Using Data Access Groups (DAGs) for Security

In TMS, database roles dictate which windows in the user interface a user can access. For users assigned to one or more Data Access Groups, their DAG assignments dictate the data they see in TMS windows and whether or not they can operate on TMS data in specific dictionaries and/or domains.

When you define a DAG:

• You can specify whether users in the group can make changes or only read data.

• You can specify whether users in the group can see data that originated in one or more specific external systems, and from a particular project or study, for example.

• You can specify whether users in the group can see data that originated in one or more specific databases.

• You can specify whether a user can see only his or her own task assignments and/or those of which specific other users.

You define DAGs in the Maintain DAGs window and then assign users to the group either in the User Assignments tab of the Maintain DAGs window or as you create user accounts. A single user can be assigned to multiple DAGs. The user then has access to the sum of data allowed by all his or her DAG assignments. Alternatively, a user can be designated as a Superuser. Superusers can see all data and cannot be assigned to any DAGs.

The OPA_ADMIN database role is required to access the Maintain DAGs window.

This section includes:

• Defining Security Columns
  
• Creating a DAG
  
• Setting DAG Rules
  
• Assigning Users to DAGs
  
• DAG and Settings Inconsistencies Report
  
• Creating and Dropping External System Value Indexes
  

Defining Security Columns

Before you define any DAGs, you must specify which TMS table columns—each of which stores a particular type of data—are available to include in DAGS; if a column is available to DAGs, a particular DAG can limit the data its users can see to one or more values stored in that column in TMS. If the column is not available to DAGs, data for all its values is always viewable to users with normal security access.

The columns available for use in DAG security are:

• DEF_ DICTIONARY_ID. This column contains the IDs of dictionaries defined in TMS. If you make this column available for use in DAGs, you can allow users assigned to DAGs to see data associated with only one or a few dictionaries.

• DEF_DOMAIN_ID. This column contains the IDs of domains defined in TMS. If you make this column available for use in DAGs, you can allow users assigned to DAGs to see data associated with only one or a few domains.

• DEF_INSTANCE_ID. This column contains the IDs of your TMS databases. If you make this column available for use in DAGs, you can allow users assigned to DAGs to see data collected on only one or a few databases.

• DEF_INTEGRATION_KEY. If you have integrated one or more external source data systems with TMS, this column holds the name of the system(s). If you make this column available for use in DAGs, you can allow users assigned to DAGs to see data associated with only one or a few external systems.

• EXT_VALUE_1. This column holds external system data associated with a term and stored in the EXT_VALUE_1 column in the tables TMS_SOURCE_TERMS and TMS_VT_OMISSIONS. For external systems other than Oracle Clinical, you specify the data stored in this column; see Setting Up External System Columns and Details. For Oracle Clinical, this column stores the name of the Project associated with a source term. If you make this column available for use in DAGs, you can allow users assigned to DAGs to see data associated with only one or a few Oracle Clinical projects, for example.

• EXT_VALUE_2. This column holds external system data associated with a term and stored in the EXT_VALUE_2 column in the tables TMS_SOURCE_TERMS and TMS_VT_OMISSIONS. For external systems other than Oracle Clinical, you specify the data stored in this column; see Setting Up External System Columns and Details. For Oracle Clinical, this column stores the name of the Study associated with a source term. If you make this column available for use in DAGs, you can allow users assigned to DAGs to see data associated with only one or a few Oracle Clinical studies, for example.

• ASSIGNED. This column holds the user name of the person to whom a term is assigned as a task allocation because the term requires work: approving a VTA, approving an Action assignment, or classifying an omission. If you make this column available for use in DAGs, you can allow users assigned to DAGs to see terms assigned only to themselves (LOGIN_USER) or to specific other users.

To make columns available for use in DAGs, do the following:

1. In the Security menu, select Define Security Columns. The Define Security Columns window opens, displaying each column in a different row.
2. For each column, select a value for the following fields:

   • Used?. If set to Yes, you can define DAGs to control whether users can see the corresponding field in TMS windows. If set to No, DAGs cannot control whether users see the field. The field is visible or enterable to anyone with access to the window.

     Note:

     You can change the Used? setting from No to Yes at any time. After a column is included in a DAG definition you can no longer change the setting from Yes to No.

   • Create Index?. You can set this flag to Yes only for the EXT_VALUE columns. If set to Yes, when you run the Create/Drop EXT_VALUE Indexes job (under the Security menu) TMS creates an index on the values in this column to speed performance when these values are used in the context of security. If set to No, TMS drops the index when you run the same job.

3. Save. TMS enters values in the Creation Time and Created By fields. If you modify the settings for any column, TMS enters values in the Modification Time and Modified By columns.

Creating a DAG

The process of defining a Data Access Group includes three parts: creating the DAG, specifying the DAG rules, and assigning users to the DAG. There are three tabs in the Maintain DAGs window, one for each task.

To create a DAG:

1. In the Security menu, select Maintain DAGs. The DAGs tab is displayed.
2. On the DAGs tab, enter a Name and a Short Name for the DAG.
3. Select an option for the Modify Flag? option. If you want users assigned to this DAG to be able to modify data in the windows to which they have DAG access, select Yes. If not, select No.
4. Enter a Status of Provisional. You can set it to Active any time after the definition is completed, including defining the DAG rules. You can add users to a DAG whose status is either Provisional or Active. Only active DAGs are used to enforce data security.
5. Save. Click the DAG Rules tab and select settings as described below.

Setting DAG Rules

This section includes:

• About DAG Rules
  
• Defining DAG Rules
  
• Rules for External System Data
  
• Rules for Task Allocation
  

About DAG Rules

In the DAG Rules tab you specify the data that users assigned to the DAG can view. For one or more of the columns you selected in the Define Security Columns window, you can specify values to determine which data users in this group can see. For example, you can specify a particular dictionary or set of dictionaries. Users assigned to the DAG can then see data related to only those dictionaries (or other dictionaries to which they have access through another DAG).

You can also specify the type of operations that a user can perform in a dictionary or domain by requiring a DAG role for a particular dictionary or domain, and then specifying the role assigned to users in the DAG; see Example 3-1.

DAG Roles: You can use DAG roles for the dictionary and domain columns to determine which operations users with normal security access to various TMS windows can perform there on which dictionary and/or domain data. The DAG roles are:

• TMS_CLASSIFY allows users assigned to the DAG to perform classification operations in the Classify VT Omissions window in a particular dictionary and/or domain, if they also have the database role TMS_CLASSIFY_PRIV.

• TMS_APPROVE allows users assigned to the DAG to perform approval operations in the Approve VTAs window in a particular dictionary and/or domain, if they also have the database role TMS_APPROVE_PRIV.

• TMS_MAINTAIN allows users to perform all operations in all windows in the Repository Maintenance and Translation Reports menus in a particular dictionary and/or domain, if they also have the database role TMS_MAINTAIN_PRIV.

• TMS_DUPG allows users to perform all operations in all windows in the Dictionary Upgrade menu in a particular dictionary and/or domain, if they also have the database role TMS_DICTUPG_PRIV.

• TMS_RECLASSIFY allows users assigned to the DAG to perform reclassification operations in the Reclassify Verbatim Terms window and in the High-Level Reclassifications window in a particular dictionary and/or domain, if they also have the database role TMS_RECLASSIFY_PRIV.

Example 3-1 DAG Example 1

Data Access Group 12345 has the following DAG rule defined for the dictionary column (DEF_DICTIONARY_ID), for which a DAG Role is required:

• For the value MedDRA, the DAG roles specified are TMS_CLASSIFY and TMS_APPROVE.

• For the value WHO-Drug, only the DAG role TMS_CLASSIFY is specified.

If you assign a user who has all TMS database roles assigned to this DAG, the user can perform Classify and Approve activities on MedDRA. However, on WHO-Drug, the user can only perform Classify activities, and not, for example, Approve activities.

Example 3-2 DAG Example 2

User A belongs to only one DAG, and that DAG specifies MedDRA as the only dictionary he can access. Therefore, in any windows he can open, he can view only MedDRA data. User A has two database roles: TMS_CLASSIFY_PRIV and TMS_APPROVE.

User A can do the following:

• Open Classify VT Omissions window (because he has the database role TMS_CLASSIFY_PRIV) and open the Approve VTAs window (because he has the database role TMS_APPROVE_PRIV).

• See data from MedDRA in both windows (because MedDRA is specified as a value for the DEF_DICTIONARY_ID column in his DAG).

• Classify verbatim terms to MedDRA terms ((because his DAG has Roles Required for the column DEF_DICITONARY_ID, MedDRA defined as a value for that column, and the DAG role TMS_CLASSIFY is specified for that value).

However, he cannot approve VTAs in the Approve VTAs window because his DAG has Roles Required for DEF_DICTIONARY_ID, MedDRA defined as a value for that column, and TMS_APPROVE is not specified as a DAG role for MedDRA.

Defining DAG Rules

After you have created a DAG, define rules for it:

1. In the Maintain DAGs window, DAGs tab, select the DAG for which you want to define rules.
2. Click the DAG Rules tab. TMS displays the DAG Rules tab with the DAG name and short name displayed at the top of the tab.
3. Click in the first empty row in the Columns section, Name field.
4. Click the ellipsis (…) to invoke the list of values. TMS displays a list of the columns you defined as available to DAGs; see Defining Security Columns.
5. For each column you select, specify the following:

   • Role Req'd?. TMS allows setting this flag to Yes only for the DEF_DICTIONARY_ID (dictionary) and DEF_DOMAIN_ID (domain) columns.

     If set to No, users assigned to this DAG can perform any transactions on the data they can see in the windows they can open.

     If set to Yes, users assigned to this DAG can perform only certain transactions (specified in the Roles section for each column value) on the data they can see (specified in the Values section) in the windows that they can open.

   • Values. In the Values section, specify every value that applies for the currently selected column in the Columns section. For most columns, no value appears in the External System field. Click in the Column Value field and select a value from the list of values. To specify more than one value, select one in the next row.

     The list of values for the Assigned column includes the predefined value [LOGIN_USER]. If you select this predefined value, the user currently logged in to TMS can see the tasks assigned to himself or herself.

     For information on the external system-related columns, see Rules for External System Data.

   • Roles. If you set Role Req'd? to Yes, you must specify at least one role for each column value. For example, if you specified Role Required for the DEF_DICTIONARY_ID column, and specified MedDRA as one of the values for the column, the Roles you specify for MedDRA determine what operations users in this user group will be able to perform on MedDRA terms. If you specify TMS_CLASSIFY, users with access to the Classify VT Omissions window will be able to classify verbatim terms to MedDRA terms. If you do not specify TMS_CLASSIFY, users with access to the window will be able to see MedDRA terms but will not be able to perform any classification operations on them.

6. Save. Repeat for each column you want to include in the DAG.

Rules for External System Data

To limit users' access to data from a particular external system, select the DEF_INTEGRATION_KEY as a column, then select the particular external system to which you want to allow access in the Column Value field.

To allow access to a particular level of information within an external system, use the EXT_VALUE_1 and EXT_VALUE_2 columns.

For Oracle Clinical, the EXT_VALUE_1 is predefined to hold project names and the EXT_VALUE_2 column is predefined to hold study names. For other external systems you define what data to store in these columns; see "Setting Up External System Columns and Details".

For example, if you specify Oracle Clinical as an external system value and then specify Project A as the only EXT_VALUE_1 value and Study A as the only EXT_VALUE_2 value, users assigned to this DAG can only view source terms that originated in Oracle Clinical Project A, Study A. They cannot view source terms from Project A, Study B, or source terms that originated in another external source data system.

To specify external system data to be accessible to users in this DAG, do the following:

1. In the Columns section, Name field, select EXT_VALUE_1 or EXT_VALUE_2 from the list of values.
2. With EXT_VALUE column selected in the Columns section, click the External System field in the Values section.
3. From the list of values, select the external system whose data you want users to be able to see.
4. Click the Column Value field and invoke the list of values. TMS displays the values stored in the EXT_VALUE_1 (or EXT_VALUE_2) column for the external system you selected. For example, if you selected Oracle Clinical as the external system, TMS displays Oracle Clinical project names.
5. From the list of values, select a column value.

Users in this DAG will be able to see data associated with the external systems and column values you specify, and they will not be able to see data associated with external systems and column values you did not specify. Repeat this procedure to allow access to additional values for the same external system, and to allow access to data from additional external systems.

Note:

If you use the EXT_VALUE_1 or _2 columns to specify access to data from a particular external system, you must also specify the external system itself as a value in the DEF_INTEGRATION_KEY column.

Note:

For best performance, each time you add or delete a value from one of the EXT_VALUE columns, run the Create/Drop EXT_VALUE Indexes job.

Rules for Task Allocation

If your company is using the Task Allocation feature and you want to restrict users' ability to allocate tasks in certain dictionaries or domains, or restrict user's ability to see other users' assigned tasks, you can use DAGs to enforce those restrictions.

TMS allows users with task allocation privileges to allocate tasks to any user who is available for tasks associated with a particular dictionary. However, if the allocator is assigned to one or more DAGs, he or she can allocate tasks to other users only for the dictionaries he or she (the allocator) has access to through a DAG. The task-receiving user must have access to the same dictionary through a DAG as well (or as a superuser).

Note:

The values of the Assigned column restrict the data that the user sees in Classify VT Omissions, Approve VTAs, Approve Action Assignments windows. They do not affect what the user sees in the Task Allocation windows. As long as the user has task allocation privilege, he can see all tasks (assigned to anyone) in the Task Allocation windows.

Example 3-3 DAG Definitions and Task Allocation

TMS user Ted has TMS_ALLOCATE_PRIV and is assigned to DAG 12345, which includes two dictionaries: MedDRA and WHO-Drug.

TMS user Alice is assigned to DAG 67890, which includes two dictionaries: MedDRA and CoStart.

Ted can assign Alice tasks related to MedDRA only; not WHO-Drug or CoStart.

Assigning Users to DAGs

You can assign users to a DAG either in the User Assignments tab of the Maintain DAGs window or in the Define Users window. In the Maintain DAGs window, you can add multiple users to a single DAG at the same time. In the Define Users window you can assign a single user to multiple DAGs at the same time. See Defining Users for more information.

To add users to a DAG in the Maintain DAGs window, do the following:

1. In the Security menu, select Maintain DAGs. The Maintain DAGs window opens.
2. Click the User Assignment tab. The User Assignment tab opens.
3. Click in the Account Name field in the first empty row. TMS displays … in the right corner of the field.
4. Click the … to retrieve the list of values including all user accounts available for assignment to a DAG (superusers are not included).
5. Select the user account you want to assign to the DAG. You can query in the Find field to narrow your search.
6. Repeat the procedure to add another user account in the next row as many times as necessary. If necessary, select Insert from the Record field to additional rows, one at a time.
7. Save. TMS assigns the users you specified to the DAG, which now controls their access to TMS data.

DAG and Settings Inconsistencies Report

This section includes:

• About the DAG Settings and Inconsistencies Report
  
• Running the DAG and Setting Inconsistencies Report
  

About the DAG Settings and Inconsistencies Report

When you create a user account in TMS, you specify profile settings for the user. In addition, if the user is not a superuser you also assign the user to at least one Data Access Group (DAG).

DAGs determine which data the user can view, and profile settings determine which data a user views by default. TMS does not check or enforce that these settings match; therefore it is possible to set a user's profile to default settings for data the user cannot actually see. Use this report to determine if any users are currently in this situation.

It is also possible to create a user account and not assign the user to any DAGs. Users designated as superusers can see all data and cannot belong to a DAG. However, if you do not designate a user as a superuser and also do not assign him or her to a DAG, the user will not be able to do anything in TMS.

The DAG and Setting Inconsistencies Report shows the following:

• A list of all non-superusers who are not associated with an active DAG.

• A list of all non-superusers who do not have DAG access to the following default settings:

  • dictionary

  • domain

  • external system

  • external value(s)

Running the DAG and Setting Inconsistencies Report

To generate a DAG and Setting Inconsistencies Report, do the following:

1. From the Security menu, select the DAG and Setting Inconsistencies Report.
2. Enter a value for the General parameter Output. Select the format in which you wish to generate the report - HTML, PDF, RTF, XLS or XML. This is a mandatory field.
3. Enter a value for the Job Specific parameter Template. Select the template you want to use for this report. If your company has created a custom template, it appears in the list of values. The Oracle Template is the default template.
4. Submit the job. Select Job, then Submit, or click the Submit icon to generate the report in the selected output format.

   A new browser window opens with the generated report.

Creating and Dropping External System Value Indexes

Use this job to create or drop indexes on the column EXT_VALUE_1 and/or EXT_VALUE_2 in the TMS tables TMS_VT_OMISSIONS and TMS_SOURCE_TERMS. You specify which column or columns to create an index for in the Define Security Columns window (see Defining Security Columns) but you must run this job to actually create the index.

For best performance, run this job whenever you add or remove values from the EXT_VALUE_1 or EXT_VALUE_2 columns in a DAG definition.

To run the job, do the following:

1. Under Job-Specific parameters, click in the Actions field and select a value from the drop-down list: Create Indexes or Drop Indexes.
2. Under Schedule, select a Report Server.
3. To run the job at a later time, set the other scheduling parameters; see Scheduling Parameters.
4. Submit the job.