Overview

{dsROCrate} requires elevated permissions when auditing backend systems.

Depending on the backend implementation, this may require:

administrator privileges,
audit privileges,
or backend-specific read access to system metadata.

Without these permissions, {dsROCrate} may be unable to retrieve the metadata required for audit and RO-Crate generation workflows.

This vignette describes:

why elevated permissions are required,
how permission validation works,
and how to configure supported backends.

Why are elevated permissions required?

dsROCrate performs metadata and configuration inspection operations against supported backend systems.

These operations may include access to:

system configuration metadata,
authentication configuration,
datasource metadata,
project metadata,
audit-relevant server settings.

Standard user accounts may not have sufficient privileges for these operations.

Supported backends

Currently supported backend permission configurations:

Opal

Future backend-specific instructions may include:

Armadillo

Opal

NOTE: Opal 5.7+ is required, as that’s when the audit role was introduced.

Required permissions

For Opal backends, the connected user must have at least one of:

administrator privileges, or
the Audit system permission.

Configuring an Opal audit user

Step 1: Log in as an administrator

Step 2: Create a user (optional)

If a dedicated audit user does not already exist:

Open the Administration tab.
Under Data Access, select Users and Groups.
Create a new user account for auditing purposes.

Step 3: Grant audit permissions

Return to the Administration tab.
Under System, select General Settings.
Open the Permissions section.
Click the + button.
Select:
- Add user permission
Enter the username of the audit user.
Select:
- Audit system
Click Submit.

Example usage

con <- opalr::opal.login(
  username = "audit_user",
  password = "secret",
  url = "https://opal-demo.obiba.org"
)

dsROCrate::check_permissions(con)

Troubleshooting

Insufficient permissions

Ensure the connected user has the permissions required for the target backend.

See the backend-specific sections in this vignette for details.

Testing Opal permissions directly

dsROCrate::is_opal_admin_con(con)
dsROCrate::is_opal_audit_con(con)

Need mirroring services?
Contact our team at info@vpspulse.com.

Mirror powered by VPSpulse

Infrastructure sponsored by VPSPulse & Secure Payments by ArionPay.

VPSPulse Mirrors

Configuring Audit Permissions