If you installed the GUS Schema in the previous step, you must now address the issues in this section. If you only installed the Application Framework, you may skip this section.
The GUS Application Framework includes support for using basic
access permissions with a unix-based model of users, groups, and
"others" and through the use of "projects". These permissions are not
meant as a robust solution to data security, and are easily
circumvented though use of direct database access (i.e.
psql) or local modifications of the
GUS Application Framework. As such, it is highly recommended that you
carefully evaluate and implement a database-level privileges system
that makes sense to your configuration. Groups that need the highest
levels of security, such as HIPAA compliance, should consider using
Oracle with the Virtual Private Database option and/or other
As an example, the Computational Biology and Informatics
Laboratory (CBIL) uses a privilege system that is based on two roles,
a read-only role,
GUS_R, and a write
GUS_R has been granted the
select privilege on all tables and
views in GUS, and
GUS_W has been
update, insert, delete
privileges on all tables and views and
select on all sequences in GUS.
Individual databases users are then granted the
GUS_R role and, as appropriate, the
GUS_W role. For finer control, this
model may be extended to individual schemata or sets of tables.
For auditing purposes, the GUS system requires that the Application Framework and individual plugins be registered within the GUS Schema. To register the Application Framework in the GUS Schema, use the following command:
$ ga +meta --commit
It is only necessary to run this command once. Upon successfully running the command, you will see a stream of XML displayed on your screen.
Plugins will need to be registered in a similar fashion prior to use. For more information on registering plugins, please refer to the GUS User's Guide.
You may have noticed the
project options specified in the
gus.config file above. These values
are used for auditing changes to the database on an individual row
level, as well as part of the permissions system built into the GUS
Application Framework. Your instance of GUS should now be configured
with the standard "DBA" entries. You may at this point wish to create
more specific users, groups, and projects so that further work with
GUS will be properly tracked.
For more information on creating users, groups, and projects within GUS, please refer to the GUS User's Guide.