... | ... | @@ -26,11 +26,11 @@ A similar policy applies to column management. When a Data Administrator removes |
|
|
|
|
|
# Grouping
|
|
|
|
|
|
Members of the `Data Administrator` role can
|
|
|
Members of the `Data Administrator` role can group
|
|
|
|
|
|
- group columns into column groups, and
|
|
|
- group rows into participant groups.
|
|
|
- columns into column groups, and
|
|
|
- rows into participant groups.
|
|
|
|
|
|
Such groups serve as a basis for [data access management](Access-Management#data-access). For example, a `MedicalInfo` column group might contain the `LastDoctorVisit` and `BloodPressure` columns, and the rows for `Scrooge` and `Donald` might be included in a participant group called `Ducks`. An access administrator can they grant certain user(group)s access to `MedicalData` and to the participants classified as `Ducks`. Such users are then authorized to download all `MedicalData` for all `Ducks` stored in PEP.
|
|
|
Such groups serve as a basis for [data access management](Access-Management#data-access). For example, a `MedicalInfo` column group might contain the `LastDoctorVisit` and `BloodPressure` columns, and the rows for `Scrooge` and `Donald` might be included in a participant group called `Ducks`. An Access Administrator can they grant certain user(group)s access to `MedicalData` and to the participants classified as `Ducks`. Such users are then authorized to download all `MedicalData` for all `Ducks` stored in PEP.
|
|
|
|
|
|
Note that to be able to retrieve any data from PEP, users will need access to at least one column group *and* at least one participant group. When they are granted access to further column and/or participant groups, they'll be able to read and/or write any combination of cells matching any of the configured access rules. It is not possible to grant access to specific combinations: "these columns for these participants, and those other columns for those other participants". Such situations can be configured by assigning users to multiple roles, and then granting appropriate privileges to those separate roles. |
|
|
\ No newline at end of file |
|
|
Note that to be able to retrieve any data from PEP, users will need access to at least one column group *and* at least one participant group. When they are granted access to further column and/or participant groups, they'll be able to read and/or write any combination of cells matching the configured access rules. It is not possible to grant access to specific combinations of column and participant groups, e.g. "these columns for these participants, and those other columns for those other participants". If needed, such situations can be configured by assigning users to multiple access groups, and then granting appropriate privileges to those separate access groups. Users will need to [enroll](Access-management#Enrollemnt) separately for each access group. |
|
|
\ No newline at end of file |