OpenCGA
Page tree

Versions Compared

Old Version 5

changes.mady.by.user Pedro Furio

Saved on

compared with

New Version Current

changes.mady.by.user Pedro Furio

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this OpenCGA installation we also have the following list of users:

  • user1-admin and  and user2-admin should  should have admin permissions and should be able to take the same actions the user "owner" can do.
Code Block
languagebash
themeRDark
# If we know that those users will always share the same permissions, we can create an add those users to the pre-existing "admin" group for
them
opencga.sh studies groups-createupdate -s projectAlias:studyAlias --users user1-admin,user2-admin --group admin

# And now we give admin permissions to the @admin group. Important: groups in opencga are always preceded by @ internally although it is not mandatory adding it when we create it !
opencga.sh studies acl-create --members @admin --template admin -s projectAlias:studyAlias

...

name admin --action ADD
  • A group "analyst" synced from LDAP should have access to data (read and write) but they should not be able to delete anything. 
Code Block
languagebash
themeRDark
# IfWe wecan knowdirectly thatgive those users will always share the same permissions, we can create an "analyst" group for them
opencga.sh studies groups-create -s projectAlias:studyAlias --users user1-analyst,user2-analyst,user3-analyst --group analyst

# And now we give admin permissions to the @analyst grouppermissions to the @analyst group. Remember 'analyst' template will assign all permissions but DELETE.
opencga.sh studies acl-createupdate --membersmember @analyst --template analyst -s projectAlias:studyAlias
  • user1-external, user2-external, user3-external should have just A group "external" synced from LDAP should only have view access to all the files but not the rest of entries. 
Code Block
languagebash
themeRDark
# IfWe weonly know that those users will always share the same permissions, we can create an "external group for them
opencga.sh studies groups-create -s projectAlias:studyAlias --users user1-external,user2-external,user3-external --group external

# And now we give admin need to give permissions to the @external group.
opencga.sh studies acl-createupdate --membersmember @external -s projectAlias:studyAlias --permissions VIEW_FILES,VIEW_FILE_HEADERS,VIEW_FILE_CONTENTS,DOWNLOAD_FILES
  • user4-external A group "sample_access" synced from LDAP should have view access to just one specific sample. That group should not have access anywhere else.
Code Block
languagebash
themeRDark
#opencga.sh Wesamples need to create first some permissions to the user at the study entry level. Remember: The absence of permissions is equivalent to denying those permissions. 
opencga.sh studies acl-create --members user4-external -s projectAlias:studyAlias

# user4-external does not have any permission yet, but we have it registered at the study entry point. Now we can add the permission for the sample
opencga.sh samples acl-create --id sampleName --members user4-externalacl-update --id sampleName --member @sample_access --permissions VIEW -s  projectAlias:studyAlias
  • A group "general_access" synced from LDAP should have view access to some concrete samples and the related individuals and files.
Code Block
languagebash
themeRDark
# For every sample in the list...
opencga.sh samples acl-update --id sampleName --member @general_access --permissions VIEW -s  projectAlias:studyAlias
opencga.sh files acl-update --sample sampleName --member @general_access --permissions VIEW -s  projectAlias:studyAlias
opencga.sh individuals acl-update --sample sampleName --member @general_access --permissions VIEW -s  projectAlias:studyAlias

...