Security
TMS enables data access to be controlled in multiple dimensions. First, database roles control what kind of activity each user is allowed to complete, such as classification, item definitions, item approval. Then, after a user has role assignments, your organization can choose to further specify the domains and/or dictionaries in which this user can perform these activities by assigning certain predefined Data Access Groups (DAGs) to that user. Database roles are created during installation; DAGs are defined in the UI.
This section includes:
Parent topic: Administration
Predefined Roles
This section illustrates the predefined roles, with the functions permitted and the menu option associated with each role.
In addition, you can see the grants that are predefined for each of these roles by logging into SQL*Plus as SYSTEM and entering the following:
select * from dba_tab_privs where grantee='TMS_ROLE';-
opa_admin: This role grants access to the Security menu, which contains Define Users, Define Security Columns, and Maintain DAGS windows, as well as the DAG and Setting Inconsistencies report and the Create/Drop EXT_Value Indexes job. The three windows allow you to create new users, define their privileges, and migrate user information from an Oracle Clinical database. The DAG and Setting Inconsistencies report displays inconsistencies between users' data access via DAG and their profile settings. The Create/Drop EXT_Value Indexes job creates or drops indexes on external value columns for performance.
-
rxclin_read: All users are granted this role by default, which gives them access to items under the Repository menu. Thus, all users can browse repository data, VT classification data, and Informative Note data; and all users can run the Date Comparison Report, Dictionary Comparison Report, and Dictionary Export Report.
-
tms_access: All users are granted this role automatically. This role enables you to view the TMS menu and the Favorites menu.
-
tms_allocate_priv: This role gives users access to the windows under the Task Allocation menu. In these windows, users can set up task allocation and allocate tasks—approving VTAs, approving Action assignments, and classifying omissions—to other users.
Note:
Users with this privilege can allocate/reallocate/deallocate any task in any domain/dictionary, regardless of their own DAG assignments. However, they can only allocate tasks to users whose DAG assignments and database roles give them access to the data required to perform the task.
Note:
Users with TMS_CLASSIFY_PRIV and TMS_APPROVE_PRIV have access to the Task Allocation by Term window, where they can deallocate terms assigned to themselves, and, depending on the value of the reference codelist setting DEALLOCONLY, reallocate those tasks to other users.
-
tms_approve_priv: This role gives users access to the Approve VTAs and Approve Action Assignments window under Omission Management. In this window, users can approve and unapprove VTAs, and create workflow Informative Notes for the VTA approval process.
-
tms_classify_priv: This role gives users access to all the items under Omission Management and also the Task Allocation By Term window under Task Allocation. However, users who do not also have tms_approve_priv cannot approve VTAs or Action assignments. Users with tms_classify_priv can classify verbatim terms, apply actions to omissions, and run the VTA Creation Report and VT Domain Differences Report.
-
tms_define_priv: This role give users access to all items under Definition. Users with tms_define_priv can define dictionaries, domains, external systems, Global Actions, search objects, TMS settings, named relations, and Informative Note Attributes. Users can also run synchronization, refresh the context server index, analyze tables, create and refresh source terms views, and force rederivation from DSI.
-
tms_dictupg_priv: This role gives users access to every item under Dictionary Upgrade where you can view and manipulate verbatim terms and their relations in the predictionary tables before Activation.
-
tms_dsi_priv: This role gives users access to the menu item DSI Maintenance including the Maintain DSI Files window and several jobs related to data exchange between TMS and disconnected systems.
-
tms_integrate_priv: This role gives users access to special integration features in the API, but does not unlock any menus or windows in the application.
-
tms_maintain_priv: This role gives users access to all items under the Repository Maintenance and Translation Reports menus. Repository Maintenance tasks include: creating and maintaining and deleting terms, relations, and Informative Notes; maintaining dictionary loading error logs; running the Preliminary Repository Report, and running Activation.
There are three reports under the Translation Reports menu: Inconsistent Dictionary Codes, Duplicate Dictionary Codes, and Inconsistent Dictionary Relations.
-
tms_reclassify_priv: This role give users access to all items under VTA Maintenance. Users with this role can promote or demote VTAs, maintain actions, reclassify and declassify verbatim terms, perform high-level reclassification, copy domains, maintain domain copying error logs, and run the Nonapproved VTs Report, Classification to a New Domain Report, and the VT Modifications Report.
-
tms_research_priv: This role enables Oracle Clinical and Oracle AERS users that do not have any other TMS privileges to use the TMS Repository (read-only) data. You may want to grant this role to users who require access to source data but do not need access to any TMS data entry windows.
Parent topic: Security
Enrolling an Administrator
In a new installation, you must use a script to create one user with the OPA_ADMIN role. That administrator can then use the Define Users window to create user accounts for all the other users in this database; see Defining Users for instructions.
Note:
If you are upgrading to TMS Release 5.2.3 from Release 4.5.2 you may need to use this script as well.
To create a new account for a TMS administrator:
Parent topic: Security