Diversity Collection

Rights management

DC has multiple levels of access and rights management. The following lists the different rights management levels, along with the associated tables and affected workflows in the client.

Database login with database roles

When a user is created (Administration - Database - Login), they are added to the respective database (Security - Logins). The database roles selected in the client (Editor, Collection Manager, etc.) are assigned to them. The roles are database-wide and regulate the general editing and reading rights of the DC users. For a list of database roles, see Database roles

Access management at project level

In the client user management (Administration - Database - Login), users can be granted or revoked access to projects. All specimen data in DC is always assigned to a project. Users can only view data if they have access to the respective project.

  • Tables in DC:
    • ProjectProxy: Table with project ID, project name, etc. as well as a column IsLocked, which indicates whether a project has been completely locked.
    • ProjectUser: Table with project ID, login name, and read-only. The table contains all projects each user has access to.
  • Project access management affects all workflows in which details of specimen data are accessed.
  • There are four different project access options for a project: NoAccess, Accessible, ReadOnly, Locked. See also Project administration

Access management at collection level

Rights management at the collection level is independent of project access management. To administer collections, users require the Administrator or CollectionManager database role.

There are two tables that manage collection rights:

  • The CollectionManager table contains the users and collections that have administrative rights. Rights management is hierarchical, meaning that if a user has administrative rights for one collection, they automatically also have administrative rights for all child collections. See also CollectionManager
    • CollectionManager: LoginName | AdministratingCollectionID | RowGUID
  • The second table, CollectionUser, contains entries for users and collections to which a user has explicit read access. In this case, the user has access only to these collections. If there are no entries for a user in this table, they have read access to all collections. See also CollectionUser
    • CollectionUser: LoginName | CollectionID | RowGUID

The collection rights are queried when managing collections, as well as during transaction workflows such as lending, etc.