In order for a user to be able to create new E-log entries the E-log administrator must have previously added information about the user in the E-log Oracle schema. After the administrator has done this the user becomes an "authorized E-log user" and his/her name can be added to the list of authorized E-log users that may be accessed from the E-log login web page.
Before proceeding with adding information for a prospective new authorized E-log user to the E-log Oracle schema the E-log administrator must verify that the user has a SCCS Unix account. This is due to the need to enter the user's Unix account name into the Oracle E-log schema as well as his/her first and last name. The user's Unix account name in the Oracle E-log schema is used in the E-log login username/password authentication process required previously in a user's browser session before a user can create an E-log entry.
Note - There are two exceptions - physics and fphysics accounts.
To verify that a prospective new authorized E-log user has a SCCS Unix account and determine the account name the E-log administrator may enter a Unix command of the following form:
where "search_string" is typically all or part of the user's first or last name. If the output of the command includes a line containing the user's first and last name then the user has a SCCS Unix account and the account name is the first field in the line. If the output of the command does not include a line containing the user's first and last name then the administrator must contact the user and request that he/she contact SCCS to request the creation of a Unix account. In this case the user must contact the administrator after the Unix account has been created so that the administrator can proceed with the process of making the user an authorized E-log user.
After determining the user's Unix account name the administrator needs to determine whether the user will need to make entries into one of the restricted logbooks. E-log entries in a restricted logbook can only be made by restricted number of users authorized to make entries into the logbook. There are currently three restricted logbooks:
There have been no cases where a user needs access to more than one restricted logbook. If a user requests to be able to make E-log entries into a restricted logbook, there are one or more "gatekeepers" for each restricted logbook that the E-log administrator may contact to verify whether the user should be granted privilege to make entries into the logbook:
Most authorized E-log users are not allowed to make entries into a restricted logbook. However, new Controls Software employees are given privilege to make entries into the MCC logbook. Requests for other users to be given access to the MCC logbook typically come from the MCC logbook gatekeepers: Mike Staneck and Peter Schuh. All requests for new users to be granted permission to make entries into SPEAR3 or SSRL-BLDO have come from the respective restricted logbook gatekeepers.
After the new E-log authorized user's information has been obtained (Unix account name, first name, and last name) and their possible need to make an entry into a restricted logbook has been determined, the follow procedure may be followed by the E-log administrator to create a new authorized E-log user:
where "user_last_name" is the last name of the prospective new authorized E-log user. The result should be "no rows selected" or other users with the same last name of the prospective new authorized
E-log user. This step is done to verify that the prospective new authorized E-log user is not already in the list of authorized E-log users.
9. select * from elog_users order by user_id;
10. Note the last user_id number displayed. In this procedure what is referred to the "next user_id number" is one more than the last user_id number displayed. For example, if the last user_id number displayed
was 1391, the "next user_id number" would be 1392.
11. Determine the name of the SQL file to be edited (under /nfs/slac/g/archiver/operations_elog_admin directory), in order to add the new authorized E-log user:
12. Edit the appropriate SQL file by performing the following steps:
Replace ALL occurences of the exiting user_id number in this file by the previously determined next user_id number. For example, if the first line of the file was:insert into elog_users values (1391, 'abc', 'John', 'Smith', null, null);
The existing user_id number is the first number in this line (e.g., 1391). To replace ALL occurences of the exiting user_id number 1391 by the next user_id number 1392 using the VI editor, one could
enter the command "%s/1391/1392/g".
Edit the first line of the file by replacing the next three fields by the new authorized user's Unix account name, first name, and last name. For example, if the next user_id number is 1392, the user's Unix
account name is "jdoe", and the user's name is "Jane Doe" the new edited first line would be:
insert into elog_users values (1392, 'jdoe', 'Jane', 'Doe', null, null);
Exit the editor while writing the edited changes.
13. sqlplus /@MCCO
14. Invoke the previously edited SQL file to insert a new row into the Oracle E-log elog_users table and many new rows into the logbook_users table.
For example, if the edited file was insert_new_elog_user.sql:
@insert_new_elog_user
15. exit
16. cd /afs/slac/g/cd/soft/html/elog/users
17. Edit elog_authorized_users.html (whose information can be accessed from the E-log login web page) to add the new authorized E-log user. There are four sections in this file with each section containing
HTML list entries of user names in alphabetical order (lastname first). The four sections are:
MCC logbook authorized users
SPEAR3 logbook authorized users
SSRL-BLDO logbook authorized users
General authorized users
If a user was given privilege to make entries in a restricted logbook, add an entry to the associated restricted logbook section. In any case, also add an entry in the general authorized users section.
Send email to the user notifying him/her that he/she has been added to the list of authorized E-log users.
To add E-Log users, do the following in your a local workspace (no admin privileges required): $ git clone /afs/slac/g/cd/swe/git/repos/slac/elog/elog_admintools.git $ cd elog_admintools $ source $TOOLS/python/go_python2.7.13.bash $ ./add_elog_user.py -h usage: add_elog_user [-h] [--firstname name [name ...]] [--lastname name [name ...]] [--restrictedaccess [logbook1,...]] username Adds an Operations E-Log user to the database and allows write access to the specified logbooks positional arguments: username The Unix username of the person to be added to the Operations E-Log authorized user list optional arguments: -h, --help show this help message and exit --firstname name [name ...] The first name of the user to be added to the Operations E-log authorized user list --lastname name [name ...] The last name of the user to be added to the Operations E-log authorized user list --restrictedaccess [logbook1,...] Comma-separated list of restricted logbooks to provide access to. Current restricted logbooks: MCC, SPEAR3, SSRL-BLDO (Default: No restricted logbook access) |