Add users via https://manage.ad.cornell.edu/adadmin. Documentation for facility managers using fileshare services managed by ChemIT and provisioned by CIT (Active Directory and SFS file shares). Includes reminder notes for Chemistry IT staff.
How do I, as a facility manager, add a person to the facility's file share?
Facility managers at NMR and XRay can add people directly to existing groups. Follow these steps:
- (A) Add user to appropriate group in Cornell's Active Directory (AD). Login to <https://manage.ad.cornell.edu/adadmin> with your ADM account. You should be able to add users as needed. Let Chemistry IT know if you have troubles accessing this interface.
- NMR: In the upper left hand corner, just search AS-CHM-NMR-Share and you should be presented with the list of all NMR groups.
- Note that NMR's Linux accounts are not managed through ChemIT. Thus, those NMR instrument accounts are provisioned directly by Ivan, in NMR. ChemIT does not need to know about those account changes.
- XRay: In the upper left hand corner, just search AS-CHM-XRAY-Share and you should be presented with the list of all XRay groups
- Near upper-left, click on "Add..." button. Enter desired NetID in search, click the NetID to move it to the section below on that screen, and then click <OK>.
- NMR: In the upper left hand corner, just search AS-CHM-NMR-Share and you should be presented with the list of all NMR groups.
- Create user's folder since this folder must be created before the first use of the instrument. A user can't do this from an instrument computer. Although a user can do this themselves before they get to an instrument computer, facility manager should do this as a courtesy, even though not strictly required.
- NMR: Within NMR's fileshare (CIT's SFS), use own ADM account to create a folder with group's folder, using user's NetID as the folder's name.
- XRay: Within XRay's fileshare (CIT's SFS), use own ADM account to create a folder with group's folder, using user's NetID as the folder's name.
NOTE 1: Ignore (rare) FERPA-related errors
You may safely ignore the rare "Error: Access is denied. (...) An error occurred during the last operation.". This error refers you to a FERPA OU object, such as:
- CN=(a NetID),OU=FERPA,OU=Students,OU=NetIDs,OU=CUniv,DC=cornell,DC=edu
NOTE 2: Creating or removing groups requires requires Chemistry IT staff
- Chemistry IT staff still need to make new groups in Active Directory and the new folders. Therefore please contact us directly for those requests. Thank you!
How so Chemistry IT staff add a new group to a facility's file share?
Chemistry IT staff's steps: (to be defined!)
How do Facility Managers clean out users given access to their facility's share who no longer should have access? How do I remove a group?
- The process of keeping group membership's current is left up to each Facility's staff's discretion.
- If help is wanted, please contact Chemistry IT for a consultation.
- Group removal will require coordinating with Chemistry IT. Thanks!
How does a facility user access a facility's file share?
What rights do my users have on my facility's file share, from their accounts?
- Read and write.
- Accessible from their private computers.
- Not accessible from the instrument computers, which have their own instrument accounts with different rights.
- From off-campus, user must use VPN. (File share protocol.)
What rights do my instrument accounts have on the facility's file share?
Read and Create permissions. Not Change, however.
- This allows directory browsing when using an instrument to whatever is the required folder to deposit resulting instrument files, regardless of user. And no ability to change or remove anyone's work, including one's own.
- Caveat: Although user can create a folder within a permitted folder, can't rename the folder from the instrument.
- Make such changes on the desktop before moving files to server. Or, make the changes using user's account.
- Removing or changing anything must be done from within a user's account, and this is restricted to the location of the permitted directory (folder) for that user. (Thus, only within that user's research group's folder).
- Same thing for the facility manager's Admin account, but without the limited directory (folder) restrictions.
Chemistry IT Staff
For ChemIT staff: How do I add a group?
Chemistry IT staff's steps:
- Confirm group does not exist in AD and on the fileshare structure.
- In AD (Quest), add research group.
- Example: AS-CHM-NMR-ShareGroupname
- At: <cornell.edu/DelegatedObjects/AS/UnitObjects/Cluster C - Science/Chemistry - CHM/Research/NMR/NMR Share/AS-CHM-NMR-ShareGroupname>.
- Example: AS-CHM-NMR-ShareGroupname
- For NMR requests: Within NMR's fileshare (CIT's SFS), use own ADM account to create folder with group's folder, using NetID as the folder's name.
- User can't do this from an instrument computer; they or NMR staff would first have to create the folder before the first use of the instrument. Hence, ChemIT staff doing so as a courtesy, even though not strictly required.
For ChemIT staff: What are the NMR instruments this pertains to?
- GC Mate
- Location: Old Protein Lab space, B78 ST Olin. (Used to be in B-level Baker.)
- Exactive/ DART
- Location: Old Protein Lab space, B78 ST Olin. (Used to be on the 4th floor, in ST Olin.)
- Bruker/ AV500
- Location: B63 ST Olin.
- Note: This system's billing kiosk is located in the old Protein Lab space, B78 ST Olin.
For ChemIT staff: What is the X-Ray instrument this pertains to?
- TBD
Related: ChemIT's general instructions to connect to a file share