Skip to main content
Skip table of contents

Configure User Permissions

Once you have created some user accounts, you need to give those users permission to access databases. Typically, you will find it easiest to manage permissions by adding users to groups and then giving those groups the appropriate permissions, rather than trying to manage permissions on a per-user basis.

You are recommended to outline the permissions on paper before you start allocating permissions in SuperADMIN. This will help you to define the appropriate group structure and allocate permissions accordingly.

You can apply permissions to any item in the catalogue, including whole databases, folders and individual fields or value sets. For more information about applying permissions at the field level, see Configure Field Level Security.

If you have configured SuperADMIN to use an external authentication service (such as LDAP or Active Directory), then in order to manage user and group permissions you must be logged in to SuperADMIN as a user who has been authenticated via the external authentication service. The user account must also be a member of the administrators group for that authentication service (i.e., it must be a user that belongs to the administrator group you specified using the auth <service_name> adminGroup <group> command when you set up the external authentication service).

Configure Permissions

To configure permissions, use the following command:

TEXT
cat {<database_id>|<folder_id>} [ <item> ] access {<user>|<group>} {read|write|readpermissions|writepermissions} {true|false}

Where:

ParameterDescription
{<database_id>|<folder_id>}

The ID of the database or folder you are applying the permission to.

<item>

(Optional): the ID of an item within the database to apply security to. If you omit this, the permission is applied to the whole database.

The item can be a field, summation option, value, or value set (see these instructions for more information about configuring Field Level Security).

{<user>|<group>}

The user or group this setting applies to.

{read|write|readpermissions|writepermissions}

The permission to apply:

  • read - the user can read/view the catalogue item. You must give users read access to at least one database.
  • write - the user can write/edit/change the catalogue item (although not the data itself, this is read only).
  • readpermissions - the user can give other users read permissions over the catalogue item.
  • writepermissions - the user can give other users write permissions over the catalogue item.

See below for more details about the four user permissions.

{true|false}
  • Set to true to allow access for the specified user or group.
  • Set to false to deny access for the specified user or group.

For example, the following code gives the user jsmith read access to the entire Retail Banking database (ID: bank):

TEXT
cat bank access jsmith read true

Check Permissions

There are two main ways to check the current permissions:

  • You can check what permissions a user or group have for a particular catalogue item using the following command:

    TEXT
    cat {<database_id>|<folder_id>} [ <item> ] access {<user>|<group>}

    For example:

    TEXT
    > cat bank access standardusers
    [Access Settings : standardusers]
        read         : true
        write        : false
        r/permission : false
        w/permission : false
  • You can check which users and groups have permissions set for any item in the catalogue (such as a database, table, folder, record group, etc) using the following command:

    TEXT
    cat <id> permissions

    For example:

    TEXT
    > cat bank permissions
    [Access Settings : guest, user2, standardusers, jsmith (Inheritable:true) ]
        read         : true
    
    > cat MyFolder permissions
    [Access Settings : jsmith (Inheritable:true) ]
        read         : true

Read and Write Permissions

There are four types of permission you can assign to users: read, write, readpermissions and writepermissions.

Standard users should only be given the read permission. This allows the user to access the database for cross tabulation using one of the SuperSTAR clients.

The other three permission levels are intended for administrator users only:

  • Users with write access to the database can amend the database settings in the SuperADMIN console (for example, they can change the database display name).
  • Users with readpermission access to the database can use SuperADMIN to see what permissions other users have.
  • Users with writepermission access to the database can use SuperADMIN to change user permissions on the database.

The data in the databases is read-only. Users cannot change any of the underlying data, regardless of their permissions.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.