The data storage
The data storage Bart.Servaes Tue, 04/04/2023 - 14:55BELMOD Server
BELMOD ServerWithin the BELMOD Desktop application (SCN-P-XAWBELMOD machine) the following restrictions apply to all users:
- no internet access
- no access to the C:\ drive
- unable to check and modify file or directory properties
- unable to install software
- unable to turn off or restart the server
- no copy-paste between the BELMOD server and local machine
There are two distinctive type of applications users:
- Euromod application users: have access to the Euromod Citrix application.
- Full application users: have access to the BELMOD Citrix Desktop application containing all requested applications (including EUROMOD) – see full list via section 6.
There are also Local Administrators. They have extra privileges and have access to all the files and directories on the E:\ drive.
Note: Should the local administrators need a new project to be created, an RFI must be reported via Service Now (see section How to create and submit a request for information) with the project name, corresponding directories and users requiring access to that project and in which group(s) they need to have access to.
Users have access to the Citrix server via following link → https://remote.healthstat.be/vpn/index.html
Note: If new credentials are required, a local Administrator has to create and submit a Service Now ticket (see section How to create and submit a request for information) with the following information:
- First Name. Last Name
- Phone number
- E-mail address
- Citrix limited user or Citrix full access user
- User access → member of which group(s)
Directory privileges
Directory privilegesThe directory access is separated in two sections.
- ‘Developers’ directory: only accessible by FOD-SZ users groups
- ‘project_x’ directory used by the project users.
'Developers' directory
'Developers' directoryPlease find below an overview of the directory structure for FOD-SZ users groups:
- Belmod Data managers FOD-SZ: Belmod Local Administrators
- Belmod External developers: non-FOD-SZ developers
- Belmod Internal developers: FOD-SZ developers
| Directory | BELMOD Data managers FOD-SZ | BELMOD External developers | BELMOD Internal developers |
| \Developers | CRUD | Read | Read |
| \Developers\Data | CRUD | Read | Read |
| \Developers\Data\Input | CRUD | CRU | CRUD |
| \Developers\Data\Other | CRUD | CRU | CRUD |
| \Developers\Data\Source | CRUD | CRU | CRUD |
| \Developers\Data\Source\Orig | CRUD | Read | Read |
| \Developers\Model | CRUD | CRUD | CRUD |
| \Developers\Syntax | CRUD | CRUD | CRUD |
| \Developers\Syntax\Intern | CRUD | CRUD | |
| \Developers\Syntax\ProgInput | CRUD | CRUD | CRUD |
| \Developers\Syntax\ProgSource | CRUD | CRUD | CRUD |
'project x' directory
'project x' directoryPlease find below an overview of the project X directory structure:
- Belmod Data managers FOD-SZ: Have administrator access for all the sub-directories under their responsibilities
- Project x full access: Have extra privileges compared to the ‘project x limited access’ group (CRUD to \project_x\<name>\Data)
- Project x limited access: Have only read access to \project_x\<name>\Data
- Belmod Data Publishers FOD-SZ: Ensure validation of the data prior to the automated upload program
| Directory | BELMOD Data managers FOD-SZ | project x full access | project x limited access | BELMOD Data Publishers FOD-SZ |
| \project_x | Read | Read | Read | Read |
| \project_x\<name> | CRUD | CRUD | CRUD | Read |
| \project_x\<name>\BELMOD_Model | CRUD | Read | Read | No access |
| \project_x\<name>\Data | CRUD | CRUD | Read | No access |
| \project_x\<name>\Export | Read | Read | Read | CRUD |
| \project_x\<name>\Export\processed | Read | Read | Read | CRUD |
| \project_x\<name>\Models | CRUD | CRUD | CRUD | No access |
| \project_x\<name>\Results | CRUD | CRUD | CRUD | No access |
| \project_x\<name>\to_validate_for_export | CRUD | CRUD | CRUD | CRUD |
Citrix access
Citrix accessBelow is a view of what the Citrix server looks like depending on the users:
Figure 3: View of Citrix server for full access users
Figure 4: View of Citrix server for limited access users
Local Administrators have access to the E:\Administrators directory. Within the directory they have access to several text files with additional information on groups, directory privileges etc. Every day a task is generated to create a text files that includes:
- BELMOD_xxx: The name of the groups and which users are in them.
- t_project: A list of all the projects.
- t_directory_access: A list of the directory access with the privileges
In this way the local Administrators are able to see the specific privileges of every directory.
In the logs directory they can check whether the uploads and/or downloads have been successful.
Note: These log files do not contain any sensitive information.
Figure 5: Directory privileges files
A local Administrator can’t create new project users; this is the privilege of healthdata.be. If required, a local Administrator has to create and submit a Service Now ticket (see section How to create and submit a request for information) with the following information:
- phone number
- e-mail address
- limited access user or full access user
- member of which local groups
- organization
Important: If the user needs access to multiple projects (if the projects use different datasets), then multiple user accounts need to be created to avoid security violations.
Back-up policies and restore process
Back-up policies and restore processThe E:\ drive has a continuous backup available.
Users can restore their own deleted files via the ‘recycle bin’ application.
If it is not possible to recover a file, a Service Now ticket can be created so that healthdata.be can forward the restore request to Arxus.