...
In this OpenCGA installation we also have the following list of users:
- user1-admin and and user2-admin should should have admin permissions and should be able to take the same actions the user "owner" can do.
Code Block |
---|
|
# If we know that those users will always share the same permissions, we can create an add those users to the pre-existing "admin" group for
them
opencga.sh studies groups-createupdate -s projectAlias:studyAlias --users user1-admin,user2-admin --group admin
# And now we give admin permissions to the @admin group. Important: groups in opencga are always preceded by @ internally although it is not mandatory adding it when we create it !
opencga.sh studies acl-create --members @admin --template admin -s projectAlias:studyAlias |
...
- A group "analyst" synced from LDAP should have access to data (read and write) but they should not be able to delete anything.
Code Block |
---|
|
# IfWe wecan knowdirectly thatgive those users will always share the same permissions, we can create an "analyst" group for them
opencga.sh studies groups-create -s projectAlias:studyAlias --users user1-analyst,user2-analyst,user3-analyst --group analyst
# And now we give admin permissions to the @analyst grouppermissions to the @analyst group. Remember 'analyst' template will assign all permissions but DELETE.
opencga.sh studies acl-createupdate --membersmember @analyst --template analyst -s projectAlias:studyAlias |
- user1-external, user2-external, user3-external should have just A group "external" synced from LDAP should only have view access to all the files but not the rest of entries.
Code Block |
---|
|
# IfWe weonly know that those users will always share the same permissions, we can create an "external group for them
opencga.sh studies groups-create -s projectAlias:studyAlias --users user1-external,user2-external,user3-external --group external
# And now we give admin need to give permissions to the @external group.
opencga.sh studies acl-createupdate --membersmember @external -s projectAlias:studyAlias --permissions VIEW_FILES,VIEW_FILE_HEADERS,VIEW_FILE_CONTENTS,DOWNLOAD_FILES |
- user4-external A group "sample_access" synced from LDAP should have view access to just one specific sample. That group should not have access anywhere else.
Code Block |
---|
|
#opencga.sh Wesamples need to create first some permissions to the user at the study entry level. Remember: The absence of permissions is equivalent to denying those permissions.
opencga.sh studies acl-create --members user4-external -s projectAlias:studyAlias
# user4-external does not have any permission yet, but we have it registered at the study entry point. Now we can add the permission for the sample
opencga.sh samples acl-create --id sampleName --members user4-externalacl-update --id sampleName --member @sample_access --permissions VIEW -s projectAlias:studyAlias |
- A group "general_access" synced from LDAP should have view access to some concrete samples and the related individuals and files.
Code Block |
---|
|
# For every sample in the list...
opencga.sh samples acl-update --id sampleName --member @general_access --permissions VIEW -s projectAlias:studyAlias
opencga.sh files acl-update --sample sampleName --member @general_access --permissions VIEW -s projectAlias:studyAlias
opencga.sh individuals acl-update --sample sampleName --member @general_access --permissions VIEW -s projectAlias:studyAlias |
...