... | ... | @@ -16,7 +16,7 @@ A major difference with traditional data(base) storage systems is that no separa |
|
|
|
|
|
The intersection of a row and column is called a cell. Cells do not have an identifier of their own. Instead, when storing or retrieving data, users can identify cells by specifying the associated column name and row identifier.
|
|
|
|
|
|
Access cannot be managed at the cell level: rows and columns are the smallest units for which access can be granted or revoked. Data Administrator should take this into account in their column management. If (at some point) data are to be disseminated separately, they must be stored in separate cells. Consequently, separate columns must be made available.
|
|
|
Access cannot be [managed](Access-control#data-access) at the cell level: rows and columns are the smallest units for which access can be granted or revoked. Data Administrator should take this into account in their column management. If (at some point) data are to be disseminated separately, they must be stored in separate cells. Consequently, separate columns must be made available.
|
|
|
|
|
|
# Retention
|
|
|
|
... | ... | @@ -28,7 +28,7 @@ A similar policy applies to column management. When a Data Administrator removes |
|
|
|
|
|
Members of the `Data Administrator` role can group
|
|
|
|
|
|
- columns into column groups, and
|
|
|
- [columns into column groups](Using-pepcli#ama-column), and
|
|
|
- rows into participant groups.
|
|
|
|
|
|
Such groups serve as a basis for [data access management](Access-control#data-access). For example, a `MedicalInfo` column group might contain the `LastDoctorVisit` and `BloodPressure` columns, and the rows for `Scrooge` and `Donald` might be included in a participant group called `Ducks`. An Access Administrator can then grant certain user(group)s access to `MedicalData` and to the participants classified as `Ducks`. Such users are then authorized to access all `MedicalData` for all `Ducks` stored in PEP.
|
... | ... | |