Skip to content
ecerami edited this page May 26, 2015 · 14 revisions

User Authorization

This step is only required if you intend on running an instance of the portal that supports user authorization.

Two tables need to be populate in order to support user authorization.

Table: users

This table contains all the users that have authorized access to the instance of the portal. The table requires a user email address, name, and integer flag indicating if the account is enabled.

mysql> describe users;
+---------+--------------+------+-----+---------+-------+
| Field   | Type         | Null | Key | Default | Extra |
+---------+--------------+------+-----+---------+-------+
| EMAIL   | varchar(128) | NO   | PRI | NULL    |       |
| NAME    | varchar(255) | NO   |     | NULL    |       |
| ENABLED | tinyint(1)   | NO   |     | NULL    |       |
+---------+--------------+------+-----+---------+-------+
3 rows in set (0.00 sec)

An example entry would be:

mysql> select * from users where email = "john.smith@gmail.com";
+--------------------------+----------------+---------+
| EMAIL                    | NAME           | ENABLED |
+--------------------------+----------------+---------+
| john.smith@gmail.com     | John Smith     |       1 | 
+--------------------------+----------------+---------+
1 row in set (0.00 sec)

Note, if the ENABLED value is set to 0, the user will not be able to login to the portal.

Table: Authorities

This table contains the access rights that each user known to the portal owns. The table requires a user email address and an authority granted to the user.

mysql> describe authorities;
+-----------+--------------+------+-----+---------+-------+
| Field     | Type         | Null | Key | Default | Extra |
+-----------+--------------+------+-----+---------+-------+
| EMAIL     | varchar(128) | NO   |     | NULL    |       | 
| AUTHORITY | varchar(50)  | NO   |     | NULL    |       | 
+-----------+--------------+------+-----+---------+-------+
2 rows in set (0.00 sec)

Some example entries would be:

mysql> select * from authorities where email = "john.smith@gmail.com";
+--------------------------+---------------------------+
| EMAIL                    | AUTHORITY                 |
+--------------------------+---------------------------+
| john.smith@gmail.com     | cbioportal:CANCER_STUDY_1 | 
| john.smith@gmail.com     | cbioportal:CANCER_STUDY_2 | 
| john.smith@gmail.com     | cbioportal:CANCER_STUDY_3 | 
+--------------------------+---------------------------+
5 rows in set (0.00 sec)

The value in the EMAIL column should be the same email address contained in the USER table. The value in the AUTHORITY column is made of two parts. The first part is the name of the portal instance that the right applies. This name should also match the app.name property found in the portal.properties file. Following a colon delimiter, the second part is the cancer_study_identifier of the cancer study this user has rights to access. The cancer_study_identifier entered in this column should be entered in capital letters. If the user has rights to all available cancer studies, a single entry with the keyword "ALL" is sufficient:

mysql> select * from authorities where email = "john.smith@gmail.com";
+--------------------------+---------------------------+
| EMAIL                    | AUTHORITY                 |
+--------------------------+---------------------------+
| john.smith@gmail.com     | cbioportal:ALL            |  
+--------------------------+---------------------------+
1 rows in set (0.00 sec)