Database Settings

The Database settings section allows you to control whether or not the permission set for users and roles to view, insert, modify and remove data are enforced. To change the actual permissions, see Editing a User or Contact. The database settings also determine the way data is archived and hashed. The options are presented in a tree-view. Clicking the check box next to a node allows you to select or deselect the option represented by that node and any sub-nodes attached to it. Alternatively, if a node has a plus symbol next to it, you can click on that symbol and select from a list of sub-node s. The choice of options can have a significant impact on system resources and application performance. If you do not require the installation of a system that is fully compliant with the FDA guidelines it is strongly recommended that you read this section carefully. By default eLab is set to the highest level of compliance.

Note: eLab’s data is stored in a database which is a structured collection of related tables, each consisting of rows and columns. Related types of data are grouped into tables, each row of a table represents a single item of data , and each field of the row maintains a separate property of the data. For example, user data may be stored in a user table. Each row of that table would contain data relating to a single user and each field of the row contains a separate property that describes that user.

eLab controls access to data by the use of permissions. For a user to be able to access specific data they must have been granted the permission to do so, either directly via their user account or indirectly through one of the roles they belong to. The types of permissions that are enforced for a user or a role are determined by the options under the Enforce permission node. Using these options you can control the overall ability of users and roles to view, insert, modify and remove data. The types of permissions that you can assign are summarized in Table XXX. Row permissions include view, modify and remove. Table permissions include view, modify, remove and insert.

Permission	Meaning for Table Level	Meaning for Row Level
Insert	Permits inserting of rows into tables.	N/A
View	Allows or denies viewing of rows within tables.	Permits viewing data within rows.
Modify	Permits the modification of rows within a table.	Permits the modification of data within rows.
Remove	Permits rows to be removed from a table.	Permits the modification of data within rows.

Table 41.1. eLab database permissions.

Each of these permissions can be assigned at the user level or the role level. For most installations the ability to set table level permissions for a role will be sufficient. This would allow certain types of data to be restricted to users from particular roles. For example, access to the ability to create a new user could be limited to members of the administrator role. To allow this type of permission you would ensure the role-level sub-node of the table-level node is selected.

Using the options of the Permissions for new data node you can set the types of permissions that can be assigned to new data. The user-level option allows you to set permission for data created by particular users. The role-level option allows you to set permission for data created by users that belong to a particular role.

Any time you work with permissions, you should keep the following in mind:

A user, or at least one of the roles of the user, needs to be granted row or table level access to data to have permission to access that data.
Denying access to data at row or table level for a user, or any roles that user belongs to, denies permission to the data.

By default eLab maintains records of all requests to access data and archives all changes made to data. The options of the Archive data node determine how access and changes are recorded. The following options are available:

Database calls. Maintains a record of all requests for data or changes to data.
Viewed data. Maintains a record of the exact data that is viewed by users.
Modified data. Keeps a copy of the original data and retains it in the system.
Removed data. Hides the data being removed from the user but retains it in the system.

Note: Although a user or role may have permission to modify or remove data, if the modified data and removed data option are selected a copy of the original data will remain in the system.

The Database calls and Viewed data options can consume significant system resources. If you do not require the ability to track the data that user’s access or modify then turning of f one or both of these options can free resources and increase the resources available for storing results and sample data.

A hash is a reproducible method of creating a small digital ‘finger print’ that is effectively unique to the data that is hashed. eLab creates hashes based on all the fields of data from each row.

The options of the Hash data node are used to determine when hashes should be created:

Inserted data. A hash is created when new data is inserted.
Modified data. The hash is updated when data is updated.
Removed data. The hash is updated when data is removed.

The database integrity check (see Checking Database Integrity) uses these hashes to determine if any unauthorized attempts to manipulate data have occurred. Therefore not creating hashes will affect the ability to check for unauthorized modifications.

It is important to note that although the options of this setting are critical to the performance of eLab the choices that you make at installation time are not locked into the system. Once the system is installed you can modify these settings through the Maintenance Wizard (see Database Settings). You can also modify the actual role and user permissions through the Role wizard (see Editing a Role) and the User wizard (see Editing a User or Contact).