User Administration
The vast majority of people who would like to use OME -- OME experimenters -- intend to access it only via the html server or a java client. Every time experimenters connect to OME they must authenticate themselves with a user-name and password. This allows OME to store experimenter-specific settings. Access to data is restricted by its user and group ownership. See the access control documentation here.
Managing Regular Users
OME experimenter accounts and shell accounts on the OMEDS and OMEIS server(s) are
disjoint. In fact, most experimenters don't need server shell accounts. Their intentions
are translated from mouse clicks on the web-UI to SQL commands against OME's Postgres
database using apache's Postgres account (usually www
).
An OME unix admin user for OME (see next section) can add users by executing on the OME server:
ome admin users add
Username? []: wmacur1 First Name? []: Wiktor Last Name? []: Macura Email Address? []: wmacur1@umbc.edu Data Directory? []: /Users/tmacur1 Group ID? []: 3 Password? Verify: Confirm New User's Properties: Username: wmacur1 First Name: Wiktor Last Name: Macura Email Address: wmacur1@umbc.edu Data Directory: /Users/tmacur1 Group ID: 3 Are these values correct ? [y/n]: y Created user #4.
For situations where you would like a list of existing users:
ome admin users list
ID GID Username Name Email Data Directory --- --- -------- -------------------- -------------------- -------------------- 1 3 tmacur1 Tomasz Macura tmacur1@lappy-toppy. /Users/igg 4 3 wmacur1 Wiktor Macura wmacur1@umbc.edu /Users/tmacur1
To change an existing user's attributes do:
ome admin users edit
Username? [nemo]: tmacur1 First Name? [Tomasz]: Last Name? [Macura]: Email Address? [tmacura@nih.gov]: Data Directory? [/Images]: /Users/tmacur1 Group ID? [3]: Confirm User's New Properties: Username: tmacur1 First Name: Tomasz Last Name: Macura Email Address: tmacura@nih.gov Data Directory: /Users/tmacur1 Group ID: 3 Are these values correct ? [y/n]: y
Administrative Users
Users who would like to run OME command-line scripts such as ome
need server shell accounts. OME command-line scripts access OME's Postgres database by
logging in as the user that executed them. Therefore OME admins also need a Postgress
account. Otherwise, they get adverse responses such as:
sudo ome admin users add
DBI->connect(dbname=ome) failed: FATAL 1: user "root" does not exist at ...
An OME admin account for the user who is installing OME is by default created automatically by the installer.
The OME Super User
Since access to data in the database is restricted by user and group ownership (see documentation here), a special OME user must be designated as the OME super-user. This super-user has no access control and can access any object in the database. The identity of this OME user is the experimenter set up by the installer during initial installation or update. There is presently no user interface to change this setting, but it can be set manually in the database by setting the value of the 'super_user' configuration variable to the experimenter ID of the new super-user:
psql ome ome=# update configuration set value="4" where name="super_user";
This will update the OME super user to "Wiktor Macura" (using the listing of ome admin users list
above as an example).