Administrator restrictions: relating OMERO.webadmin to OMERO.server

Summary

OMERO allows you to create administrators with a subset of the full administrator privileges, see Administrators with restricted privileges. The OMERO.web user interface form for creation and editing of restricted administrators (see the creating Administrators with restricted privileges section) collates the server-side privileges into fewer options and gives the options user-friendly names. Here, the mapping of the OMERO.web options to the server-side privileges is given. The server-side privileges are more granular and direct work with them is possible on the CLI, as described in Adjusting administrator restrictions.

Map of the OMERO.web UI options to the server-side privileges

Option in OMERO.web

Server-side privilege(s)

Sudo

Sudo

Write data

WriteOwned, WriteFile, WriteManagedRepo

Delete data

DeleteOwned, DeleteFile, DeleteManagedRepo

Chgrp

Chgrp

Chown

Chown

Create and Edit groups

ModifyGroup

Create and Edit Users

ModifyUser

Add Users to Groups

ModifyGroupMembership

Upload Scripts

WriteScriptRepo, DeleteScriptRepo

Note

CLI lists restrictions, OMERO.web lists privileges The lists shown using CLI commands recommended in Adjusting administrator restrictions will be complementary lists to the ones which can be deduced from the table above.

Note

ReadSession privilege is never given to restricted admin In OMERO.web, you can never create an administrator with restricted privileges who has the “ReadSession” privilege.