Administrator functions

Secure Environment for Analysing Data (SEAD)

Understand the functions undertaken by SEAD partner administrators

Cite
Released
10/11/2023

Roles and access management

SEAD offers various roles within the system, each with its distinct set of functionalities as outlined below.

SEAD partner administrators will be provided with an extensive instruction guide, containing all the information provided here as well as additional content.

SEAD role hierarchy

An overview of administrator roles and hierarchy of access provisioning

An overview of administrator roles and hierarchy of access provisioning:

  • ABS Primary Administrator - The ABS holds an overarching administrative role (e.g., development, licensing, security). ABS administrators only access partner SEADpods if requested. 
    • SEAD Account Manager - Providing ABS business support, training and ongoing consultation. 
  • Partner Pod Owner - Highest level of partner administrative provisioning. Pod Owners are responsible for overarching administrative functions of the SEADpod. 
  • Partner Administrators - Responsible for general administrative functions. This role can also be provisioned with read-only rights. 
  • Partner Pod Users - Provisioned with access to a SEADpod for data analysis and modelling, under partner data governance. 
Breakdown of SEAD partner roles and functionalities 
RoleAssociated tasks
Pod Owner
  • Create/remove Pod Administrators and Read-Only Administrators in the SEADpod.
  • Configure information banners.
  • Register, view and update User Analysts’ details.
  • Enable/disable and remove User Analysts from the SEADpod.
  • Create projects and project workspaces.
  • View and update details of projects.
  • Assign/unassign a registered Pod User to projects.
  • Create, update and delete a data product.
  • Link the data product to a project or remove a data product from an assigned project.
  • Reset user/administrator account passwords and Multi-Factor Authentication (MFA). 
  • Ingress/egress data and code to/from SEADpod, including data output vetting.
  • Activate project machines, change type and size of local disk configuration for a Pod User's Virtual Machine (VM) and allocate additional tools that are available.
  • View session metadata and other actions about projects and Pod Users.
  • Manage ingress of packages from ABS endorsed repositories on Pod User's behalf.
  • Coordinate the ingress of code and software from alternate repositories via software requests submitted to the ABS.

Pod Owners are also Pod Administrators and can perform any task in the Pod Administrator task list. 

Pod Administrator
  • Register, view and update Pod User details.
  • Enable/disable and remove Pod User's from the SEADpod.
  • Create projects and project workspaces.
  • View and update details of projects.
  • Assign/unassign a registered Pod User to projects.
  • Reset user account passwords and MFA.
  • Create, update and delete a data product.
  • Link the data product to a project or remove a data product from an assigned project.
  • Ingress/egress data and code to/from SEADpod, including data output vetting. 
  • Activate project machines, change type and size of local disk configuration for a Pod User's VM and allocate additional tools that are available. 
  • View session metadata, draw reports and other actions about projects and Pod Users.
Read-Only AdministratorThis is a type of administrator provisioning that enables viewing access to all administrator information (e.g., Cost Summary, Projects, Users) while disabling the ability to access edit functions.
Pod User
  • Run VMs, manage and connect to their assigned project workspace.
  • Access/use the data product assigned to their project.
  • Access the language/software packages to analyse the data.
  • Access the Shared Library.
  • Write/store data analysis for egress by the Pod Owner or Administrator.
  • Disconnect from the project workspace entirely.
  • Disconnect from the project workspace but leaving it running for large jobs.

Administrator portal

The administrator portal enables access to various operational objects (Users, Projects, Products etc,) in the SEADpod. 

Depending on the level of administrative access given to a person (i.e., Pod Owner, Pod Administrator, Read-Only Administrator), the number of operational objects available will be slightly different. 

The Pod Owner portal, immediately below, showcases the maximum number of operational objects available as it is the highest level of administrative provisioning. 

Pod Owner portal

Pod owner portal
Operational object functionalities
Operational objectFunctionality 
ProjectsShows a list of all projects ever created in the SEADpod. Clicking on a project ID enables administrators to view the information about it in more detail and make various amends, including close, reopen, clone, remove or add users to the project.
Virtual MachinesShows a list of all VMs in the SEADpod, both active and closed, as well as their power state, status, type, who they are assigned to and the name of the project they are associated with. Administrators can make various amends to the VMs, including updating the VM size, type and version.  
UsersShows all users ever registered in the SEADpod. From this page, administrators can register new users, as well as evict users, reset their password and MFA, or edit their basic attributes (i.e., name, organisation, contact number). 
ProductsShows a list of all products available for linking to projects in the SEADpod. 
Project Product LinksFrom this page multiple products can be linked to a single project, or multiple projects can be linked to a single product.
Desktop SessionsShows all VM desktop session occurring in the SEADpod by detailing the session start and end time, duration, user and the VM name. 
PackagesShows all R and Python packages available to users in the SEADpod. 
OrganisationsShows a list of all organisations created in the SEADpod. From this page, administrators can create new organisations or edit and delete existing organisations. 
TagsTagging allows administrators to create searchable tags and link them to objects from within each object interface (User, Project, Product, Organisation). This page showcases all tags ever created in the SEADpod and the number of objects they are attached to. 
Banner Messages (Pod Owners only)From this page, Pod Owners can publish a banner message displays across all user and administrator portals in the partner SEADpod. Banner messages are often used to communicate urgent or important messages and can be amended or published as frequently as necessary. 
Administrators (Pod Owners only)Like the Users page, Pod Owners can view all Administrators ever registered in the SEADpod. From this page, Pod Owners can register new Pod and Read-Only Administrators, as well as evict them, reset their password and MFA, or edit their basic attributes. 
Action LogThe Action Log keeps a real-time record of all administrative and user functions occurring in the SEADpod. 

 

Managing code and software

Users are not able to load code or packages themselves, this responsibility sits with partner administrators and the ABS. To ensure system security and integrity, SEAD partner administrators should refer to their SEAD Administrators Instruction Guide provided by the ABS for information on trusted sources. 

In addition, software is not to be provided, or attempted to be loaded to a SEADpod by partner administrators. Any request for new software must be submitted to the ABS, accompanied by a business justification.

For more information, please visit the Contact us page. 

Managing protected-level data

If your organisation intends to handle any data classified at the PROTECTED level within the system, it is essential that you notify the ABS. This notification ensures that appropriate data protections, such as mandatory baseline security clearances for all SEAD partner users and administrators, are being applied.

For further information about the security clearance process, please visit the Australian Government Security Vetting Agency

For specific enquiries around data classifications in SEAD, please Contact us

Overseas access

To ensure the security of our data and systems, access to our services from overseas locations is only permitted upon request and approval by the ABS.

Access will be considered on a case-by case basis and is limited to endorsed countries.

If you have any questions or require further assistance regarding overseas access, please Contact us