The Permissions Manager tool lets users request permission to drives on the Research Data Storage systems. Instead of users emailing various folder authorizers and having the email possibly get lost or deleted, Permissions Manager takes care of everything. All a user has to do is go through a few simple steps to submit a request and they will be properly routed for approval. |
»To make a permission request for RDS6 please visit https://bmirdsdp/dp or https://bmirdsdp.chmccorp.cchmc.org - this will only work while on the CCHMC network or when VPN connected to CCHMC.
»To make a permission request for BMIISI on CCHMC RES domain shares (aka RES DP) please visit https://dp.research.cchmc.org - this link will work on the CCHMC network and on external networks.
Please use Firefox or Chrome to access the Permissions Manager. Safari and Edge have been known to have problems with this application. |
If you see a browser security error when trying to access the Permissions Manager, please follow the instructions here to resolve the error: Fix Security Error for Permissions Manager. |
Download a PDF copy of this document: |
To request a folder to be added to Permissions Manager, send the following information to help-rds@bmi.cchmc.org:
After the folder has been protected, it will become available in Permissions Manager. Access to a protected folder must be requested via Permissions Manager. Instructions on how submit this request are detailed below in the section: Submitting Permission Requests.
There are two types of RDS drives, each of which can contain folders and sub folders.
All users can share data by uploading it to their (G:) drive, or divisional shared drive. By default, data added to a divisional shared drive can be viewed and modified by anyone in your division. However, you can request that a folder be locked down so that data inside is shared only with select users.
If you need to share a large volume of data over a lengthy period of time -- for example, files related to a research lab or study -- it is better to store this data on a project drive. This is an area separate from your divisional shared (G:) drive, and can be shared among multiple users via the Permissions Manager tool.
You should automatically have access to your divisional shared (G:) drive. If the drive doesn't appear automatically when you log in to the Cincinnati Children's network, please send contact your Business/Admin Office.
To request a new project drive, you will need to go to BeMyIT Store, login with your CCHMC credentials, and submit a new request for an RDS drive. Instructions on using the BeMyIT Store are here: BeMyIT Store.
Also, if you add a new folder to your divisional shared or project drive, this folder does NOT automatically appear in the Permissions Manager. It will have the same protections as the parent divisional drive or project drive. To protect this folder seperately, you need to send an email to help-rds@bmi.cchmc.org asking that it be protected, with the full path of the folder to be protected, and the names of at least 2 authorizers who will manage access to the protected folder.
A protected folder will list in Permissions Manager. If it is necessary to rename it, you must email help-rds@bmi.cchmc.org before renaming or the permissions might not transfer properly.
A protected folder has its own set of permissions. When moving data from a protected folder, you must copy & paste instead of drag & drop. Drag & drop will likely result in the permissions not transferring properly, resulting in access denied errors. After pasting data in the new folder, the copied data can be deleted from the original folder.
There are two different types of user roles in Permissions Manager:
If you would like to request access for yourself or for another user to any folder maintained by the Permissions Manager, you first need to click on the Permission Requests tab on the left side of the screen:
Once the page loads, you will be taken to the request screen.
By default, you will be the user that is requesting permissions to access a folder. If you are trying to gain access for yourself then continue to Step 2.
Otherwise, look through the list of available drives until you find the drive you desire. Once it is found, click on the + next to the name. This will expand the drive and show all the sub folders of that drive. If you want to collapse the drive you can click the - next to the name and it will go back to the way it was. Sort through the folders until the desired folder is found. Select the checkbox next to the name of the folder and click the OK button at the bottom of the window. You can also select multiple folders by clicking multiple checkboxes.
If you know a sub folder exists but it is not listed, it probably has not been added to Permissions Manager as a managed folder. Learn more about how to request that folder to be added at the top of this page. |
The path for the selected folder(s) will be added to the textbox. Click the Add button and the folder(s) will be moved to the Operations Step:
This field shows each folder you are trying to give permissions to. The available operations are shown and in this case it is Grant Access since we are trying to gain access to the Project B folder. The type of permission is also listed which is Read Write, which allows the user to open, as well as edit, any file in that folder. Read Only is also available under the type of permission:
If a user already has permission to a folder and you would like to revoke their permission, follow the same steps up to this point. Under Available Operations it will instead say Revoke Access:
If you wish to remove a folder from this list, click the checkbox next to the name of the folder you would like to remove and then click the Remove button:
An explanation as to why you are requesting access to this folder is MANDATORY. Briefly describe the reason in the textbox:
If a user needs permissions for a finite length of time, you can enter the date or the number of days after which you want these permissions to be automatically revoked:
Click the Submit button to submit the request.
Once a Permission Request has been sent, the Authorizers will receive an email stating that the permission request needs to be approved or declined.
The rest of the email contains frequently asked questions which are sent with every permission request email and can be helpful.
Click the link at the top to proceed to the Request Details window in the Permissions Manager site.
Alternately, you can also view any Permissions Requests that are waiting for your approval directly in Permissions Manager. Login to Permissions Manager and find the "Requests waiting for my approval" section on the Summary Screen. You can click the section to expand it if it is not already visible. Click the Request Details icon or the Request ID Number to proceed to the Request Details window in the Permissions Manager site. If you select the checkbox next to one or more requests and then click the Approve/Decline button you can approve or decline those requests in bulk and bypass viewing the details screen for each one.
The top of the screen is very important. It displays the Request Type. In many cases it will be Grant Access, but in some cases it may say Revoke Access.
If a user already has access to a folder and another request is made to revoke access for that user make sure you are approving the correct action. If you approve a Revoke request, that user will no longer have permission to that folder. If you decline a Revoke request, the means the user will still have their current permissions. Parts of the Request Details Window:
Approve or Decline the Request:
|
Once a Permission Request has been approved or declined an email will be sent to that user.
The rest of the email contains additional instructions and information that is useful such as mapping a network drive to a computer and contact information.
Click the + and - in the Display Name column next to the name of the group you are interested in to see a list of the users and when their permissions expire. The groups ending in "_F" and "_R" are the main permissions groups used to grant someone access to a folder. The "_F" is the Read Write group and the "_R" is the Read Only group.
There may be other groups appearing that are used by Information Services or automated server applications. Do not worry about them being listed under your folders and groups. You can change the Expiration Date for any user listed by clicking the date or the text "Never". |
If there are still any issues after reading these instructions and any help is still needed please email help-rds@bmi.cchmc.org for further assistance.