From 0a9d037ed542a64f25bac6a61f3f14d351119e29 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Thu, 28 Mar 2024 12:52:05 +0000 Subject: [PATCH] Update system admin description --- docs/source/roles/system_manager/manage_users.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/roles/system_manager/manage_users.md b/docs/source/roles/system_manager/manage_users.md index 20fb8f12fa..e1c461c625 100644 --- a/docs/source/roles/system_manager/manage_users.md +++ b/docs/source/roles/system_manager/manage_users.md @@ -17,11 +17,11 @@ A helper script for doing this is already uploaded to the domain controller - yo ### {{lock}} SRE Security Groups -Each user should be assigned to one or more Active Directory "security groups". The key difference between these groups is the level of privilege they have when manipulating databases within the SRE. +Each user should be assigned to one or more Active Directory "security groups". - `SG Research Users`: Almost all researchers should be in this group. No special permissions. Allows users to log in to ``. - `SG Data Administrators`: Researchers who can create/modify/delete tables in the `data` schema on databases within ``. `SG Research Users` can only read these tables. Restricting this access prevents most users from creating/deleting arbitrary tables, which is important because some SREs have their input data in database form. -- `SG System Administrators`: Researchers who have full superuser privileges on databases within ``. Users in this group have full access to the databases and can manipulate them in any way they choose. +- `SG System Administrators`: Researchers who have full superuser privileges on databases within ``. Users in this group have full access to the databases and can manipulate them in any way they choose. System Administrators also have administration privileges on the [Guacamole Remote Desktop](https://guacamole.apache.org/doc/gug/administration.html). Typically, users with either of the latter two roles should also have the `Research Users` role to allow them to log in to the SRDs within the SRE.