The Permissions Manager tool lets users request permission to drives on the Research Data Storage systems. Instead of users emailing various folder authorizers and having the email possibly get lost or deleted, Permissions Manager takes care of everything. All a user has to do is go through a few simple steps to submit a request and they will be properly routed for approval.


»To make a permission request for RDS6 please visit https://bmirdsdp/dp or https://bmirdsdp.chmccorp.cchmc.org - this will only work while on the CCHMC network or when VPN connected to CCHMC.

»To make a permission request for BMIISI on CCHMC RES domain shares (aka RES DP) please visit https://dp.research.cchmc.org - this link will work on the CCHMC network and on external networks.

Please use Firefox or Chrome to access the Permissions Manager. Safari and Edge have been known to have problems with this application.

If you see a browser security error when trying to access the Permissions Manager, please follow the instructions here to resolve the error: Fix Security Error for Permissions Manager.

Download a PDF copy of this document:
RESITHUB-ManagingFolderPermissions-230321-1625-358.pdf

Request a Folder be Added to Permissions Manager

To request a folder to be added to Permissions Manager, send the following information to help-rds@bmi.cchmc.org:

  • Path of folder to be protected
  • The names of at least 2 authorizers who will manage access to the protected folder

After the folder has been protected, it will become available in Permissions Manager. Access to a protected folder must be requested via Permissions Manager. Instructions on how submit this request are detailed below in the section: Submitting Permission Requests.

Permissions Manager Home Screen

Screenshot-DataStorage-HomeScreen

  1. Summary - Shows a list of all recent pending, approved, declined, or cancelled requests.
  2. Permission Requests - Allows a user to request or revoke permission to a folder or network drive.
  3. Membership Requests - Ignore this tab (for advanced users).
  4. Search - Allows for a search of any type of request, operation made on a permissions request, user, start or end date, or request ID.

About Drives and Managed Folders

There are two types of RDS drives, each of which can contain folders and sub folders.

All users can share data by uploading it to their (G:) drive, or divisional shared drive. By default, data added to a divisional shared drive can be viewed and modified by anyone in your division. However, you can request that a folder be locked down so that data inside is shared only with select users.

If you need to share a large volume of data over a lengthy period of time -- for example, files related to a research lab or study -- it is better to store this data on a project drive. This is an area separate from your divisional shared (G:) drive, and can be shared among multiple users via the Permissions Manager tool.

Requesting A New Drive

You should automatically have access to your divisional shared (G:) drive. If the drive doesn't appear automatically when you log in to the Cincinnati Children's network, please send contact your Business/Admin Office.

To request a new project drive, you will need to go to BeMyIT Store, login with your CCHMC credentials, and submit a new request for an RDS drive. Instructions on using the BeMyIT Store are here: BeMyIT Store.

Also, if you add a new folder to your divisional shared or project drive, this folder does NOT automatically appear in the Permissions Manager. It will have the same protections as the parent divisional drive or project drive. To protect this folder seperately, you need to send an email to help-rds@bmi.cchmc.org asking that it be protected, with the full path of the folder to be protected, and the names of at least 2 authorizers who will manage access to the protected folder.

Renaming Folders

A protected folder will list in Permissions Manager. If it is necessary to rename it, you must email help-rds@bmi.cchmc.org before renaming or the permissions might not transfer properly.

Copying Data from Protected Folders and Drives

A protected folder has its own set of permissions. When moving data from a protected folder, you must copy & paste instead of drag & drop. Drag & drop will likely result in the permissions not transferring properly, resulting in access denied errors. After pasting data in the new folder, the copied data can be deleted from the original folder.

Submitting Permission Requests

There are two different types of user roles in Permissions Manager:

  • Requestor: Can request access to any folder.
  • Authorizer: Can grant or revoke requests to gain access to a locked folder for which he/she is the approver. 

If you would like to request access for yourself or for another user to any folder maintained by the Permissions Manager, you first need to click on the Permission Requests tab on the left side of the screen:
Screenshot-DataStorage-PermRequests
Once the page loads, you will be taken to the request screen.

Step 1: Select a User

By default, you will be the user that is requesting permissions to access a folder. If you are trying to gain access for yourself then continue to Step 2.

  1. If requesting permissions for a user other than yourself, click the Change Users button:
    Screenshot-DataStorage-PermRequests-1User

  2. The Select Users window will appear and you can search for the user for whom you wish to request permissions. In the empty Search textbox, enter the user’s name as "last name, first name". If you are not sure of the spelling of the names, then type just a few letters of the last name:
    Screenshot-DataStorage-PermRequests-1UserSelect

  3. If a list of multiple users is displayed, then check the corresponding Department or Logon Name listed for the user. If you know the Logon Name (Network ID at Cincinnati Children’s) of the user, then click in the box labeled Name, select Logon Name and enter the network ID in the blank textbox.
    Screenshot-DataStorage-PermRequests-1UserSelectName

  4. Once the user is found, click on their name in the Display Name column and that is the user for whom you will be requesting permissions. Then click the Update button to close the Select Users window and proceed to Step 2.

Step 2: Folders

  1. Here is where you select the folder to which you wish to give the user access. Click the Browse button:
    Screenshot-DataStorage-PermRequests-2Folders

  2. The Select Folders window will appear:
    Screenshot-DataStorage-PermRequests-2FoldersSelect

  3. If you know the exact name of the path of the folder you can type it in the Search field at the top of the window:
    Screenshot-DataStorage-PermRequests-2FoldersSelectSearch

  4. Otherwise, look through the list of available drives until you find the drive you desire. Once it is found, click on the + next to the name. This will expand the drive and show all the sub folders of that drive. If you want to collapse the drive you can click the - next to the name and it will go back to the way it was. Sort through the folders until the desired folder is found. Select the checkbox next to the name of the folder and click the OK button at the bottom of the window. You can also select multiple folders by clicking multiple checkboxes.

    If you know a sub folder exists but it is not listed, it probably has not been added to Permissions Manager as a managed folder. Learn more about how to request that folder to be added at the top of this page.


    Screenshot-DataStorage-PermRequests-2FoldersSelectExpand


  5. The path for the selected folder(s) will be added to the textbox. Click the Add button and the folder(s) will be moved to the Operations Step:
    Screenshot-DataStorage-PermRequests-2FoldersAdd

Step 3: Operations

This field shows each folder you are trying to give permissions to. The available operations are shown and in this case it is Grant Access since we are trying to gain access to the Project B folder. The type of permission is also listed which is Read Write, which allows the user to open, as well as edit, any file in that folder. Read Only is also available under the type of permission:
Screenshot-DataStorage-PermRequests-3OperationsPerm

If a user already has permission to a folder and you would like to revoke their permission, follow the same steps up to this point. Under Available Operations it will instead say Revoke Access:
Screenshot-DataStorage-PermRequests-3OperationsRevoke

If you wish to remove a folder from this list, click the checkbox next to the name of the folder you would like to remove and then click the Remove button:
Screenshot-DataStorage-PermRequests-3OperationsRemove

Step 4: Explanation

An explanation as to why you are requesting access to this folder is MANDATORY. Briefly describe the reason in the textbox:
Screenshot-DataStorage-PermRequests-4Explanation

Step 5: Expiration (Optional)

If a user needs permissions for a finite length of time, you can enter the date or the number of days after which you want these permissions to be automatically revoked:
Screenshot-DataStorage-PermRequests-5Expiration

Finish

Click the Submit button to submit the request.

Approving/Denying Permissions Requests (Authorizers Only)

Permission Request Email

Once a Permission Request has been sent, the Authorizers will receive an email stating that the permission request needs to be approved or declined.

  1. This contains the link to the Permissions Manager where the Authorizer will grant or decline permission to a folder.
  2. This contains the information about the request such as the name of the user requesting permission, the folder they wish to have access to, permission level, and reason.

The rest of the email contains frequently asked questions which are sent with every permission request email and can be helpful.

Click the link at the top to proceed to the Request Details window in the Permissions Manager site.

Screenshot-DataStorage-PermRequests-Email

Viewing Requests Waiting for Approval in Permissions Manager

Alternately, you can also view any Permissions Requests that are waiting for your approval directly in Permissions Manager. Login to Permissions Manager and find the "Requests waiting for my approval" section on the Summary Screen. You can click the section to expand it if it is not already visible. Click the Request Details icon or the Request ID Number to proceed to the Request Details window in the Permissions Manager site. If you select the checkbox next to one or more requests and then click the Approve/Decline button you can approve or decline those requests in bulk and bypass viewing the details screen for each one.

Screenshot-DataStorage-PermRequests-Summary

Request Details Window - Approve or Decline

The top of the screen is very important. It displays the Request Type. In many cases it will be Grant Access, but in some cases it may say Revoke Access.

Screenshot-DataStorage-PermRequests-Details

Screenshot-DataStorage-PermRequests-RequestType

If a user already has access to a folder and another request is made to revoke access for that user make sure you are approving the correct action. If you approve a Revoke request, that user will no longer have permission to that folder. If you decline a Revoke request, the means the user will still have their current permissions.

Parts of the Request Details Window:

  1. The user the request is for along with all their information.
  2. The folder the user will have access to, the type of permission, and the reason the user needs access.
  3. The length of time the permission will last. If an Expire On or Expire After time was selected, a different time can be picked by the Authorizer.
  4. Clicking the View Approval Status button will display a list of all of the authorizers for the folder.
  5. The Approve and Decline buttons.

Approve or Decline the Request:

  1. Click the Approve or Decline button.
  2. Enter a Reason for choice made.
  3. Click the Approve/Decline button.

Permission Request Email Update

Once a Permission Request has been approved or declined an email will be sent to that user.

  1. The request type (i.e. Grant or Revoke).
  2. Whether the request was approved or declined.
  3. A link that goes to Permissions Manager and displays the full details of the request.

The rest of the email contains additional instructions and information that is useful such as mapping a network drive to a computer and contact information.

Screenshot-DataStorage-PermRequests-EmailUpdate

Viewing Permissions

  1. If you would like to see who has permissions to a particular folder you can click on the Management tab on the left side of the screen. Then underneath Management click Folder Authorizer:
    Screenshot-DataStorage-PermRequests-FolderAuth

  2. On the Folder Authorizer screen under the Host/Folder Name column click on the folder you would like to look into:
    Screenshot-DataStorage-PermRequests-FolderAuthName

  3. Next, on the Permissions tab click the Magnifying Glass icon to switch the view to "Monitored permissions". This will make sure you only see the relevant groups to view permissions on the folder.
    Screenshot-DataStorage-PermRequests-FolderAuthMonitored

  4. Click the + and - in the Display Name column next to the name of the group you are interested in to see a list of the users and when their permissions expire. The groups ending in "_F" and "_R" are the main permissions groups used to grant someone access to a folder. The "_F" is the Read Write group and the "_R" is the Read Only group.

    There may be other groups appearing that are used by Information Services or automated server applications. Do not worry about them being listed under your folders and groups.

    You can change the Expiration Date for any user listed by clicking the date or the text "Never".


    Screenshot-DataStorage-PermRequests-FolderAuthGroups

Getting additional help

If there are still any issues after reading these instructions and any help is still needed please email help-rds@bmi.cchmc.org for further assistance.