Process for security exception to access private data #74
Description
If the researcher is a supervisor requesting their staff or student's data, use the full procedure below.
If the researcher wants to hand off data to their supervisor, start at "create a task..."
- Before the researcher requests the approval, make sure to point them to https://docs.rc.uab.edu/data_management/research_data_responsibilities/#security-exceptions-for-accessing-former-uab-personnel-data and let them know to request
/data/user,/home/and/scratch/all at once, as appropriate. - Receive approval for the security exception from Enterprise Information Security in the form of an RITM assigned to our "Assignment Group".
- Create a TASK describing what needs to be done and notify rc-ops-team.
- Copy the requested storage to another storage location and grant access to the requester or their delegate. We won't grant access to multiple people. If multiple people need access, the single requester/delegate can copy the data out to another location where those others can view it.
- Copy requested directories (ideally this will be all of
/data/user/$USER,/home/$USER/, and/scratch/$USER) to/rstore/share/RITM########/. Simply copy the full paths. - Recursive
chown $requesteron theRITM#directory. - Recursive
chmod u+rwxfor directories andchmod u+rwfor files starting at.../RITM#/.
- Copy requested directories (ideally this will be all of
- Notify the user of the path and give them 2 calendar weeks (??) before we delete, and request notification when they have completed their work. (Can we automate access revocation with a single cron trigger, is it worth it? Happy to document this.)
- Delete the copy when we hit the time limit or when they notify us.