Create users in SHM#

This task is the responsibility of Trusted Research Environments Service Area (TRESA).

Once a user creation request has been received by the Trusted Research Environments Service Area (TRESA), they should follow the Data Safe Haven user management guide to create users in the SHM.

Users should be added to the SRE of their project, which should then enable them to setup an account and login via the url:

https://<SRE ID>.<SHM ID>.turingsafehaven.ac.uk/

The Project Team will then Invite users to log in.

Add users in bulk#

For Data Study Group (DSG) projects, a large number of users may need to be added in one go, which can be a very long manual process.

There is a CLI tool which can be used to automate this process:

Add users in bulk with CLI tool

Process the users spreadsheet for use in DC1.

  1. Download a copy of the users spreadsheet kept on Sharepoint at project_sres -> YYYY-MM-dsg-general -> user-information (or ask the project/DSG team where this is)

  2. Move the spreadsheet into the following directory in your local clone of the trusted-research repo: process_users_cli/<my-spreadsheet>.xlxs

  3. If not already in the process_users_cli directory:

    cd process_users_cli

    You can check by running:

    pwd

  4. [Mac users] Create virtual environment:

    python -m venv .venv

  5. [Mac users] Activate virtual environment:

    source .venv/bin/activate

  6. Install requirements:

    pip install -r requirements.txt

Usage#

  • Explore the CLI api with:

    python -m userprocessor  --help

  • Explore the process command with:

    python -m userprocessor process --help

  • Explore the validate-phone-number command with:

    python -m userprocessor validate-phone-number --help

  • Usage exmaples:

    python -m userprocessor process  users.xlsx

    with all optional parameters:

    python -m userprocessor process -o dsg_01_05_23.csv -r dsg_01_05_23_report.txt -rg 'MYDSG Research Users' may_users.xlsx

Creating Users in DC1#

  1. Create a csv in the DC1 and give it name like dsg_[mm]_[yyyy]_users.csv. Copy the output csv contents into this file.

  2. Run CreateUsers.ps1 with the csv (see DSH docs) - many are created already, this is fine.

  3. Users are added to the Sandbox SRE by default, unless a different Research Group is specified. Further changes to user access can be carried out later.

  4. Add the SamAccountName usernames to the original DSG/project team spreadsheet

    • most are firstname.surname, but a few will have their username shortened.

Testing#

Run tests:

python -m pytest tests/

Current Turing SHM#

Last updated 31/08/2023:

The <SHM ID> of the SHM currently set up is prod4.

Configuration details are accessible to the Trusted Research Environments Service Area (TRESA) in this issue on the private trusted-research GitHub repo.

Sandbox SRE#

Sometimes it may be helpful to set up a Sandbox SRE in advance of users getting access to the project SRE, especially where the users need a bit of practice with a Linux remote desktop.

To set up a Sandbox SRE:

  1. Follow the Build TRE in the same way as you would for a project SRE

    • It might be simplest to set the "tier" to "0", but it some cases you may want a higher tier Sandbox to give the users the experience with more stringent security controls

  2. Clone the https://github.com/alan-turing-institute/DSGaiuk2022 repo to your local computer

  3. Use Azure Storage Explorer to perform ingress of the DSGaiuk2022 repo

  4. If you wanted to check that the ingress worked, add your own user account to the Sandbox SRE security group and login to inspect the contents of the /data folder (consult user management guide if you don’t remember how)

  5. Follow the guidance above on inviting users to log in

Once users are logged in, they can explore the Sandbox and familiarise themselves with working in the SRE (and more generally in a Linux-based remote desktop). There are several thing users could do to get started, for example:

  1. Practice logging into the available GitLab and committing code to a repository

  2. Copy the DSGaiuk2022 repo from data to their home folder and attempt to run the contained notebook using Python (see https://github.com/alan-turing-institute/DSGaiuk2022/tree/main#running-the-notebook-on-your-own-computer)

    • Pose the question to the users: Can you find out what the average monthly concentration of CO2 levels were at the Mauna Loa observatory, in parts per million (PPM), in March 1958?

Removing Sandbox users#

Unlike the project SREs, “Sandbox” will not be torn down at the end of a project, so any users added should be removed after they no longer require access. Follow the Data Safe Haven Guide which explains how to remove users from an SRE.