... | ... | @@ -33,4 +33,10 @@ Members of the `Data Administrator` role can group |
|
|
|
|
|
Such groups serve as a basis for [data access management](Access-Management#data-access). For example, a `MedicalInfo` column group might contain the `LastDoctorVisit` and `BloodPressure` columns, and the rows for `Scrooge` and `Donald` might be included in a participant group called `Ducks`. An Access Administrator can they grant certain user(group)s access to `MedicalData` and to the participants classified as `Ducks`. Such users are then authorized to download all `MedicalData` for all `Ducks` stored in PEP.
|
|
|
|
|
|
Note that to be able to retrieve any data from PEP, users will need access to at least one column group *and* at least one participant group. When they are granted access to further column and/or participant groups, they'll be able to read and/or write any combination of cells matching the configured access rules. It is not possible to grant access to specific combinations of column and participant groups, e.g. "these columns for these participants, and those other columns for those other participants". If needed, such situations can be configured by assigning users to multiple access groups, and then granting appropriate privileges to those separate access groups. Users will need to [enroll](Access-management#Enrollemnt) separately for each access group. |
|
|
\ No newline at end of file |
|
|
PEP provides a number of predefined column groups and participant groups. Their names should be considered reserved words, i.e. not be (re)used for other purposes. The only predefined participant group is named `*` and contains all rows. Newly added rows are automatically added to this participant group. Predefined column groups and their purposes are listed in the following table:
|
|
|
|
|
|
| Name | Contains | Updates |
|
|
|
| ---- | -------- | ------- |
|
|
|
| `*` | All columns | Newly added columns are automatically added to this column group. |
|
|
|
| `VisitAssessors` | All columns storing identifiers for the assessors that administered a(n academic study's) participant measurement session (i.e. visit to the research center). | Automatically kept synchronized with environment configuration. |
|
|
|
| `ShortPseudonyms` | All columns storing [short pseudonyms](Data-structure#short-pseudonyms). | Automatically kept synchronized with environment configuration. | |