-
Notifications
You must be signed in to change notification settings - Fork 98
Authorization v2
Catalog allows the definition of permissions for users and groups. For this purpose, we have defined a set of predefined Roles that could be customized to specify the set of actions that can be done, as well as a list of Access Control Lists (ACLs) to specify the access and visibility of some resources.
a set of groups of users for each Study and Access Control Lists (ACL) in different resources, providing a full customizable authorization mechanism. The resources that can define an ACL are File and Sample. These ACLs are hierarchically redden in order to determine the permission from a user over some data.
Each entry of the ACL specify the actions that a set of users with an specific resource. This set of users can refer to a single user, a group of users, or other users.
This section is about:
- Groups
- Group permissions
- Create new groups
- Manage groups
- Access Control Lists
- Resolve File permissions
- Resolve Sample permissions
A Group is a list of users that share a set of permissions inside a specific study. Every group is defined for a single study, and can not be shared between studies.
Is mandatory belong to some group in order to access to any data from the study.
Each group defines a set of study permissions for its users. This study permissions are actions that can not be specified with ACLs.
- Manage Study Set the group as Study Manager. Define a set of permissions:
- Edit Study metadata information
- Create new Groups
- Add or remove users to a group
- Change group permissions
- Change resource ACLs
- Launch jobs Define if the group members are authorized to launch or execute jobs. Also, will need READ permission for the input jobs, and WRITE permission for the output directory.
- Delete jobs Define if the group members are authorized to delete jobs from catalog.
- Manage samples Set the group as Sample Manager. Define a set of permissions:
- Create, read, update and delete operations over all Samples
- Create, read, update and delete operations over all Individuals
- Create, read, update and delete operations over all Cohorts
- Create, read, update and delete operations over all VariableSets
At this moment, is not possible to create new groups. See issue #217.
Existing groups are:
- admins with full permissions over the study
- dataManagers with full permissions over the study, except Manage Study
- members with no permissions defined. Permissions will be defined with ACLs.
The actual group management consists on adding or removing users from the groups. This management can be done by users with permission of Manage Study.
Every user can only belong to one single group for each study.
OpenCGA is an open source project and it is freely available.
General
- Home
- Architecture
- Data Models
- RESTful Web Services
- Configuration
- Download and Installation
- Tutorials
OpenCGA Catalog
OpenCGA Storage
About