search

ouhft / COPE

Project Repository for Work Package 4 of the COPE Transplant Trial
https://cope.nds.ox.ac.uk
1 stars 0 forks source link

Retract access to non essential staff #340

Closed ij-cope closed 5 years ago

ij-cope commented 5 years ago

Hi @marshalc, @ldaviesnds, and @bolandt76

in preparation of Carl signing over, it would be important for the sake of data integrity etc to revoke access of non essential staff to the database if not already done so.

Carl, Lucy, Tim, what are your thoughts on this?

bolandt76 commented 5 years ago

@ij-cope Good point, sounds reasonable to me. Just need to make sure we clarify who the essential staff are.

marshalc commented 5 years ago

Yes, so much so that I listed this as an issue in June 2017 as #299. Given that management of user access was delegated down to the admin users and not just with me I had hoped that someone who was familiar with all the users was actually managing their access.

ij-cope commented 5 years ago

Essential staff - now that data collection is over would be, according to my view

Tim, thanks to schedule this for our next call.

Once my account is up and running again, if Carl could assign me admin right, I could tackle access management

Thanks

marshalc commented 5 years ago

Have (re)emailed password to Ina for her new account.

Staff management can be done via https://cope.nds.ox.ac.uk/en-gb/wp4/staff/

marshalc commented 5 years ago

After further consideration, removing staff access should be done by marking their account inactive. Another option would be to reset their password and thus lock the user out of their account. We don't want to remove their roles as this may break data linkages for analysis.

At present, the function to inactivate accounts is presently only available to myself, however I will see if this can be added to the Staff Management screen for the upcoming update.

marshalc commented 5 years ago

Added the Active flag to the Staff app, and a link to the change password form, as these are trivial changes. Adding an admin only link to the "force password change" isn't trivial though, so will park that idea for now as superfluous.

Upon release of this build (0.9.3) you admins will be able to deactivate user accounts which will stop them from logging in, but not disturb the data links.

marshalc commented 5 years ago

@ij-cope @bolandt76 - Staff Deactivation is now live with the 0.9.3 release. To disable a user account for someone who no longer needs access, visit Staff Admin - https://cope.nds.ox.ac.uk/en-gb/wp4/staff/ - and then edit the user; deselect the "Is Active" checkbox, and then save. That user will then be unable to log into the system until their account is reactivated.

I'll leave you to close this issue once you've updated all the relevant user records.

ij-cope commented 5 years ago

As discussed at WP4 call on 02/05/2019 all users except the ones below have been disabled

Essential users that need to keep access for now: