Skip to content

Authorization

Jump to bottom
Pedro Furió edited this page Sep 28, 2016 · 3 revisions

⚠️ OUTDATED DOCUMENTATION ⚠️

Overview

Catalog defines a set of groups of users for each Study and Access Control Lists (ACL) in different resources, providing a full customizable authorization mechanism. The resources that can define an ACL are File and Sample. These ACLs are hierarchically redden in order to determine the permission from a user over some data.

Each entry of the ACL specify the actions that a set of users with an specific resource. This set of users can refer to a single user, a group of users, or other users.

This section is about:

  • Groups
  • Group permissions
  • Create new groups
  • Manage groups
  • Access Control Lists
  • Resolve File permissions
  • Resolve Sample permissions

Groups

A Group is a list of users that share a set of permissions inside a specific study. Every group is defined for a single study, and can not be shared between studies.

Is mandatory belong to some group in order to access to any data from the study.

Group permissions

Each group defines a set of study permissions for its users. This study permissions are actions that can not be specified with ACLs.

  • Manage Study Set the group as Study Manager. Define a set of permissions:
  • Edit Study metadata information
  • Create new Groups
  • Add or remove users to a group
  • Change group permissions
  • Change resource ACLs
  • Launch jobs Define if the group members are authorized to launch or execute jobs. Also, will need READ permission for the input jobs, and WRITE permission for the output directory.
  • Delete jobs Define if the group members are authorized to delete jobs from catalog.
  • Manage samples Set the group as Sample Manager. Define a set of permissions:
  • Create, read, update and delete operations over all Samples
  • Create, read, update and delete operations over all Individuals
  • Create, read, update and delete operations over all Cohorts
  • Create, read, update and delete operations over all VariableSets
Create new groups

At this moment, is not possible to create new groups. See issue #217.

Existing groups are:

  • admins with full permissions over the study
  • dataManagers with full permissions over the study, except Manage Study
  • members with no permissions defined. Permissions will be defined with ACLs.
Manage groups

The actual group management consists on adding or removing users from the groups. This management can be done by users with permission of Manage Study.

Every user can only belong to one single group for each study.

Access Control Lists

OpenCGA is an open source project and it is freely available.

General

OpenCGA Catalog

OpenCGA Storage

About

Clone this wiki locally