User permissions
Users who use the OCRIS Toolbox are presented with a different set of tools, according to their role. The available roles are user, manager, and admin.
Baseline SQL permissions for all users
In general, regardless of which role your users are in, they will need the following database permissions: SELECT, INSERT, UPDATE, DELETE, and EXECUTE.
OCRIS Toolbox is relatively configuration-agnostic, and doesn't have any specific requirements as to how these permissions are set. The actual implementation is left up to the system administrator or the OCRIS consultant.
The official Microsoft documentation (opens in a new tab) is a recommended resource.
Role assignment
Toolbox roles can be assigned to a user by setting a SQL Server database role on that user's account.
The Toolbox roles can be mapped to SQL Server database roles, as follows:
| Toolbox role | SQL Server database role |
|---|---|
| admin | tbx_admin |
| manager | tbx_manager or exp_poweruser |
| user | none required |
Another way of visualising this is by thinking about which tools should be available to the user, and then assigning a SQL server role as follows:
| SQL server database role | User tools | Manager tools | Admin tools |
|---|---|---|---|
| tbx_admin | ✔️ | ✔️ | ✔️ |
| tbx_manager | ✔️ | ✔️ | ❌ |
| exp_poweruser | ✔️ | ✔️ | ❌ |
| no role | ✔️ | ❌ | ❌ |
In addition, users with the db_owner role will automatically be granted access to all Toolbox roles.
Tools available to each role
Each role has a certain set of tools available to it, as follows:
Admin tools
- Attribute definition builder
- Domain builder
- Import builder
- Data browser builder
- Rule builder
- Health check
Manager tools
- Lookup code manager
- Query builder
- XML repository manager
- External application configuration
- Importer
- Buffer browser
- OXO validator
- Merge tool
- Data distribution tool
- Downhole geophysics
- Geodetics and survey
User tools
- Query runner
- Data browser
- External applications
- Drillhole utilities
- Results manager
- SQL reporting
- Data file viewer
- Batch printing
Setting database roles
The database roles should be set up by your system administrator, or your OCRIS consultant.
The official Microsoft documentation explains how to create a SQL Server database role (opens in a new tab) and how to add a user to a role (opens in a new tab).
Here is an example, creating the tbx_manager role:
CREATE ROLE tbx_manager;
GOHere is an example, adding a named user to the tbx_manager role:
ALTER ROLE tbx_manager ADD MEMBER FieldGeo1;
GOHere is an example, removing a named user from the tbx_manager role:
ALTER ROLE tbx_manager DROP MEMBER FieldGeo1;
GO