From b6321cde2bbb5c1ed45b6614f07d4d82a5b4231a Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Tue, 23 Jan 2024 16:22:38 +0000 Subject: [PATCH] udpate description of data admins --- docs/source/roles/system_manager/manage_users.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/roles/system_manager/manage_users.md b/docs/source/roles/system_manager/manage_users.md index c83a2c80f3..855ee86807 100644 --- a/docs/source/roles/system_manager/manage_users.md +++ b/docs/source/roles/system_manager/manage_users.md @@ -17,10 +17,10 @@ A helper script for doing this is already uploaded to the domain controller - yo ### {{lock}} SRE Security Groups -Each user should be assigned to one or more Active Directory "security groups", which give them access to a given SRE with appropriate privileges. The security groups are named like so: +Each user should be assigned to one or more Active Directory "security groups", which give them access to a given SRE with appropriate privileges: - `SG Research Users`: Default for most researchers. No special permissions. -- `SG Data Administrators`: Researchers who can create/modify/delete database tables schemas. Given to a smaller number of researchers. Restricting this access to most users prevents them creating/deleting arbitrary schemas, which is important because some SREs have their input data in database form. +- `SG Data Administrators`: Researchers who can create/modify/delete tables in the `data` schema on a `PostgreSQL` within ```. Users outside this group can only read these tables. Restricting this access to most users prevents them creating/deleting arbitrary schemas, which is important because some SREs have their input data in database form. (generate_user_csv)=