The Permissions Manager tool lets users request permission to drives on the Research Data Storage (RDS) Systemsystems. Instead of users emailing various folder administrators authorizers and having the email possibly get lost or deleted, Permissions Manager takes care of everything. All a user has to do is go through a few simple steps to submit a request and they will be properly routed for approval.
»To »To make a permission request for BMIISI on CCHMC RES domain shares (aka RES DP) please visit https://dp.research.cchmc.org - this link will work on the CCHMC network and on external networks.
MAC USERS: Please use Firefox or Chrome to access the permissions manager, as Safari has Permissions Manager. Safari and Edge have been known to have problems with this application.
If you see a browser security error when trying to access the Permissions Manager, please follow the instructions here to resolve the error: Fix Security Error for Permissions Manager.
Download a PDF copy of this document:
|Table of Contents|
To request a folder to be added to Permissions Manager, send the following information to firstname.lastname@example.org:
- Path of folder to be protected
- The names of at least 2 authorizers who will manage access to the protected folder
After the folder has been protected, it will become available in Permissions Manager. Access to a protected folder must be requested via Permissions Manager. Instructions on how submit this request are detailed below in the section: Submitting Permission Requests.
Permissions Manager Home Screen
- Summary - Brings you back to the home screen of the permissions manager and displays Shows a list of all recent pending, approved, declined, or cancelled requests.
- Pending Permission Requests - Allows for a more detailed search of all pending requests made either for the user or by the user .Permission Requests - Allows the user to request or revoke permission to a folder or network drive.
- Membership Requests - Ignore this tab (for advanced users).Management (Authorizers Only) - Shows all folders that the user is in charge of and who has access to those folders.
- Search - Allows for a search of any type of request, operation made on a permissions request, user, start or end date, or request ID.Reports - Allows an administrator to generate reports such as request statistics, permissions granted, and management status.
NOTE: Only administrators can generate synchronization reports. All users can generate other reports.
About Drives and Managed Folders
There are two types of RDS drives, each of which can contain folders and sub folders.
All users can share data by uploading it to their (G:) drive, or divisional shared drive. By default, data added to a divisional shared drive can be viewed and modified by anyone in your division. However, you can request that a folder be locked down so that data inside is shared only with select users.
If you need to share a large volume of data over a lengthy period of time -- for example, files related to a research lab or study -- it is better to store this data on a project drive. This is an area separate from your divisional shared (G:) drive, and can be shared among multiple users via the Permissions Manager tool.
Requesting A New Drive
You should automatically have access to your divisional shared (G:) drive. If the drive doesn't appear automatically when you log in to the Cincinnati Children's network, please send contact your Business/Admin Office.
To request a new project drive, you will need to go to BeMyIT Store, login with your CCHMC credentials, and submit a new request for an RDS drive. Instructions on using the BeMyIT Store are here: BeMyIT Store.
Also, if you add a new folder to your divisional shared or project drive, this folder does NOT automatically appear in the Permissions Manager. To share It will have the same protections as the parent divisional drive or project drive. To protect this folder seperately, you need to send an email to email@example.com asking that it be protected, with the full path of the folder to be protected, and the names of two people at least 2 authorizers who will manage access to this the protected folder.
A protected folder will list in Permissions Manager. If it is necessary to rename it, you must email firstname.lastname@example.org before renaming or else the permissions might not transfer properly.
Copying Data from Protected Folders and Drives
A protected folder has its own set of permissions. When moving data from a protected folder, you must copy & paste instead of drag & drop. Drag and & drop will likely result in the permissions not transferring properly, resulting in access denied errors. After pasting data in the new folder, the copied data can be deleted from the original folder.
Submitting Permission Requests
There are two different types of user roles in Permissions Manager:
- Requestor: Can request access to any folder.
- Authorizer: Can grant or revoke requests to gain access to a locked folder for which he/she is the approver.
If you would like to request access for yourself or for another user to any folder maintained by the Permissions Manager, you first need to click on the Permission Requests tab on the left side of the screen:
Once the page loads, you will be taken to the request screen.
Step 1: Select a User
By default, you will be the user that is requesting permissions to access a folder. If you are trying to gain access for yourself then continue to Step 2.
- If requesting permissions for a user other than yourself, click the Change UserUsers button:
- The The Select Users Search window will appear and you can search for the user for whom you wish to request permissions:
. In the empty Search textbox, enter the user’s name as "last name, first name" and click the Search button. If you are not sure of the spelling of the names, then type the last letter just a few letters of the last name, followed by a coma, and the first letter of the first name.:
- If a list of multiple users is displayed, then check the corresponding Department , Logon Name, and Title or Logon Name listed for the user. Click on the Display Name of the desired user, and continue to Step 2.
There are additional ways to search for a user. These search options are listed below:
- If you know the Logon Name (Network ID at Cincinnati Children’s) of the user, then click in the box labeled Name, select Logon Name
- and enter the network ID in the blank textbox
- Once the user is found, click on their name in
- the Display Name
- column and that is the user for whom you will be requesting permissions.
Click in the box labeled Contains and select any one of the following options:
- Begins With - If you know the first few letters of the user's last name, then you can type those in the empty textbox. For example, if you are trying to find the user "Spivak, Alexandar" but have no idea how to spell the name, you would select Name, Begins With, type "SP" in the empty textbox, and click the Search button.
- Ends With – If you know the last few letters of the user’s first name, then you can type those in the empty textbox. For example, if you are trying to find the user, "Alexandar Spivak" but have no idea how to spell the last name. You would select Name, Ends With, type "DER" in the empty textbox, and click the Search button.
- Contains - If you know some letters of a name, but are unsure whether it is the first name or last name, then type that in the empty textbox. For example, in the name "Alexander Spivak", you are only sure of “ander”, then you can select Name, Contains, type "ANDER" in the empty textbox, and click the Search button. That is - If you know the exact spelling of the user's name or Logon Name (network ID), only then use this option. For example, if you know Alex's user ID is "SPI9IW", then you would select Logon Name, That is, type "SPI9IW" in the empty textbox, and click the Search button.
- Then click the Update button to close the Select Users window and proceed to Step 2.
Once the user is found, click on their name in the Display Name column and that is the user for whom you will be requesting permissions.
- Here is where you select the folder to which you wish to give the user access. Click the Browse button:
- The Select Folders window will appear:
- If you know the exact name of the path of the folder you can type it in the Search field at the top of the window:
Otherwise, look through the list of available drives until you find the drive you desire. Once it is found, click on the + next to the name. This will expand the drive and show all the sub folders of that drive. If you want to collapse the drive you can click the - next to the name and it will go back to the way it was:
. Sort through the folders until the desired folder is found. Select the checkbox next to the name of the folder and click the OK button at the bottom of the window. You can also select multiple folders by clicking multiple checkboxes.
Note title Note
If you know a sub folder exists but it is not listed, it probably has not been added to Permissions Manager as a managed folder. Learn more about how to request that folder to be added at the top of this page.
Sort through the folders until the desired folder is found. Select the checkbox next to the name of the folder and click the OK button at the bottom of the window. You can also select multiple folders by clicking multiple checkboxes:
The path for the selected folder(s) will be added to the textbox. Click the Add button and the folder(s) will be moved to the Operations Step:
Step 3: Operations
This field shows each folder you are trying to give permissions to. The available operations are shown and in this case it is Grant Access since we are trying to gain access to the Project B folder. The type of permission is also listed which is Read Write, which allows the user to open, as well as edit, any file in that folder:
.However, the folder needs to be set up with both Read Only and Read Write permissions. You can specify the setup type when submitting a request to protect a folder to email@example.com or when submitting a new drive request in the BMI Store.
Read Only is also available under the type of permission:
If a user already has permission to a folder and you would like to revoke their permission, follow the same steps up to this point. Under Available Operations it will instead say Revoke Access:
If you wish to remove a folder from this list, click the checkbox next to the name of the folder you would like to remove and then click the Remove button:
An explanation as to why you are requesting access to this folder is MANDATORY. Briefly describe the reason in the textbox:
Step 5: Expiration (Optional)
Below the Explanation Step click Advanced to make a small field appear. If a user needs permissions for a finite length of time, you can enter the date or the number of days after which you want these permissions to be automatically revoked:
Click the Finishthe Submit button to submit the request.
Approving/Denying Permissions Requests (Authorizers Only)
Permission Request Email
Once a Permission request Request has been sent, the authorizer Authorizers will receive an email stating that the permission request needs to be approved or declined.Part 1: This
- This contains the link to the Permissions Manager where the
- Authorizer will grant or decline permission to a folder.
- This contains the information about the request such as the name of the user requesting permission, the folder they wish to have access to, permission level, and reason.
The rest of the email contains frequently asked questions which are sent with every permission request email and can be helpful.
Click the link at the top to proceed to the Permission Approval area of Request Details window in the Permissions Manager site.
Permissions Manager Approve/Deny Request Screen
Viewing Requests Waiting for Approval in Permissions Manager
Alternately, you can also view any Permissions Requests that are waiting for your approval directly in Permissions Manager. Login to Permissions Manager and find the "Requests waiting for my approval" section on the Summary Screen. You can click the section to expand it if it is not already visible. Click the Request Details icon or the Request ID Number to proceed to the Request Details window in the Permissions Manager site. If you select the checkbox next to one or more requests and then click the Approve/Decline button you can approve or decline those requests in bulk and bypass viewing the details screen for each one.
Request Details Window - Approve or Decline
The top of the screen is very important. It displays the Request Type. In many cases it will be Grant Access, but in some cases it may say Revoke Access.
If a user already has access to a folder and another request is made to revoke access for a that user to that folder make sure you are approving the correct action. If you approve a Revoke request, that user will no longer have permission to that folder. If you decline a Revoke request, the means the user will still have their current permissions.
Explanation of Page LayoutParts of the Request Details Window:
Approve or Decline the Request:
Permission Request Email Update
Once a permissions request is Permission Request has been approved or declined for a user an email will be sent to that user.Part 1: The
- The request type (i.e. Grant or Revoke).
- Whether the request was approved or declined.
- A link that goes to
- Permissions Manager and displays the full details of the request.
The rest of the email contains additional instructions and information that is useful such as mapping a network drive to a computer and contact information.
- If you would like to see who has permissions to a particular folder you can click on the Management tab on the left side of the screen. Then underneath Management click Directory click Folder Authorizer:
- On the Management Folder Authorizer screen under the Managed Directories - Host/Folder Name column click on the folder you would like to look into:
Then under the Permissions - Display Name column click the + next
- Next, on the Permissions tab click the Magnifying Glass icon to switch the view to "Monitored permissions". This will make sure you only see the relevant groups to view permissions on the folder.
Click the + and - in the Display Name column next to the name of the group you are interested in to seeall
a list of the userswith permissions to that folder as well as
and when their permissions expire:
groups ending in "_F" and "_R" are the main permissions groups used to grant someone access to a folder. The "_F" is the Read Write group and the "_R" is the Read Only group.
There may be other groups appearing that are used by Information Services or automated server applications. Do not worry about them being listed under your folders and groups.
You can change the Expiration Date for any user listed by clicking the date or the text "Never".
Changing the Expiration Date
You can change the Expiration Date for a user that already has permissions to a folder without revoking and granting a new permission request.
- Follow the steps above for Viewing Permissions to find the group and user.
- Look to the right of the user's name for the "Expiration Date" column.
- The text in the "Expiration Date" column will either show the date the user's permissions will expire or "Never". Click the text.
- Choose the new expiration (Never, On Specific Date, or Days After Approval), enter a Reason, and then click the OK button.
Getting additional help
If there are still any issues after reading these instructions and any help is still needed please email firstname.lastname@example.org for further assistance.