Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
PermissionsTop
PermissionsTop

Excerpt

The Permissions Manager tool lets users request permission to drives on the Research Data Storage (RDS) Systemsystems. Instead of users emailing various folder administrators authorizers and having the email possibly get lost or deleted, Permissions Manager takes care of everything. All a user has to do is go through a few simple steps to submit a request and they will be properly routed for approval.


»To make a permission request for RDS6 please visit visit https://bmirdsdp/dp or https://bmirdsdp.chmccorp.cchmc.org - this will only work while on the CCHMC network or when VPN connected to CCHMC.

»To »To make a permission request for BMIISI on CCHMC RES domain shares (aka RES DP) please visit https://dp.research.cchmc.org - this link will work on the CCHMC network and on external networks.

Warning
titleWarningBrowser Compatibility

MAC USERS: Please use Firefox or Chrome to access the permissions manager, as Safari has Permissions Manager. Safari and Edge have been known to have problems with this application.

Tip
titleBrowser Security Error

If you see a browser security error when trying to access the Permissions Manager, please follow the instructions here to resolve the error: Fix Security Error for Permissions Manager.

Tip

Download a PDF copy of this document:
RESITHUB-ManagingFolderPermissions-020421-1400-29.pdf

Table of Contents

Anchor
AddFolder
AddFolder
Request a Folder be Added to Permissions Manager

To request a folder to be added to Permissions Manager, send the following information to help-rds@bmi.cchmc.org:

  • Path of folder to be protected
  • The names of at least 2 authorizers who will manage access to the protected folder

After the folder has been protected, it will become available in Permissions Manager. Access to a protected folder must be requested via Permissions Manager. Instructions on how submit this request are detailed below in the section: Submitting Permission Requests.

Permissions Manager Home Screen

Permissions Manager Home ScreenImage RemovedScreenshot-DataStorage-HomeScreenImage Added

  1. Summary - Brings you back to the home screen of the permissions manager and displays  Shows a list of all recent pending, approved, declined, or cancelled requests.
  2. Pending Permission Requests - Allows for a more detailed search of all pending requests made either for the user or by the user .Permission Requests - Allows the user to request or revoke permission to a folder or network drive.
  3. Membership Requests - Ignore this tab (for advanced users).Management (Authorizers Only) - Shows all folders that the user is in charge of and who has access to those folders.
  4. Search - Allows for a search of any type of request, operation made on a permissions request, user, start or end date, or request ID.Reports - Allows an administrator to generate reports such as request statistics, permissions granted, and management status.
    NOTE: Only administrators can generate synchronization reports. All users can generate other reports.

About Drives and Managed Folders

There are two types of RDS drives, each of which can contain folders and sub folders.

All users can share data by uploading it to their (G:) drive, or divisional shared drive. By default, data added to a divisional shared drive can be viewed and modified by anyone in your division. However, you can request that a folder be locked down so that data inside is shared only with select users.

If you need to share a large volume of data over a lengthy period of time -- for example, files related to a research lab or study -- it is better to store this data on a project drive. This is an area separate from your divisional shared (G:) drive, and can be shared among multiple users via the Permissions Manager tool.

Requesting A New Drive

You should automatically have access to your divisional shared (G:) drive. If the drive doesn't appear automatically when you log in to the Cincinnati Children's network, please send contact your Business/Admin Office.

To request a new project drive, you will need to go to BeMyIT Store, login with your CCHMC credentials, and submit a new request for an RDS drive. Instructions on using the BeMyIT Store are here: BeMyIT Store.

Also, if you add a new folder to your divisional shared or project drive, this folder does NOT automatically appear in the Permissions Manager. To share It will have the same protections as the parent divisional drive or project drive. To protect this folder seperately, you need to send an email to help-rds@bmi.cchmc.org asking that it be protected, with the full path of the folder to be protected, and the names of two people at least 2 authorizers who will manage access to this the protected folder.

Renaming Folders

A protected folder will list in Permissions Manager. If it is necessary to rename it, you must email help-rds@bmi.cchmc.org before renaming or else the permissions might not transfer properly.

Copying Data from Protected Folders and Drives

A protected folder has its own set of permissions. When moving data from a protected folder, you must copy & paste instead of drag & drop. Drag and & drop will likely result in the permissions not transferring properly, resulting in access denied errors. After pasting data in the new folder, the copied data can be deleted from the original folder.

Submitting Permission Requests

There are two different types of user roles in Permissions Manager:

  • Requestor: Can request access to any folder.
  • Authorizer: Can grant or revoke requests to gain access to a locked folder for which he/she is the approver. 

If you would like to request access for yourself or for another user to any folder maintained by the Permissions Manager, you first need to click on the Permission Requests tab on the left side of the screen:
Permission RequestsImage RemovedScreenshot-DataStorage-PermRequestsImage Added
Once the page loads, you will be taken to the request screen.

Step 1: Select a User

By default, you will be the user that is requesting permissions to access a folder. If you are trying to gain access for yourself then continue to Step 2.

  1. If requesting permissions for a user other than yourself, click the Change UserUsers button:
    Image RemovedScreenshot-DataStorage-PermRequests-1UserImage Added

  2. The  The Select Users Search  window will appear and you can search for the user for whom you wish to request permissions:
    Image Removed
    . In the empty Search textbox, enter the user’s name as "last name, first name" and click the Search button. If you are not sure of the spelling of the names, then type the last letter just a few letters of the last name, followed by a coma, and the first letter of the first name.:
    Screenshot-DataStorage-PermRequests-1UserSelectImage Added

  3. If a list of multiple users is displayed, then check the corresponding Department , Logon Name, and Title or Logon Name listed for the user. Click on the Display Name of the desired user, and continue to Step 2.

There are additional ways to search for a user. These search options are listed below:

  1. If you know the Logon Name (Network ID at Cincinnati Children’s) of the user, then click in the box labeled Name, select Logon Name
,
  1.  and enter the network ID in the blank textbox
, and click the Search button. Once
  1. .
    Screenshot-DataStorage-PermRequests-1UserSelectNameImage Added

  2. Once the user is found, click on their name in
the 
  1. the Display Name
 column
  1. column and that is the user for whom you will be requesting permissions.

Image Removed
  • Click in the box labeled Contains and select any one of the following options:
    Image Removed

    1. Begins With - If you know the first few letters of the user's last name, then you can type those in the empty textbox. For example, if you are trying to find the user "Spivak, Alexandar" but have no idea how to spell the name, you would select Name, Begins With, type "SP" in the empty textbox, and click the Search button.
    2. Ends With – If you know the last few letters of the user’s first name, then you can type those in the empty textbox. For example, if you are trying to find the user, "Alexandar Spivak" but have no idea how to spell the last name. You would select Name, Ends With, type "DER" in the empty textbox, and click the Search button.
    3. Contains - If you know some letters of a name, but are unsure whether it is the first name or last name, then type that in the empty textbox. For example, in the name "Alexander Spivak", you are only sure of “ander”, then you can select Name, Contains, type "ANDER" in the empty textbox, and click the Search button.
    4. That is - If you know the exact spelling of the user's name or Logon Name (network ID), only then use this option. For example, if you know Alex's user ID is "SPI9IW", then you would select Logon Name, That is, type "SPI9IW" in the empty textbox, and click the Search button.
      Once the user is found, click on their name in the Display Name column and that is the user for whom you will be requesting permissions.
    5. Then click the Update button to close the Select Users window and proceed to Step 2.

    Anchor
    StepFolders
    StepFolders
    Step 2: Folders

    1. Here is where you select the folder to which you wish to give the user access. Click the Browse button:
      Image RemovedScreenshot-DataStorage-PermRequests-2FoldersImage Added

    2. The Select Folders window will appear:
      Image RemovedScreenshot-DataStorage-PermRequests-2FoldersSelectImage Added

    3. If you know the exact name of the path of the folder you can type it in the Search field at the top of the window:
      Image RemovedScreenshot-DataStorage-PermRequests-2FoldersSelectSearchImage Added

    4. Otherwise, look through the list of available drives until you find the drive you desire. Once it is found, click on the + next to the name. This will expand the drive and show all the sub folders of that drive. If you want to collapse the drive you can click the - next to the name and it will go back to the way it was:
      Image Removed. Sort through the folders until the desired folder is found. Select the checkbox next to the name of the folder and click the OK button at the bottom of the window. You can also select multiple folders by clicking multiple checkboxes.

      Note
      titleNote

      If you know a sub folder exists but it is not listed, it probably has not been added to Permissions Manager as a managed folder. Learn more about how to request that folder to be added at the top of this page.


      Sort through the folders until the desired folder is found. Select the checkbox next to the name of the folder and click the OK button at the bottom of the window. You can also select multiple folders by clicking multiple checkboxes:
      Image Removed
      Screenshot-DataStorage-PermRequests-2FoldersSelectExpandImage Added


    5. The path for the selected folder(s) will be added to the textbox. Click the Add button and the folder(s) will be moved to the Operations Step:
      Image RemovedScreenshot-DataStorage-PermRequests-2FoldersAddImage Added

    Step 3: Operations

    This field shows each folder you are trying to give permissions to. The available operations are shown and in this case it is Grant Access since we are trying to gain access to the Project B folder. The type of permission is also listed which is Read Write, which allows the user to open, as well as edit, any file in that folder:
    Image Removed

    Tip
    titleTip
    There is an option to give users Read Only permissions

    .

    However, the folder needs to be set up with both Read Only and Read Write permissions. You can specify the setup type when submitting a request to protect a folder to help@bmi.cchmc.org or when submitting a new drive request in the BMI Store.

    Read Only is also available under the type of permission:
    Screenshot-DataStorage-PermRequests-3OperationsPermImage Added

    If a user already has permission to a folder and you would like to revoke their permission, follow the same steps up to this point. Under Available Operations it will instead say Revoke Access:Image Removed
    Screenshot-DataStorage-PermRequests-3OperationsRevokeImage Added

    If you wish to remove a folder from this list, click the checkbox next to the name of the folder you would like to remove and then click the Remove button:
    Image RemovedScreenshot-DataStorage-PermRequests-3OperationsRemoveImage Added

    Anchor
    Step4
    Step4
    Step 4: Explanation

    An explanation as to why you are requesting access to this folder is MANDATORY. Briefly describe the reason in the textbox:
    ExplanationImage RemovedScreenshot-DataStorage-PermRequests-4ExplanationImage Added

    Step 5: Expiration (Optional)

    Below the Explanation Step click Advanced to make a small field appear. If a user needs permissions for a finite length of time, you can enter the date or the number of days after which you want these permissions to be automatically revoked:
    ExpirationImage RemovedScreenshot-DataStorage-PermRequests-5ExpirationImage Added

    Finish

    Click the Finishthe Submit button to submit the request.

    Approving/Denying Permissions Requests (Authorizers Only)

    Permission Request Email

    Once a Permission request Request has been sent, the authorizer Authorizers will receive an email stating that the permission request needs to be approved or declined.Part 1: This

    1. This contains the link to the Permissions Manager where the
    authorizer
    1. Authorizer will grant or decline permission to a folder.
    Part 2: This
    1. This contains the information about the request such as the name of the user requesting permission, the folder they wish to have access to, permission level, and reason.

    The rest of the email contains frequently asked questions which are sent with every permission request email and can be helpful.

    Click the link at the top to proceed to the Permission Approval area of Request Details window in the Permissions Manager site.

    Image Removed

    Permissions Manager Approve/Deny Request Screen

    Screenshot-DataStorage-PermRequests-EmailImage Added

    Viewing Requests Waiting for Approval in Permissions Manager

    Alternately, you can also view any Permissions Requests that are waiting for your approval directly in Permissions Manager. Login to Permissions Manager and find the "Requests waiting for my approval" section on the Summary Screen. You can click the section to expand it if it is not already visible. Click the Request Details icon or the Request ID Number to proceed to the Request Details window in the Permissions Manager site. If you select the checkbox next to one or more requests and then click the Approve/Decline button you can approve or decline those requests in bulk and bypass viewing the details screen for each one.

    Screenshot-DataStorage-PermRequests-SummaryImage Added

    Request Details Window - Approve or Decline

    The top of the screen is very important. It displays the Request Type. In many cases it will be Grant Access, but in some cases it may say Revoke Access.

    Image RemovedScreenshot-DataStorage-PermRequests-DetailsImage AddedRequest TypeImage Removed

    Screenshot-DataStorage-PermRequests-RequestTypeImage Added

    If a user already has access to a folder and another request is made to revoke access for a that user to that folder make sure you are approving the correct action. If you approve a Revoke request, that user will no longer have permission to that folder. If you decline a Revoke request, the means the user will still have their current permissions.

    Explanation of Page LayoutParts of the Request Details Window:

    1. The user , the request is for along with all their information, wishing to gain access to a folder.
    2.  The The folder the user will have access to and , the type of permission. NOTE: If multiple folders were selected, they will all display under the drop down box next to Membership to:, and the reason the user needs access.
    3. The length of time the permission will last. If the an Expire On option was selected a different date can be picked. If the  or Expire After option was time was selected, a different amount of days time can be enteredpicked by the Authorizer.NOTE: Once the Approve button is clicked in step 7, a different date option can be selected before clicking OK.
    4. All authorizer(s) Clicking the View Approval Status button will display a list of all of the authorizers for the folder.
    5. The reason why the user needs permission for the folder.
    6. MANDATORY explanation, by the authorizer, why permission is being approved or declined.
    7.  Click Approve or Decline for the permission and click OKApprove and Decline buttons.

    Approve or Decline the Request:

    1. Click the Approve or Decline button.
    2. Enter a Reason for choice made.
    3. Click the Approve/Decline button.

    Permission Request Email Update

    Once a permissions request is Permission Request has been approved or declined for a user an email will be sent to that user.Part 1: The

    1. The request type (i.e. Grant or Revoke).
    Part 2: Whether
    1. Whether the request was approved or declined.
    Part 3: A
    1. A link that goes to
    the permissions site and displays, in more detail, information on
    1. Permissions Manager and displays the full details of the request.

    The rest of the email contains additional instructions and information that is useful such as mapping a network drive to a computer and contact information.

    Image Removed

    Permissions Manager Request Status Screen:
    Permission Status ScreenImage Removed

    Screenshot-DataStorage-PermRequests-EmailUpdateImage Added

    Viewing Permissions

    1. If you would like to see who has permissions to a particular folder you can click on the Management tab on the left side of the screen. Then underneath Management click Directory  click Folder Authorizer:
      Image RemovedScreenshot-DataStorage-PermRequests-FolderAuthImage Added

    2. On the Management Folder Authorizer screen under the Managed Directories - Host/Folder Name column click on the folder you would like to look into:
      Image Removed
      Then under the Permissions - Display Name column click the + next Screenshot-DataStorage-PermRequests-FolderAuthNameImage Added

    3. Next, on the Permissions tab click the Magnifying Glass icon to switch the view to "Monitored permissions". This will make sure you only see the relevant groups to view permissions on the folder.
      Screenshot-DataStorage-PermRequests-FolderAuthMonitoredImage Added

    4. Click the + and - in the Display Name column next to the name of the group you are interested in to see

      all

      a list of the users

      with permissions to that folder as well as

      and when their permissions expire

      :
      Image Removed

      . The

    other groups that may appear under the initial folder you picked are groups from the I.S. department. They manage the whole permissions program and are included in many folders
    1. groups ending in "_F" and "_R" are the main permissions groups used to grant someone access to a folder. The "_F" is the Read Write group and the "_R" is the Read Only group.

      Tip

      There may be other groups appearing that are used by Information Services or automated server applications. Do not worry about them being listed under your folders and groups.

    IS GroupsImage Removed
    1. You can change the Expiration Date for any user listed by clicking the date or the text "Never".


      Screenshot-DataStorage-PermRequests-FolderAuthGroupsImage Added

    Changing the Expiration Date

    You can change the Expiration Date for a user that already has permissions to a folder without revoking and granting a new permission request.

    1. Follow the steps above for Viewing Permissions to find the group and user.

    2. Look to the right of the user's name for the "Expiration Date" column.

    3. The text in the "Expiration Date" column will either show the date the user's permissions will expire or "Never". Click the text.
      Screenshot-DataStorage-PermRequests-ExpirationImage Added

    4. Choose the new expiration (Never, On Specific Date, or Days After Approval), enter a Reason, and then click the OK button.
      Screenshot-DataStorage-PermRequests-EditExpirationImage Added

    Getting additional help

    If there are still any issues after reading these instructions and any help is still needed please email help-rds@bmi.cchmc.org for further assistance.