Managing the HDC Platform

Last modified by Dennis Segebarth on 2024/08/14 17:06
Table of Contents

This section of the User Guide contains information for Platform Administrators to manage the Platform deployment. Platform Administrator is a high-privilege role that should be restricted to designated trained individuals who are knowledgeable on all aspects of the platform operation. Platform Administrators can view all Projects and create new Projects.

About the Platform Administrator Role

Platform Administrator is a role configured into the Pilot software that grants certain privileges within the Portal and Command Line Interface. Some points to consider when assigning the Platform Administrator role:

  • Permissions: From the Portal, Platform Administrators can perform all the Project Administrator’s functions, plus additional user management and project creation functions not available to Project members. This privilege facilitates complete oversight of the platform and allows Platform Administrators to provide support to Project members.
  • Platform Administrator' Footprint in the Audit Trail: When a Platform Administrator works in a Project, their actions are logged as a Platform Administrator, not a Project member.
  • Project Role: Users with the Platform Administrator role cannot hold an additional role in a Project (Project Administrator, Collaborator or Contributor).
  • Additional supportive roles: People managing the platform can expect additional technical and organizational responsibilities beyond managing the Portal and workspace tools, including deploying and configuring virtual machines and databases, maintaining the platform infrastructure and application layer, and establishing or contributing to policies and procedures for the platform governance and operation. The Platform Administrator does not need to perform all these duties; ideally, platform management is distributed among several administrative roles in a well-defined information security and governance framework. This segregation of duties minimizes access to data and systems and is a key pillar of information security.

Portal and Project Navigation for Platform Administrators

When Platform Administrators log into the Platform they see the same major features of the Portal layout described in Portal Navigation, with additional features for Platform Management.

1723654856770-216.png

Managing User Accounts

Platform Administrators can view and manage all users across the platform and can perform the same Project account management procedures as Project Administrators (See Managing HDC Projects). Additionally, they can disable user accounts from the Platform. Platform Administrators cannot be added to a Project with a Project member role (Contributor, Collaborator or Project Administrator), as they have default access to all projects.

Viewing Platform User Accounts

Platform Administrators can view and manage all users across the Platform. To access the platform-wide User Management tools, click Platform Management and select the User Management tab.

1723654869019-473.png

Within the Platform Users table, Platform Administrators can:

  • View, sort and search the user list. Icons beside each username indicate account status:

    • Active (green dot)
    • Disabled (red dot)
    • Platform Administrator (crown)
  • Filter by Active and Disabled or Platform Administrators Only.

  • Click the Action icon (three vertical dots in the Actions column of each row) and open a read-only Profile of any user including:

    • Join date, last login date, account status (Active or Disabled)
    • Project Membership and role in each project
    • History of Account activities
  • Click the Action icon and Disable a user account (see Disabling a User Account in this article)

Inviting New Users

Inviting Users to a Project

The most common Project-related user management task for a Platform Administrator is inviting the first Project Administrator after Project setup. Thereafter, the Project Administrator can take over management of their Project membership, although the Platform Administrator can still support them by sending Project invitations on their behalf.

Inviting the first Project Administrator of a Project is the same process Project Administrators follow for their Project membership:

  1. Launch the Project and open the Members page, then click + Add Member.
  2. Enter the user’s email address and select the Project Role as “Project Administrator” (or other role if adding new members later on behalf of the Project Administrator).
    Note: an email address can only be used for a single user. If the user’s email address has already been used in an invitation, a warning is displayed.
  3. Click Submit to continue. In the confirmation pop-up window, review the provided information and click Send to complete the invitation, or Cancel to exit.

The invitation acceptance steps and additional details on adding other users to a Project are described in Managing HDC Projects and Getting Started with HealthDataCloud.

Inviting a Platform Administrator or a Platform User

Platform Administrators can also invite new users without a Project Role and assign them the role of Platform Administrator or Platform User (a user who can log in and explore the list of Projects but cannot access any Projects).

Alternatively, any EBRAINS user can self-register for a Platform User basic account by accessing the HDC Portal, clicking the Login button, logging in with their EBRAINS username and password, and accepting the Terms of Use.

To invite a new user to the Platform,

1723654887329-788.png

  1. Click Platform Management in the Main Menu, and open the User Management tab.
  2. Click Invite User.
  3. In the popup window, enter the email address of the new user.
    Note: If the user’s email address already exists in the platform, a warning is displayed.
  4. Select the Role
    • Platform Administrator provides access to all Platform management.
      Note: Platform Administrator is the highest privilege role. Only select this option for suitably trained individuals.
    • Platform User is a basic registered user with no Project membership who can only view the Project Landing page and see the basic information about Projects listed there.
  5. A pop-up window prompts you to review the provided information. Click Send to complete the invitation, or Cancel to exit.

Viewing Sent Invitations

Platform Administrators can view the status of all invitations to the Platform sent either by Platform Administrators or Project Administrators.

To view sent invitations,

  1. Click Platform Management in the Main Menu, and open the User Management tab.
  2. Click Invitations. The Invitations table opens to display all invitations: The email address to which the invitation was sent, who sent the invitation, the Project they were first invited to (not applicable for Platform Administrators and Platform Users with no Project membership).
  3. Use the search and sort icons in the columns to help find a user.
  4. After the user has logged in for the first time and accepted the Terms of Use, their entry will appear in the Platform Users tab.

Disabling and Re-enabling User Accounts

Platform Administrators can disable the account of any user in any role. Disabling a user account immediately prevents the user from logging into the platform and removes them from the Members list of their Projects. This action is reversible.

1723654904200-429.png

Disabling a User Account

  1. Click Platform Management in the Main Menu, and open the User Management tab.
  2. Locate the user’s entry in the Platform Users table, click the Action icon and select Disable Account.
  3. A warning message asks you to review and confirm the username and email address. Click OK to complete the action or Cancel to exit.
  4. After clicking OK, an information message notifies you that the account update is in progress. Click OK to dismiss the message.
  5. When the account update has finished, the user’s Status is updated to Disabled and the entry in the Platform Users table becomes shaded with a red icon.
  6. The user will no longer be able to log into the Platform, and they will receive an email notification that their account has been disabled.

Implications of Disabling a user account

After you disable a user account:

  • The user cannot log into the platform.
  • The user is removed from the Members list of any Projects they belong to.
  • The user’s Project files stored in the Green Room remain accessible to the Project Administrator, and the Core files can still be accessed by any Project Member.
  • The user’s Home folder in their Project Workspace Virtual Machine(s) (if any) can still be accessed by the Project Administrators.
  • The user’s account history and Project data lineage is retained.
  • The user account can be re-enabled later by a Platform Administrator.

Re-Enabling a User Account

Platform Administrators can re-enable a previously disabled user account to restore their ability to log into the Platform.

  1. Click Platform Management in the Main Menu, and open the User Management tab.
  2. Locate the user’s entry in the table, click the Action icon and select Enable Account.
  3. Confirm OK.
  4. When the account update has finished, the user’s Status is updated to Active and the entry in the Platform Users table displays a green icon.
  5. The user will receive an email notification that their account has been enabled, and they can log into the platform with their username and password.

Implications of Re-enabling a user account

  1. Re-enabling a previously disabled account restores the user’s access to the platform but does not restore their previous Project membership. This is a security mechanism to prevent users from accessing Projects that they may no longer have permission to join. Each Project Administrator, or the Platform Administrator, can invite the user to the Projects they need to access when their account is re-enabled.
  2. When a re-enabled user re-joins a Project they previously had access to, they can access the same data they had access to before their account was disabled.

Creating Projects

Platform Administrators create Projects in the Portal, set up the XWiki Project page, and invite the first Project Administrator.

1723654919917-639.png

Creating the new Project in the Portal

  1. Navigate to the Projects Landing Page and click + New Project.
  2. Provide the required information to get the Project started:
    • Project Name (can be changed later by the Project Administrator) - A short name for the project to differentiate it from other projects. Maximum 100 characters
    • Project Code (immutable) - Uniquely identifies the Project across the platform. Between 1-32 characters. Must start with a letter and contain only lower case letters (a-z) and numbers (0-9).
  3. If desired, provide optional Project information. The Project Administrator can add or edit these later. See Managing HDC Projects for a detailed description of Project information.
  4. Review all information for completeness, then click Create to create the project (or Cancel to exit).
  5. After creating the Project, it becomes visible in the Project Landing Page.

Setting up the XWiki Project Page

The Project XWiki Project page can be set up in a few simple steps after the Project has been created in the Portal.

  1. Create the XWiki Project page,
  2. Create the XWiki Project Group.
  3. Configure permissions for the Project Group to access the Project Page.

Thereafter, when Project members click the XWiki icon from within the Project they will gain access to the XWiki Project page and will be able to create and edit content.

Note: setting up XWiki requires you to have administrator access to the HDC XWiki application in addition to your Platform Administrator access in the HDC portal.

Creating the XWiki Project page

  1. From the HDC Portal, navigate to the newly created Project and click the XWiki icon in the left menu bar. The XWiki application opens in a new browser window and you are logged in with your HDC account.
    • The default wiki page for the Project is loaded with the Notice “The requested page could not be found.” This is normal because the Project page has not yet been created - this is done in Step 2.
    • Confirm the page title matches the Project code and the browser URL path and navigation breadcrumbs indicate the page’s location under the top level page: “Project Pages”.
    • Note: If you receive an “Error: You are not allowed to view this page or perform this action”, then you lack sufficient administrative privilege in XWiki. Please contact another Platform Administrator with XWiki administrative privilege to grant you access.
      1723654940817-472.png
  2. Click the link in the Notice: “You can edit this page to create it.”
    • A new page opens with the Create Page options displayed. Under Default, click Blank page.
      1723654956739-551.png
  3. The page editor is now open. In page editing mode, set up the basic Project page information:
    • Change the TITLE to match the Project’s title.
    • Optional: in the page edit window add a simple welcome message, such as “Welcome to the {Project Title} wiki.” to let Project members know they’ve arrived in the right place (Project members can edit this content later after they have been granted access to the Project).
      1723654975083-102.png
  1. Click Save & View. The page is now configured and is visible in the Navigation menu under the Project Pages top level page.

Note: HDC users can see all their Project pages in the Navigation menu but cannot access Project pages if they are not a member of that Project in the HDC Portal.

Creating the XWiki Project Group

After creating the Project page, the next step is to create the XWiki Project Group.

Note: if any Project member attempts to access the XWiki Project page by clicking the Project XWiki icon before the the Platform Administrator creates the XWiki Project Group, then an API is triggered to automatically create the Group. In this case, skip this Step and proceed to the next step, Configuring the Project wiki page access for Project members.

  1. From the upper right corner of any XWiki page (beside your User Profile) click the Drawer icon (three horizontal lines beside your User Profile), then click Administer Wiki. The Global Administration: Home page opens.
    1723655011372-773.png
  2. Click Users & Rights, then click Groups to access the Global Administration: Groups page.
  3. Click Create Group and enter the name for the XWiki Project Group according to the naming convention “hdc-{project code}”, i.e., the prefix “hdc-” followed immediately by the Project code assigned during Project creation. For example, the Project “IndocTestP-2” with the code “indoctestp2” has the XWiki Project Group name hdc-indoctestp2.
    1723655027415-926.png
  4. Review the Group Name before proceeding.  Formatting the Group Name incorrectly will cause the Group to be decoupled from the Project in the Portal and Project members will not be able to access the page.
  5. Click Create to finish the Group creation.
  6. 1723655066936-299.png
  7. Check the Groups list to confirm the new Group is present.
     

Configuring the Xwiki Project Page access for Project members

After the XWiki Project page and the XWiki Project group have been created, the final step is to assign page rights for the group so Project Members can view their Project page.

  1. From the newly created XWiki Project page, click More Actions (three dots) at the top right of the page to open the Manage menu, then click Administer Page. The Page Administration menu options are now available.
    1723655080086-832.png
  2. Click Users & Rights > then Rights: Page & Children. Ensure the Groups radio button is selected.
  3. Locate the Group corresponding to the Project XWiki page and check the boxes under View, Comment, and Edit to assign these privileges to the Group.
  4. Before leaving the page, review the configuration settings to confirm that you have assigned the permissions for the correct Group.
    • 1723655098299-387.png

The Project XWiki page is now configured. Project Members with any role can click on XWiki icon from the Project to launch XWiki in a new browser tab and view the Project XWiki page. They can also open any of the other XWiki Project pages to which they have access, and the User Guide, from XWiki’s left Navigation menu.

Inviting the first Project Administrator

After creating the Project, it’s time to invite the first Project Administrator. The Project Administrator is a high privilege role giving access to all Project data across the Green Room and Core and all Project user management functions. Ensure the individual invited as the first Project Administrator has the appropriate authority to manage the Project under the Platform governance.

To invite the first Project Administrator, see Inviting New Users in this article.

Maintenance Notifications

1723655113847-996.png

Maintenance notifications inform Platform users of scheduled maintenance so they can plan their platform use around these times to minimize the impact on their work. Maintenance notifications are displayed prominently at the top of the Portal when a user logs into the platform and can be dismissed by the user. Platform Administrators can create and manage Maintenance notifications.

Creating a Maintenance Notification

1723655123479-904.png

  1. Click Platform Management in the Main Menu, and open the Notifications tab.
  2. Enter the date, time, estimated duration, and a message to users (the window is populated with a suggested default message).
  3. Click Preview to see how the notice will appear to users. Check the information for accuracy.
  4. Click Publish Now.
  5. After you publish the notification, it is immediately seen by all Platform users as a banner in Portal.
  6. Maintenance Notifications remain posted in the Portal until you disable them. Remember to disable the notification when the maintenance is complete or cancelled.

Interacting with Published Maintenance Notifications

  • More than one maintenance notification can be displayed at the same time. The banners stack on top of each other in the Portal and sort in descending order with the next upcoming maintenance window at the top.
  • To edit a published notification, return to the Notifications tab, select a Notification, and click Edit.
  • Users can dismiss the Maintenance notification for their current login session by clicking x in the banner, or forever by clicking Don’t show again. If a user clicks Don’t show again, they can still view the maintenance details up to the time the notification is disabled by clicking the Bell icon in the Main Menu.

Disabling a Maintenance Notification

After you publish a Maintenance notification, it remain posted in the Portal until you disable it. To disable a notification,

  1. Click Platform Management in the Main Menu, and open the Notifications tab.
  2. Find the published notification in the list and click to open it. Notifications that occurred in the past are flagged with a red dot signalling you should disable it, but you can disable any notification in the list.
  3. Click X Disable Notification.
  4. In the pop-up window, confirm by clicking Disable Notification.
  5. The notification is removed from the list, and users will no longer see the banner or Notification.

Portal Email Service

Platform Administrators can send a short email to Platform users from the Portal Email Service. If the communication is for upcoming maintenance notice, consider using a Maintenance Notice instead.

To send an email to some or all Platform users,

  1. Click Platform Management in the Main Menu, and open the User Management tab.
  2. Click Send Email.
  3. In the Email window, provide the required information:
    • Recipients - select one or more usernames, or All Users from the dropdown menu.
    • email Subject
    • email Content (maximum 1000 characters).
  4. Click Send.
  5. The email is sent to the selected recipients.

Copyright © 2023-2024 Indoc Systems.

HealthDataCloud is powered by Pilot technology, a product of Indoc Systems.