization Tool in NBIA enables NBIA administrators to authorize users access to submitted image data. Administrators create protection group(s) and then assign protection elements to limit access and visibility of the image data. NBIA creates protection elements automatically based on image collection and site(s) of submitted data. Once the protections groups are set up, a user can be assigned to protection group(s) with the associated role(s). With the protection group/role combination, a user can only access the protection group data in the way specified by the role.
For example, user JoanSmith can access NCIA Mouse Astrocytoma as role CURATOR, but JohnJones can only access NCIA Mouse Astrocytoma as role READER.
Accessing the User Authorization Tool
To access the User Authorization Tool, you must be an NBIA administrator. Documentation about how to use the User Authorization Tool is in the NBIA Administrator's Guide.
- Log into NBIA.
- Select Administration > User Authorization.
The User Authorization Tool window appears with the User, Protection Group, and User Authorization tabs.
Tip
You must be an NBIA administrator to use the User Authorization Tool.
Managing Users
Tip
Do to caching of user permissions it can take up to an hour for user changes to be reflected throughout the system.
Once a user submits data, an administrator adds the user to NBIA. The administrator must create the user in LDAP to manage data access privileges.
What to do if the user is not in LDAP
Contact Application Support to request that they add a user to LDAP.
Managing users involves:
Adding a User to NBIA
- Select Admin > User Authorization Tool.
Select the User tab.
- Click
.
The User Details window appears.
- Add the user's Login Name. The login name is not case-sensitive.
- Add a valid Email address of the user.
To activate the user, select Active Status. To deactivate the user in NBIA, clear Active Status.
Click
to save the changes.
The user is added to NBIA and the table on the User tab.
Finding a User
To find a user on the User tab, narrow the list by adding one or more characters to one or more column header boxes.
In the following example, the displayed users have 5523 as part of their login name and nlsc in their email address.
Updating User Information
- Select Admin > User Authentication Tool.
- Select the User tab.
Find the user whose information you want to update.
Click
.
The User Details window appears.Update the Email address as needed. The Login Name cannot be updated.
For an active user, maintain Active Status. To deactivate the user in NBIA, clear Active Status.
Click Save to save the changes.
The user information is updated in the table.
Deactivating a User
A user cannot be deleted from NBIA, only deactivated.
- Select Admin > User Authentication Tool.
Select the User tab.
Find the user you want to deactivate.
Click
.
The User Details window appears.Clear the Active Status box and then click Save.
The user's Active Status value changes to False.
Managing Protection Groups
An NBIA administrator uses the Protection Group tab to add protection groups and assign protection elements to limit data access and visibility by image collection and site(s).
Protection elements are created automatically
NBIA automatically creates protection elements when data is submitted based on the image collection and site(s).
Managing protection groups involves:
- Adding a Protection Group
- Associating Protection Elements with a Protection Group
- Removing Protection Elements from a Protection Group
- Finding a Protection Group
- Updating a Protection Group Description
- Deleting a Protection Group
Adding a Protection Group
From the Protection Group tab, click Add Protection Group.
The Protection Group Details window appears.
The following table lists and describes protection group information.
Name
Description
Protection Group Name Start the name with "NCIA” and enter your name of choice.
No Special Characters
Do not use special characters such as
#or\in group names.Protection Group Description
Add a description (optional).
Click
to save the changes.
The protection group is added to the table.
Associating Protection Elements with a Protection Group
Once you create the necessary protection group(s), assigning the associated protection element(s) is the beginning of setting up security for a collection's visibility in NBIA. The protection element identifies the collection, as well as the site, associated with the data.
Data Access and Protection Elements
If the protection element is set to Public, a user can be assigned the Public role and have access. For limited access to the data, assign a user to a protection group and a role that allows the user data access.
To associate a protection element with a protection group
- On the Protection Group tab, find the protection group.
- Click
in the Assign Protection Element column.
The Add Protection Element(s) to Protection Group window appears.
Click Available Protection Elements.
Select the elements to be associated with the protection group.
Narrowing a List
To narrow a list, type the name or part of the name next to the magnifying glass icon (
).Click
to save the changes.The Associated Protection Element(s) column lists the elements that you added.
In the following example protection element,
NCIA.SportInjury//ACL- NCIA.SportInjury is the collection.
ACL is the site.
Multiple Sites
If there are multiple sites for a collection, you might want to create a protection group for each site. This process would grant access to verify submissions per site.
Removing Protection Elements from a Protection Group
- On the Protection Group tab, find the protection group.
- Click
in the Remove Protection Element(s) column.
The Remove Protection Element(s) from Protection Group window appears.
The Protection Group Name cannot be changed. Click Included Protection Elements, and select the elements to remove.
Narrowing a List
To narrow a list, type the name or part of the name next to the magnifying glass icon (
).Click x to return without saving.
Click
to save the changes.
The protection element(s) is no longer listed in the Associated Protection Elements column.
Finding a Protection Group
On the Protection Group tab, you can perform a global search or a column search both described in the following table.
You can perform both searching techniques to further filter a list, but do not forget to clear the search boxes to expand the list.
| Type of Search | Performing a Search |
|---|---|
| Global Search | You can search for a term or part of a term in all the protection group columns in the table. All protection groups with the characters you entered are returned. In the following example, a Global Search of colonography finds protection groups with the word in the Protection Group name and the Associated Protection Elements.  |
| Column Search | You can also find protection groups in the table by adding a term to a column header or more than one column header to further narrow the list. In the following example, bbb in the Protection Group column and demo in the Description column, displays two results.
|
Updating a Protection Group Description
- On the Protection Group tab, find the protection group you want to update.
Click
.
The Protection Group Details window appears.Update the group description.
Note that you cannot update the protection group name.Click
to save the changes.
Deleting a Protection Group
- On the Protection Group tab, find the protection group you want to delete.
Click
.
The Protection Group Details window appears.Click
.
The row is removed from the table.
Adding Protection Groups and Assigning Roles
An NBIA administrator creates protection groups to limit data access and visibility by image collection and site(s). Administrators add users to protection groups and can then further manage their access by assigning them one or more roles. Users can only access the protection group data in the way that the role specifies.
For example, John Smith needs to be a curator within the Mouse Astrocytoma protection group, so user johnsmith is assigned to protection group NBIA Mouse Astrocytoma with the role of CURATOR.
Topics in this section include:
- Adding a Protection Group
- Assigning a User to a Protection Group with Roles
- Changing a User's Access Role Within a Protection Group
Adding a Protection Group
- Select Admin > User Authentication Tool.
- Select the Protection Group tab.
- Scroll down to the bottom of the page and click
.
The Protection Group Details window appears.
Enter a name for the new group and optionally, a description.
No Special Characters
Do not use special characters such as
#or\in group names.Click
.
The protection group appears on the Protection Group tab.
Assigning a User to a Protection Group with Roles
Super Administrator
If you are a Super Administrator for one protection group, your privileges extend to all of the protection groups.
To assign a user to a protection group and assign roles
- Select Admin > User Authentication Tool.
Select the User Authorization tab.
Select a user from the list.
A page listing the protection groups and access roles associated with the selected user opens.
Click
.
The Grant Access to Selected User window opens.
- From the Protection Group list, select the group to which you want to assign the user.
From the Role list, select the access role that the user should have in that protection group.
The following table lists and describes the access roles available in NBIA.Access RoleDescription of Access Role NCIA ADMIN Access the User Authorization Tool to manage users
NCIA CURATE Add or modify curation data
NCIA DELETE_ADMIN Super Administrator role for deletions
NCIA MANAGE_COLLECTION_DESCRIPTION Manage collection descriptions
NCIA MANAGE_VISIBILITY_STATUS Access the Quality Control (QC) Tool
NCIA READ Public role for searching
NCIA SUPER_CURATOR Super Administrator role for approving deletions
NCIA VIEW_SUBMISSION_REPORT Access the Submission Reports option to verify submissions.
- Click Save to save the changes.
The row is added to the table.
Working with the table
To adjust how the table is sorted, click the arrows in the column header. To narrow the list, type the name or part of the name in the column header. You can also enter information in multiple column headers to further narrow the list.
Changing a User's Access Role Within a Protection Group
- Select Admin > User Authentication Tool.
Select the User Authorization tab.
Select a user from the list.
A page listing the protection groups and access roles associated with the selected user opens.- In the row of the protection group you want to change, click
.
The Grant Access to Selected User dialog box opens.
To change the user's access to roles in this protection group, click the down arrow to open the Role list. Select the boxes next to roles you want to assign to the selected user. Clear the boxes next to roles you do not want the user to have. Click
to save your changes.To delete a role, open the Role list, select a role, and click
.The User Authentication tab appears.
Resolving Errors During Security Configuration
The following table lists and describes how to resolve error messages returned by the User Authorization Tool (UAT). Error messages appear in a red box.
Info Messages
Messages in a blue box, such as Info: Request sent to server. or Info: Sent., indicate that a request was sent to the server to save, update, or delete an item.
| UAT Error Message | Resolving a UAT Error |
|---|---|
| Error: No data found from server | You performed a search and there were no results. Enter different search criteria. Note If a selected user has not been assigned to a protection group with a role, you will receive "Error: No data found from server." |
| Error: Session expired. Please log in again. | You logged in but your session was too long and the session expired. You need to log in again. |
| Error: Error occurred while retrieving data from server. Check the server connection please. Error code: <a number>. | An unexpected error occurred. The Error code shows a return HTTP status code which may or may not be useful for debugging. |