In this tutorial we will assume that we already have a user called "owner" that has a study populated with some samples and files and no permissions has been set at any point, so no one will have access to "owner"'s data.
In this OpenCGA installation we also have the following list of users:
- user1-admin and user2-admin should have admin permissions and should be able to take the same actions the user "owner" can do.
# If we know that those users will always share the same permissions, we can add those users to the pre-existing "admin" group opencga.sh studies groups-update -s projectAlias:studyAlias --users user1-admin,user2-admin --name admin --action ADD
- A group "analyst" synced from LDAP should have access to data (read and write) but they should not be able to delete anything.
# We can directly give permissions to the @analyst group. Remember 'analyst' template will assign all permissions but DELETE. opencga.sh studies acl-update --member @analyst --template analyst -s projectAlias:studyAlias
- A group "external" synced from LDAP should only have view access to all the files but not the rest of entries.
# We only need to give permissions to the @external group opencga.sh studies acl-update --member @external -s projectAlias:studyAlias --permissions VIEW_FILES,VIEW_FILE_HEADERS,VIEW_FILE_CONTENTS,DOWNLOAD_FILES
- A group "sample_access" synced from LDAP should have view access to just one specific sample. That group should not have access anywhere else.
opencga.sh samples acl-update --id sampleName --member @sample_access --permissions VIEW -s projectAlias:studyAlias
- A group "general_access" synced from LDAP should have view access to some concrete samples and the related individuals and files.
# For every sample in the list... opencga.sh samples acl-update --id sampleName --member @general_access --permissions VIEW -s projectAlias:studyAlias opencga.sh files acl-update --sample sampleName --member @general_access --permissions VIEW -s projectAlias:studyAlias opencga.sh individuals acl-update --sample sampleName --member @general_access --permissions VIEW -s projectAlias:studyAlias