Versions Compared

Old Version 58

changes.mady.by.user Tamas Kiss

Saved on

compared with

New Version 59

changes.mady.by.user Dave Clarke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Assist incident recovery activities by reviewing data

  • Identifying data that may belong elsewhere so it can be moved

  • Adding users to the appropriate security groups as UMD and Assured computers are rolled out so that they can access the data.

  • Ongoing responsibility for data access - adding and removing users (either via self serve or directing CSCS to do on your behalf)

  • Ongoing identifying additional security groups that may be required and requesting them from CSCS

  • Ensuring that data in the drive is stored appropriately (according to data classification policy below)

  • Responding to alerts if drive is possibly running out of space

  • Share urgent data that may be required in the short term before drive access restored to all users

  • Ensuring that data access is provided only to authorised users and those with UMD or Assured computers

  • Annual review of users who have access to data to ensure that it is correct.

...

Expand
titleOption 2: Secure folders at the top level

  1. pro - once established can be self managed by the data manager and CSCS in future. Flexible and allows for efficiently securing small amounts of data (less than 1TB).

  2. con - requires more time to set up, document and maintain. Additional security groups must be set up by CSCS. Documentation must be kept by Data Manager and CSCS to capture which folders are secured and by what security groups.

Securing data with top level folders

  1. Create a list of all folders that will need to be at the top level.

    1. Dont create the folders on the drive in advance.

  2. Complete the Halo form under IT, Accounts & Access, Security on group drive folder.

    1. select Add

    2. select the group drive name (if it there are duplicates choose one of them and CSCS will find the correct name from our master list)

    3. In the Group Drive Folder field, add the name of the folder you want to be created and restricted. Ideally this will be a new folder - do not create it - we have an automated process that will do so. If you have several folders to be created, attach a spreadsheet to the ticket or put the list into the Additional Information field.

  3. CSCS will create the folders and the groups to be associated with them and advise the Data Manager when this is complete.

  4. The Data Manager will move the data into the new folder. Please note that it will take approximately 24 hours for data moved into a folder to be properly secured. This happens automatically after the data is moved or copied into a folder, but depending on the number of files it can take time to work through all of them.

  5. Users can be given access to the data once they have assured computers. The procedure for giving access to users is under development.

Option 3: Move selected data to a new group drive (called an IFS Project) This drive can either be secured with a single group as in C2 Option 1 or have top level folder permissions as in C1Option 2.

Expand
titleOption 3: Move data to a new group drive

pro - very easy to manage. There is a single group to add people into and they can see all of the data.

con - to make sense economically it should contain over 500GB of data as the minimum size is 1TB. If you only put 100 GB of data in it, the department will pay for the full 1TB (£150/y)

Moving data to a new IFS Project

  1. Create a list of the data that should be moved to a new IFS project.

  2. Request a new project be created - you can log this in Halo as a Generic Request.

    1. Indicate the department and licence name the project goes into

    2. Proposed name and purpose of the project

  3. CSCS will create a new IFS Project and advise you when it is done

  4. You should be able to see it under your folders and you can drag and drop the data into it

  5. Users can be given access to the data once they have assured or UMD computers. The procedure for giving access to users is under development.

...

Granting access to IFS data

Info

Only It is the responsibility of the Data Manger to ensure only people who have a UMD or Assured computer should be are given access to IFS data. It is the responsibility of the Data Manger to manage

For the most part, data managers will use a UIS web page called Toolkit https://toolkit.uis.cam.ac.uk/to add users to the appropriate security groups to be able to access group drive data. Instructions how to access are detailed in Step 7 below.

Colleagues who need access to the group drive must have a UMD or Assured computer. If they do, either the Data Manger can grant access, or they the Data Manager/Owner can request via the CSCS Service Desk using this request form Clinical School Computing Service User Portal - Group Drive Access. If they do not have a UMD or Assured computer, first check if they have received an audit form from CSCS and have completed it. Secondly, have they received an invitation from CSCS to attend the Recovery Clinic. If any of those things have not happened, please contact the CSCS Service Desk and ask them to check where the person is within the process. If it is an urgent matter, please escalate with your Business and Operations Manager.

...

Info

Data for this lookup tool https://app.powerbi.com/groups/me/reports/a9baafd0-4fae-4a53-8d51-026c3384d16f/eb78adb446a7499bc1be?ctid=49a50445-bdfa-4b79-ade3-547b4f3986e9&experience=power-bi is pulled from many data sources, so some information is updated every 2 hours but data on Windows devices is only updated once a day (overnight) which cannot be changed.

  1. Give the user access Go to the Drive itselfgo to the file file https://www.staff.admin.cam.ac.uk/system/files/download/ifs-path-reference-list-all-drives.xlsx

  2. Find the drive

  3. Copy the primary security group name from column I

  4. Open Toolkit - https://toolkit.uis.cam.ac.uk/ - and follow instructions in the Expand “Adding users to groups in Toolkit” section below 9.d

  5. Send the user a message with and include this link https://cscs-itsupport.atlassian.net/wiki/x/A4ATLg to tell them how to view the drive

  6. If you have chosen folder-level security for the drive;

    1. go Go to the file https://www.staff.admin.cam.ac.uk/system/files/download/ifs-path-reference-list-all-drives.xlsx

    2. Look at the Permissions groups tab in the aforementioned spreadsheet and find the permissions groups

    3. Find the name of the lookup group giving access to the entire group drive

    4. Proceed to Toolkit to add the users to the relevant groups (see expanding section immediately followingthe “Adding users to groups in Toolkit” section below)

Expand
titleAdding users to groups in Toolkit

Go to https://toolkit.uis.cam.ac.uk/ and sign in with your University account. ** If you cannot get access, please contact the CSCS Service Desk

Select Groups from the left side navigation bar

Select Hybrid AD Groups

image-20240828-064616.png

Ensure that your institution has been selected (see screenshot below). If it has not, click the Select institution Institution drop-down and choose it. If you aren’t you’re not sure which institution to choose, see this page Toolkit Institutions for a list.

image-20240828-064802.png

In the Search (Filter) area type or paste in the name of a group

Select the group by clicking on it once

Click the Edit button

Click Choose users manually

Type or paste in the crsid /s you are adding. You can add more than one by separate them with spaces or commas if there is more than one.

Click Add to Group button

You should see the users added to the group by CRSID and full name. Check that you added the right individual. Once you are satisfied with the result, you can click the X to exit from the edit group dialogue.

The UIS guide to managing groups with Toolkit can be found here with more details: https://help.uis.cam.ac.uk/service/accounts-passwords/it-staff/university-central-directory/toolkit/how-use-toolkit/manage-1

Folder level file permission setup

If option C1 2 is chosen you will be advised by CSCS once the new secured folders are set up. Next stepsWhen you receive the notification:

  1. The requester (usually a data manager) will be expected to move the files from the old location to the new folders that CSCS have created and secured.

  2. Open Windows Explorer and turn on hidden items. do Do this by clicking View in the toolbar, select Show, select Hidden Items

  3. Open up 2 two Windows Explorer windows - one with the old location and one showing the new

  4. Drag and drop files from the old to the new location

  5. If you see any errors, note them down and contact CSCS for assistance

  6. Confirm that the data was all copied

  7. Delete the old folder

  8. Wait 24 hours for the new permissions structure to be applied to all of the files you copied in

  9. You could now give access to other users with UMD computers per https://cscs-itsupport.atlassian.net/wiki/spaces/FAQ/pages/edit-v2/738099232#Granting-access-to-IFS-data

Data Manager Training

...

More information

UIS IFS Service Information https://help.uis.cam.ac.uk/service/cloud-services/institutional-file-store-service-ifs

...