Adding a New E-log User

In order for a user to be able to create new E-log entries the E-log administrator must have previously added information about the user in the E-log Oracle schema. After the administrator has done this the user becomes an "authorized E-log user" and his/her name can be added to the list of authorized E-log users that may be accessed from the E-log login web page.

Before proceeding with adding information for a prospective new authorized E-log user to the E-log Oracle schema the E-log administrator must verify that the user has a SCCS Unix account. This is due to the need to enter the user's Unix account name into the Oracle E-log schema as well as his/her first and last name. The user's Unix account name in the Oracle E-log schema is used in the E-log login username/password authentication process required previously in a user's browser session before a user can create an E-log entry.

Note - There are two exceptions - physics and fphysics accounts.

To verify that a prospective new authorized E-log user has a SCCS Unix account and determine the account name the E-log administrator may enter a Unix command of the following form:

where "search_string" is typically all or part of the user's first or last name. If the output of the command includes a line containing the user's first and last name then the user has a SCCS Unix account and the account name is the first field in the line. If the output of the command does not include a line containing the user's first and last name then the administrator must contact the user and request that he/she contact SCCS to request the creation of a Unix account. In this case the user must contact the administrator after the Unix account has been created so that the administrator can proceed with the process of making the user an authorized E-log user.

After determining the user's Unix account name the administrator needs to determine whether the user will need to make entries into one of the restricted logbooks. E-log entries in a restricted logbook can only be made by restricted number of users authorized to make entries into the logbook. There are currently three restricted logbooks:

  1. MCC
  2. SPEAR3
  3. SSRL-BLDO

 

There have been no cases where a user needs access to more than one restricted logbook. If a user requests to be able to make E-log entries into a restricted logbook, there are one or more "gatekeepers" for each restricted logbook that the E-log administrator may contact to verify whether the user should be granted privilege to make entries into the logbook:

  1. MCC - Mike Stanek or Peter Schuh
  2. SPEAR3 - Ed Guerra
  3. SSRL-BLDO - Bart Johnson

Most authorized E-log users are not allowed to make entries into a restricted logbook. However, new Controls Software employees are given privilege to make entries into the MCC logbook. Requests for other users to be given access to the MCC logbook typically come from the MCC logbook gatekeepers: Mike Staneck and Peter Schuh. All requests for new users to be granted permission to make entries into SPEAR3 or SSRL-BLDO have come from the respective restricted logbook gatekeepers.

After the new E-log authorized user's information has been obtained (Unix account name, first name, and last name) and their possible need to make an entry into a restricted logbook has been determined, the follow procedure may be followed by the E-log administrator to create a new authorized E-log user:

  1. Logon to an AFS access machine such a lcls-dev2 using the "laci" account.
  2. cd /nfs/slac/g/archiver/operations_elog_admin
  3. bash
  4. export ORACLE_HOME=/afs/slac/g/lcls/package/oracle/product/11.1.0.6/client
  5. export PATH=$ORACLE_HOME/bin:$PATH
  6. export TNS_ADMIN=/afs/slac/g/lcls/tools/oracle/wallets/elog_owner
  7. sqlplus /@MCCO
  8. select * from elog_users where lastname = 'user_last_name';

           where "user_last_name" is the last name of the prospective new authorized E-log user. The result should be "no rows selected" or other users with the same last name of the prospective new authorized

          E-log user. This step is done to verify that the prospective new authorized E-log user is not already in the list of authorized E-log users.

     9. select * from elog_users order by user_id;

   10.  Note the last user_id number displayed. In this procedure what is referred to the "next user_id number" is one more than the last user_id number displayed. For example, if the last user_id number displayed

          was 1391, the "next user_id number" would be 1392.

   11. Determine the name of the SQL file to be edited (under /nfs/slac/g/archiver/operations_elog_admin  directory), in order to add the new authorized E-log user:

  12.  Edit the appropriate SQL file by performing the following steps:

          Replace ALL occurences of the exiting user_id number in this file by the previously determined next user_id number. For example, if the first line of the file was:

insert into elog_users values (1391, 'abc', 'John', 'Smith', null, null);

          The existing user_id number is the first number in this line (e.g., 1391). To replace ALL occurences of the exiting user_id number 1391 by the next user_id number 1392 using the VI editor, one could

           enter   the command "%s/1391/1392/g".

           Edit the first line of the file by replacing the next three fields by the new authorized user's Unix account name, first name, and last name. For example, if the next user_id number is 1392, the user's Unix

           account name is "jdoe", and the user's name is "Jane Doe" the new edited first line would be:

 insert into elog_users values (1392, 'jdoe', 'Jane', 'Doe', null, null);

           Exit the editor while writing the edited changes.

  13. sqlplus /@MCCO

  14. Invoke the previously edited SQL file to insert a new row into the Oracle E-log elog_users table and many new rows into the logbook_users table.

         For example, if the edited file was insert_new_elog_user.sql:

         @insert_new_elog_user

  15. exit

  16. cd /afs/slac/g/cd/soft/html/elog/users

  17. Edit elog_authorized_users.html (whose information can be accessed from the E-log login web page) to add the new authorized E-log user. There are four sections in this file with each section containing

        HTML list entries of user names in alphabetical order (lastname first). The four sections are:

    MCC logbook authorized users

    SPEAR3 logbook authorized users

    SSRL-BLDO logbook authorized users

    General authorized users

        If a user was given privilege to make entries in a restricted logbook, add an entry to the associated restricted logbook section. In any case, also add an entry in the general authorized users section.

        Send email to the user notifying him/her that he/she has been added to the list of authorized E-log users.