The GUS Application Framework includes support for using basic access permissions with a unix-based model of users, groups, and "others" and through the use of "projects". These permissions are not meant as a robust solution to data security, and are easily circumvented though use of direct database access (i.e. sqlplus or psql) or local modifications of the GUS Application Framework. As such, it is highly recommended that you carefully evaluate and implement a database-level privileges system that makes sense to your configuration. Groups that need the highest levels of security, such as HIPAA compliance, should consider using Oracle with the Virtual Private Database option and/or other RDBMS-based technologies.

As an example, the Computational Biology and Informatics Laboratory (CBIL) uses a privilege system that is based on two roles, a read-only role, GUS_R, and a write role, GUS_W. GUS_R has been granted the select privilege on all tables and views in GUS, and GUS_W has been granted the update, insert, delete privileges on all tables and views and select on all sequences in GUS. Individual databases users are then granted the GUS_R role and, as appropriate, the GUS_W role. For finer control, this model may be extended to individual schemata or sets of tables.

For auditing purposes, the GUS system requires that the Application Framework and individual plugins be registered within the GUS Schema. To register the Application Framework in the GUS Schema, use the following command:

$ ga +meta --commit

It is only necessary to run this command once. Upon successfully running the command, you will see a stream of XML displayed on your screen.

Plugins will need to be registered in a similar fashion prior to use. For more information on registering plugins, please refer to the GUS User's Guide.

You may have noticed the userName, group, and project options specified in the gus.config file above. These values are used for auditing changes to the database on an individual row level, as well as part of the permissions system built into the GUS Application Framework. Your instance of GUS should now be configured with the standard "DBA" entries. You may at this point wish to create more specific users, groups, and projects so that further work with GUS will be properly tracked.

For more information on creating users, groups, and projects within GUS, please refer to the GUS User's Guide.