diff --git a/docs/source/roles/system_manager/manage_users.md b/docs/source/roles/system_manager/manage_users.md index c83a2c80f3..855ee86807 100644 --- a/docs/source/roles/system_manager/manage_users.md +++ b/docs/source/roles/system_manager/manage_users.md @@ -17,10 +17,10 @@ A helper script for doing this is already uploaded to the domain controller - yo ### {{lock}} SRE Security Groups -Each user should be assigned to one or more Active Directory "security groups", which give them access to a given SRE with appropriate privileges. The security groups are named like so: +Each user should be assigned to one or more Active Directory "security groups", which give them access to a given SRE with appropriate privileges: - `SG Research Users`: Default for most researchers. No special permissions. -- `SG Data Administrators`: Researchers who can create/modify/delete database tables schemas. Given to a smaller number of researchers. Restricting this access to most users prevents them creating/deleting arbitrary schemas, which is important because some SREs have their input data in database form. +- `SG Data Administrators`: Researchers who can create/modify/delete tables in the `data` schema on a `PostgreSQL` within ```. Users outside this group can only read these tables. Restricting this access to most users prevents them creating/deleting arbitrary schemas, which is important because some SREs have their input data in database form. (generate_user_csv)=