19.3.2 Administration of Geneious Server Databases

This section relates to Administration of Geneious Server Database from within Geneious, including managing user access to folders and some database settings. For administration of licensing and user accounts via the Geneious Server Admin interface, refer to the Geneious Server Installation Manual.

Administration options within Geneious Prime are available in the Administration sub-menu (accessed by right-clicking any folder in the database), including options for managing database settings, adding and removing users and groups, and assigning groups and roles. The Administration options for Group management are available to all database users by default, but this can be restricted to Admins only via Administration  Set Who Can Manage Folders if preferred.

Admin Users

There are two types of Admin users in a Geneious Server Database: Database Admins and Group Admins.

Database Admins
Geneious Server Database can have one or more Database Admins, who are users with the ADMIN role in the Everybody group. This role should be assigned with great care, as Database Admins always have access to all folders and documents in the database (including documents in folders assigned to a user’s Private Group).

A Database Admin can also manage the following database settings available via the Administration sub-menu (accessed by right clicking on the root folder of your Geneious Server Database):

If there are no Database Admins in your Geneious Server Database any user can set his or her self as Database Admin with the option Make the current user a Database Admin. This option is only available when there are no Database Admins. As Database Admins can access all folders in the database, it is important that the first Database Admin is set to the appropriate person as soon as possible.

Group Admins
Group Admins are users with the ADMIN role for a particular group, who can manage folders and user roles for that group. Group Admins can be added to a group when the Group is created, or later by anyone who is an Admin for that Group.

For a Geneious Server Database which has been set to only allow Groups to be managed by Admins, the first Group Admin for each group needs to be added by a Database Admin. This may be changed via Administration  Set Who Can Manage Groups, which by default allows all users to create groups. Note that irrespective of this setting Database Admins will always be able to access all data and reassign roles for all groups.

User Administration

The Administration sub-menu provides tools for adding, editing, and removing users. However, the Geneious Server system administrator first needs to add or remove users from the underlying database system. For example if LDAP is being used for authentication then the user must be added to or removed from the LDAP directory. Refer to the Geneious Server Installation Manual for information about the Geneious Server Admin interface and adding users.

Adding Users
If the server is configured to use database authentication, users can be added to your Geneious Server Database either by going to Administration  Add New User, or via the Geneious Server Database Admin interface.

For all other methods of authentication you must add users in the underlying system. In this case, it is also possible to register a user in Geneious Prime using Add New User before they are added to the underlying database system. This might be useful if you want to set up Group roles for a user before your system administrator has created the user in the underlying database. Note that if you do this, the user will only be able to log in to Geneious once they have been added to the underlying database system.

Editing Users
Database Admins can change the Group roles for a user, or set the user’s Primary Groups in Administration  Edit User. Group Admins may access Edit User for users who are members of the Groups that they Administer, and may edit the user’s Roles for those groups. For more information on Groups and Roles, refer to section 19.3.2 .

Removing Users
If the server is configured to use database authentication, users can be removed from your Geneious Server Database either by going to Administration  Remove Users, or via the Geneious Server Admin interface. For all other methods of authentication you must remove users in the underlying system first.

To remove a user from a Geneious Server Database, folders associated with their Private Group must first be removed or moved to a different group, as the Private Group will be removed along with the user. Since groups cannot be removed when they have folder’s associated with them, attempts to remove the user will fail if any folder’s remain in their Private Group.

Any user-created groups that the user is the sole member of will remain in the database and will be accessible by Database Admins. Additionally, any folders or data that a user has added to your Geneious Server Database will remain after the user has been removed.

Groups and Roles

Groups and Roles are used to manage the sharing of documents in your shared database. Documents can be shared with all database users, private to an individual, or shared with a subset of users, and users can be given VIEW or EDIT access to documents as required. This is achieved by creating a Group in which users have the appropriate Roles, and assigning a folder to that Group.

The default groups in Geneious Server Database are the Everybody group, for which all users have EDIT permission, and a Private Group for each user. If you want to manage access to documents, then additional groups with specified users can be added.

Adding and Removing Groups
Groups can be set up in the Geneious Prime interface as follows:

Who can add new groups to your database depends on the setting of Administration  Set Who Can Manage Folders:

Once a group has been created folders can be added to that group by right clicking on the folder and selecting Change Group of Folder. This option is only available if you have permission to change the group of a particular folder.

To remove a group, you must first ensure the group has no folders associated with it, then right click on any folder in the shared database, click on Administration  Remove Groups and select the group(s) you wish to remove. You must be a Group Admin to remove a group.

User Roles for Groups
User Roles for a group specify the access level that each user has for the folders (and thus documents) in that group. Users can belong to any number of groups and can have different roles in each group.

The three roles are:

VIEW
allows the user to view the contents of folders.
EDIT
allows the user to view and edit the contents of folders.
ADMIN
allows the user to view and edit the contents of folders, and to manage folders and user roles for that group.

If a user is not in the group assigned to a folder, they will not be able to access the documents in that folder and any folders in that group will not be visible for that user.

Everybody Group
The Everybody Group is a group to which all users have at least EDIT access. This group is automatically created when the Shared Database is initially set up.

The Everybody Group behaves differently from user-created groups in the following ways:

User’s Private Group
A Private Group is created automatically for each user when the user is added to the Geneious Server Database. Each user is the sole member of their private group, and Group Admin for it. Note that Database Admins have access to the Private Groups of all users.

Private Groups are distinct from user-created groups in the following ways:

By default, new folders added to the root folder of a Shared Database will be added to the user’s Private Group. This can be changed by a Database Admin by right clicking on any folder, clicking on Administration  Change Group for New Folders and selecting the option to use the user’s Primary Group.

Note that a Private Group is distinct from a user-created group which contains a single user. Folders added to a user-created group with only one user in it will also be private to that user, until such time as other users are added, but adding additional users is possible and the group will behave like any other user-created group.

User’s Primary Group
The user’s Primary Group can be used to specify the group for new folders that are created on the root folder of the shared database. The alternative (default) option is to assign these folders to the user’s Private Group.

To assign new folders created under the root to the user’s Primary Group, go to Administration  Change Group for New folders, and set Assign folders created under the root to “User’s primary group”.

Each user can be assigned a Primary Group in Administration  Edit User. By default this will be the Everybody group but it can be set to any group, including the user’s Private Group, by a Database Admin. To be able to move folders out of their Primary Group:

Assigning Folders to Groups
Each folder in a Geneious Server Database belongs to a group, which defines the users who can access the documents within that folder, and their access permissions. User-created groups can include any number of users. Folders in a group that a user does not have permission to access will not be visible to that user.

When a new folder is created in the shared database it will be added to a group as follows:

Once a folder has been created, its group can be changed by right-clicking on the folder and selecting Change Group of Folder. This option is only available for a folder if you have the correct permissions for the folder’s current group, which will depend on the Administration sub-menu option to Set Who Can Manage Groups.