19.2.2 Administration of Direct SQL Connection Shared Databases

Administration options are available in the Administration sub-menu (accessed by right-clicking any folder in the shared database), which allows Database Admins to manage database settings, add and remove users and groups, and assign groups and roles. The Administration sub-menu and options are only available to users with admin privileges for the database.

Admin Users

There are two types of Admin users in a shared database: Database Admins and Group Admins.

Database Admins
A Shared Database can have one or more Database Administrators. Database Admins are users who have the ADMIN role in the Everybody group. This role should be assigned with great care, as Database Admins always have access to all folders and documents in the database, irrespective of any group roles that have been set for a particular group.

Database Admins are the only users of the shared database who can add or remove groups or edit all user settings.

If there are no Database Admins in your shared database any user can set him or herself as Database Admin with the option Make the current user a Database Admin. This option is accessed by right clicking on any folder in the Shared Database, and is only available when there are no Database Admins.

Group Admins
Group Admins are users with the ADMIN role for a particular group. The first Group Admin for each group needs to be added by a Database Admin, after which Group Admins may add additional Group Admins to the group if they wish.

The admin permissions of Group Admins are limited to changing the group of folders and editing user roles for the group (or groups) that they administer. Group Admins cannot add or remove groups – a Database Admin is required to do this.

User Administration

User administration can only be performed by Database Admins.

Adding and Editing Users
Users must be added to your database via an appropriate SQL administration tool – you may need to get your system administrator to do this. Users need to be created in the database and granted SELECT, UPDATE, INSERT and DELETE permissions. For information on how to do this, refer to the relevant database documentation.

Users will not be automatically added to the underlying database if you add them in Geneious via Administration  Add New User. This option is useful if you want to set up Group roles for a user before they have logged in for the first time, or before your system administrator has created the user in the underlying database.

Once a user has logged in for the first time, you can edit their group roles and primary group via Administration  Edit User. For more information on Groups and Roles, refer to section 19.2.2 .

Removing Users
Users can be removed from the Geneious Shared Database by going to Administration  Remove Users. This will delete the user’s Geneious Shared Database account, but will not remove the user from the database (the user can log in again after being removed, which will register a new Geneious Shared Database account for them in the Shared Database).

When a user is removed, any folders or data that they have added to the shared database will remain. Any groups that the user is the sole member of will also remain, and will be accessible by Database Admins.

Groups and Roles

Groups and Roles are used to manage the sharing of documents in your Shared Database. Documents can be shared with all database users, private to an individual, or shared with a subset of users, and users can be given read or write access to documents as required. This is achieved by creating a Group in which users have the appropriate Roles, and assigning folders to that group.

By default there is only one group, the Everybody group, and all folders are assigned to this group, for which all users have edit permission. If you want to manage access to documents, then additional groups with specified users can be added by a Database Admin. Once a group is created, Group Admins can be added who can manage the group and edit roles for users already in the group.

Adding and Removing Groups
Groups can be set up in the Geneious Prime interface as follows (see Figure 19.1 ).

Note that only a Database Admin can create new groups.


PIC


Figure 19.1: Adding a new group (“Group B”) to the Shared Database, with “User b” assigned EDIT privileges


Once a group has been created, folders can be added to that group by right clicking on the folder and selecting Change Group of Folder (see Figure 19.2 ). To do so, a user must have the ADMIN role for both the current and new group.


PIC


Figure 19.2: Assigning the folder “User B data” to the Group “Group B”


To remove a group, you must first ensure the group has no folders associated with it, then right click on any folder in the shared database, click on Administration  Remove Groups and select the group/s you wish to remove. Groups can only be removed by Database Admins.

User Roles for Groups
User Roles for a group specify the access level that each user has for the folders (and thus documents) in that group. Users can belong to any number of groups and can have a different role within each group.

The three roles are:

VIEW
allows the user to view the contents of folders.
EDIT
allows the user to view and edit the contents of folders.
ADMIN
allows the user to view and edit the contents of folders, and to manage folders and user roles for that group.

If a user is not in the group of a folder, they will not be able to access the documents in that folder. Inaccessible folders will either be hidden or will display a red circle with a white bar on the folder icon, depending on whether the Show Inaccessible Folders option (accessed by right clicking on the root folder) is selected.

Everybody Group
The Everybody Group is a group to which all users have at least EDIT access. This group is automatically created when the Shared Database is initially set up.

The Everybody Group behaves differently from user-created groups in the following ways:

User’s Primary Group
The user’s Primary Group specifies the group for new folders that are created on the root folder of the shared database. By default, a user’s Primary Group is the Everybody group. A user’s Primary Group can be changed by a Database Admin, by right clicking on any folder, clicking on Administration  Edit Users and selecting the user to configure.

To be able to move folders out of their Primary Group, a user must either have ADMIN permission for their Primary Group.

Assigning Folders to Groups
Each folder in a Shared Database belongs to a Group, which defines the users who can access the documents within that folder, and their access permissions. Any number of users can be added to a group.

When a new folder is created in the shared database it will be added to a group as follows:

Once a folder has been created, its group can be changed by right clicking on the folder and selecting Change Group of Folder. Only Admins can change the group of a folder.