Re: [galaxy-user] Permissions and private roles
HI Greg Sorry for the confusion. The links are to screenshot uploads of Galaxy showing the folder visibilities. If it¹s still not clear please send a quick mail. Thanks Anthony On 24/10/2011 19:01, Greg Von Kuster g...@bx.psu.edu wrote: I'm not following you here - please decipher your folder names, which I assume are mapped to your encoded request strings. On Oct 24, 2011, at 1:27 PM, Anthony Underwood wrote: Re: [galaxy-user] Permissions and private roles Thanks for the reply Greg Still don¹t think I¹ve quite got it in my head though it¹s becoming clearer. I have 2 users each whom I have given permission to access 2 datasets. user 1 has access to data in a folder called 1st result and user 2 has access to data found in both a folder called fastqs and 2nd result (very artificial data scenario:)) user 1 can see http://cl.ly/3M3t0P2n3H101P1z393e I would not have expected him to see the fastqs folder user 2 can see http://cl.ly/1r2y1h2c0F0a0V403F1f I would not have expected them to be able to see 1st result. Thanks for your patience Anthony ** The information contained in the EMail and any attachments is confidential and intended solely and for the attention and use of the named addressee(s). It may not be disclosed to any other person without the express authority of the HPA, or the intended recipient, or both. If you are not the intended recipient, you must not disclose, copy, distribute or retain this message or any part of it. This footnote also confirms that this EMail has been swept for computer viruses, but please re-sweep any attachments before opening or saving. HTTP://www.HPA.org.uk ** Greg Von Kuster Galaxy Development Team g...@bx.psu.edu - ** The information contained in the EMail and any attachments is confidential and intended solely and for the attention and use of the named addressee(s). It may not be disclosed to any other person without the express authority of the HPA, or the intended recipient, or both. If you are not the intended recipient, you must not disclose, copy, distribute or retain this message or any part of it. This footnote also confirms that this EMail has been swept for computer viruses, but please re-sweep any attachments before opening or saving. HTTP://www.HPA.org.uk **___ The Galaxy User list should be used for the discussion of Galaxy analysis and other features on the public server at usegalaxy.org. Please keep all replies on the list by using reply all in your mail client. For discussion of local Galaxy instances and the Galaxy source code, please use the Galaxy Development list: http://lists.bx.psu.edu/listinfo/galaxy-dev To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-user] Permissions and private roles
Anthony, Yours may be a corner case scenario that isn't properly handled, although I'm not sure it's critical as the data you want protected is, in fact, protected (or am I still not seeing it correctly?). If you feel this is a bug, please submit a ticket, although this is far off my development plans for the forsee-able future. Thanks! On Oct 25, 2011, at 4:30 AM, Anthony Underwood wrote: HI Greg Sorry for the confusion. The links are to screenshot uploads of Galaxy showing the folder visibilities. If it’s still not clear please send a quick mail. Thanks Anthony On 24/10/2011 19:01, Greg Von Kuster g...@bx.psu.edu wrote: I'm not following you here - please decipher your folder names, which I assume are mapped to your encoded request strings. On Oct 24, 2011, at 1:27 PM, Anthony Underwood wrote: Re: [galaxy-user] Permissions and private roles Thanks for the reply Greg Still don’t think I’ve quite got it in my head though it’s becoming clearer. I have 2 users each whom I have given permission to access 2 datasets. user 1 has access to data in a folder called 1st result and user 2 has access to data found in both a folder called fastqs and 2nd result (very artificial data scenario:)) user 1 can see http://cl.ly/3M3t0P2n3H101P1z393e I would not have expected him to see the fastqs folder user 2 can see http://cl.ly/1r2y1h2c0F0a0V403F1f I would not have expected them to be able to see 1st result. Thanks for your patience Anthony ** The information contained in the EMail and any attachments is confidential and intended solely and for the attention and use of the named addressee(s). It may not be disclosed to any other person without the express authority of the HPA, or the intended recipient, or both. If you are not the intended recipient, you must not disclose, copy, distribute or retain this message or any part of it. This footnote also confirms that this EMail has been swept for computer viruses, but please re-sweep any attachments before opening or saving. HTTP://www.HPA.org.uk ** Greg Von Kuster Galaxy Development Team g...@bx.psu.edu ** The information contained in the EMail and any attachments is confidential and intended solely and for the attention and use of the named addressee(s). It may not be disclosed to any other person without the express authority of the HPA, or the intended recipient, or both. If you are not the intended recipient, you must not disclose, copy, distribute or retain this message or any part of it. This footnote also confirms that this EMail has been swept for computer viruses, but please re-sweep any attachments before opening or saving. HTTP://www.HPA.org.uk ** Greg Von Kuster Galaxy Development Team g...@bx.psu.edu ___ The Galaxy User list should be used for the discussion of Galaxy analysis and other features on the public server at usegalaxy.org. Please keep all replies on the list by using reply all in your mail client. For discussion of local Galaxy instances and the Galaxy source code, please use the Galaxy Development list: http://lists.bx.psu.edu/listinfo/galaxy-dev To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
[galaxy-user] Permissions and private roles
Hi all I¹m trying to get my head round permissions on Data Libraries. I have a couple of questions 1) When I come to give access to a library the only roles I see are the current (admin) user¹s private roles and other non-private roles I have created - no other private roles. Reading the wiki page suggests that I should see all roles private and non-private. 2) Is there a way to give a role access to just one folder of a library rather than the whole library? Many thanks Anthony Dr Anthony Underwood Bioinformatics Group | Applied Laboratory and Bio- Informatics Unit Microbiology Services, Colindale Health Protection Agency - ** The information contained in the EMail and any attachments is confidential and intended solely and for the attention and use of the named addressee(s). It may not be disclosed to any other person without the express authority of the HPA, or the intended recipient, or both. If you are not the intended recipient, you must not disclose, copy, distribute or retain this message or any part of it. This footnote also confirms that this EMail has been swept for computer viruses, but please re-sweep any attachments before opening or saving. HTTP://www.HPA.org.uk **___ The Galaxy User list should be used for the discussion of Galaxy analysis and other features on the public server at usegalaxy.org. Please keep all replies on the list by using reply all in your mail client. For discussion of local Galaxy instances and the Galaxy source code, please use the Galaxy Development list: http://lists.bx.psu.edu/listinfo/galaxy-dev To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
[galaxy-user] Permissions and private roles
Hi all I¹m trying to get my head round permissions on Data Libraries. I have a couple of questions 1) When I come to give access to a library the only roles I see are the current (admin) user¹s private roles and other non-private roles I have created - no other private roles. Reading the wiki page suggests that I should see all roles private and non-private. 2) Is there a way to give a role access to just one folder of a library rather than the whole library? Many thanks Anthony Dr Anthony Underwood Bioinformatics Group | Applied Laboratory and Bio- Informatics Unit Microbiology Services, Colindale Health Protection Agency 61 Colindale Avenue London NW9 5EQ t: 0208 3276466 f: 0208 3277404 e:anthony.underw...@hpa.org.uk - ** The information contained in the EMail and any attachments is confidential and intended solely and for the attention and use of the named addressee(s). It may not be disclosed to any other person without the express authority of the HPA, or the intended recipient, or both. If you are not the intended recipient, you must not disclose, copy, distribute or retain this message or any part of it. This footnote also confirms that this EMail has been swept for computer viruses, but please re-sweep any attachments before opening or saving. HTTP://www.HPA.org.uk **___ The Galaxy User list should be used for the discussion of Galaxy analysis and other features on the public server at usegalaxy.org. Please keep all replies on the list by using reply all in your mail client. For discussion of local Galaxy instances and the Galaxy source code, please use the Galaxy Development list: http://lists.bx.psu.edu/listinfo/galaxy-dev To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-user] Permissions and private roles
Hello Anthony, On Oct 24, 2011, at 10:01 AM, Anthony Underwood wrote: Hi Greg Thanks for the reply. I can see now that as an admin user I can now add private roles using the Admin View as opposed to the data libraries view. It is still a bit unclear how a folder can be visible to one user but not to another. If both users have access to the library then they can view all folders, correct? Permissions on a folder are derived from permissions on specific datasets contained in the folder. So, if folder1 contains dataset1 and dataset2, and only Jack can see dataset 1 in folder1 and only Jill can see dataset2 in Folder1, both Jack and Jill can see Folder1, but Spot cannot. In addition, even though both Jack and Jill can see Folder1, each of them will be able to see only their respective dataset. I can see how I can edit add/modify permissions for a folder but not the view/access permission. Also another question about permissions. If I create a Galaxy page and share that with limited users then it appears that the datasets are all public via a URL is that correct? I'm not the expert on pages, Jeremy, can you answer this one? Thanks again Anthony On 24/10/2011 14:09, Greg Von Kuster g...@bx.psu.edu wrote: Hello Anthony, On Oct 24, 2011, at 6:55 AM, Anthony Underwood wrote: Permissions and private roles Hi all I’m trying to get my head round permissions on Data Libraries. I have a couple of questions 1) When I come to give access to a library the only roles I see are the current (admin) user’s private roles and other non-private roles I have created - no other private roles. The list of roles you see on the permission page for data library items ( folders and datasets ) is dependent upon the following: 1. Whether you are setting permissions on the library item from the Admin view ( where you should see both private and public roles ) or the Data Libraries view ( where you should only see your own private roles along with certain other public roles 2. The level in the hierarchy of the data library at which you are setting permissions. At the top level ( the data library level ), you have the ability to set the LIBRARY_ACCESS permission for the entire data library hierarchy. Depending upon the roles you associate here, all lower levels in the data library hierarchy show only those roles that are derived from the roles you set at the top LIBRARY_ACCESS permission. This is because it makes no sense to allow user john to have some permission to do something in a lower folder of a data library when he is not associated with the permission to even access the library at the top level. Reading the wiki page suggests that I should see all roles private and non-private. Not knowing which wiki you've read, make sure to see these: http://wiki.g2.bx.psu.edu/Admin/Data%20Libraries/Library%20Security http://wiki.g2.bx.psu.edu/Events/GDC2010?action=AttachFiledo=gettarget=GDC2010_data_libraries_sample_tracking.pdf 2) Is there a way to give a role access to just one folder of a library rather than the whole library? Yes, but again, the user with the role must be able to access the data library ( either the data library is public, or the user with the role is associated with the LIBRARY_ACCESS permission at the top level. Many thanks Anthony Dr Anthony Underwood Bioinformatics Group | Applied Laboratory and Bio- Informatics Unit Microbiology Services, Colindale Health Protection Agency ** The information contained in the EMail and any attachments is confidential and intended solely and for the attention and use of the named addressee(s). It may not be disclosed to any other person without the express authority of the HPA, or the intended recipient, or both. If you are not the intended recipient, you must not disclose, copy, distribute or retain this message or any part of it. This footnote also confirms that this EMail has been swept for computer viruses, but please re-sweep any attachments before opening or saving. HTTP://www.HPA.org.uk ** ___ The Galaxy User list should be used for the discussion of Galaxy analysis and other features on the public server at usegalaxy.org http://usegalaxy.org . Please keep all replies on the list by using reply all in your mail client. For discussion of local Galaxy instances and the Galaxy source code, please use the Galaxy Development list: http://lists.bx.psu.edu/listinfo/galaxy-dev To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ Greg Von Kuster Galaxy Development Team g...@bx.psu.edu
Re: [galaxy-user] Permissions and private roles
Hi Greg Thanks for the reply. I can see now that as an admin user I can now add private roles using the Admin View as opposed to the data libraries view. It is still a bit unclear how a folder can be visible to one user but not to another. If both users have access to the library then they can view all folders, correct? I can see how I can edit add/modify permissions for a folder but not the view/access permission. Also another question about permissions. If I create a Galaxy page and share that with limited users then it appears that the datasets are all public via a URL is that correct? Thanks again Anthony On 24/10/2011 14:09, Greg Von Kuster g...@bx.psu.edu wrote: Hello Anthony, On Oct 24, 2011, at 6:55 AM, Anthony Underwood wrote: Permissions and private roles Hi all I¹m trying to get my head round permissions on Data Libraries. I have a couple of questions 1) When I come to give access to a library the only roles I see are the current (admin) user¹s private roles and other non-private roles I have created - no other private roles. The list of roles you see on the permission page for data library items ( folders and datasets ) is dependent upon the following: 1. Whether you are setting permissions on the library item from the Admin view ( where you should see both private and public roles ) or the Data Libraries view ( where you should only see your own private roles along with certain other public roles 2. The level in the hierarchy of the data library at which you are setting permissions. At the top level ( the data library level ), you have the ability to set the LIBRARY_ACCESS permission for the entire data library hierarchy. Depending upon the roles you associate here, all lower levels in the data library hierarchy show only those roles that are derived from the roles you set at the top LIBRARY_ACCESS permission. This is because it makes no sense to allow user john to have some permission to do something in a lower folder of a data library when he is not associated with the permission to even access the library at the top level. Reading the wiki page suggests that I should see all roles private and non-private. Not knowing which wiki you've read, make sure to see these: http://wiki.g2.bx.psu.edu/Admin/Data%20Libraries/Library%20Security http://wiki.g2.bx.psu.edu/Events/GDC2010?action=AttachFiledo=gettarget=GDC20 10_data_libraries_sample_tracking.pdf 2) Is there a way to give a role access to just one folder of a library rather than the whole library? Yes, but again, the user with the role must be able to access the data library ( either the data library is public, or the user with the role is associated with the LIBRARY_ACCESS permission at the top level. Many thanks Anthony Dr Anthony Underwood Bioinformatics Group | Applied Laboratory and Bio- Informatics Unit Microbiology Services, Colindale Health Protection Agency ** The information contained in the EMail and any attachments is confidential and intended solely and for the attention and use of the named addressee(s). It may not be disclosed to any other person without the express authority of the HPA, or the intended recipient, or both. If you are not the intended recipient, you must not disclose, copy, distribute or retain this message or any part of it. This footnote also confirms that this EMail has been swept for computer viruses, but please re-sweep any attachments before opening or saving. HTTP://www.HPA.org.uk ** ___ The Galaxy User list should be used for the discussion of Galaxy analysis and other features on the public server at usegalaxy.org http://usegalaxy.org . Please keep all replies on the list by using reply all in your mail client. For discussion of local Galaxy instances and the Galaxy source code, please use the Galaxy Development list: http://lists.bx.psu.edu/listinfo/galaxy-dev To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ Greg Von Kuster Galaxy Development Team g...@bx.psu.edu - ** The information contained in the EMail and any attachments is confidential and intended solely and for the attention and use of the named addressee(s). It may not be disclosed to any other person without the express authority of the HPA, or the intended recipient, or both. If you are not the intended recipient, you must not disclose, copy, distribute or retain this message or any part of it. This footnote also confirms that this EMail has been swept for computer viruses, but please re-sweep any attachments before
Re: [galaxy-user] Permissions and private roles
Thanks for the reply Greg Still don¹t think I¹ve quite got it in my head though it¹s becoming clearer. I have 2 users each whom I have given permission to access 2 datasets. user 1 has access to data in a folder called 1st result and user 2 has access to data found in both a folder called fastqs and 2nd result (very artificial data scenario:)) user 1 can see http://cl.ly/3M3t0P2n3H101P1z393e I would not have expected him to see the fastqs folder user 2 can see http://cl.ly/1r2y1h2c0F0a0V403F1f I would not have expected them to be able to see 1st result. Thanks for your patience Anthony - ** The information contained in the EMail and any attachments is confidential and intended solely and for the attention and use of the named addressee(s). It may not be disclosed to any other person without the express authority of the HPA, or the intended recipient, or both. If you are not the intended recipient, you must not disclose, copy, distribute or retain this message or any part of it. This footnote also confirms that this EMail has been swept for computer viruses, but please re-sweep any attachments before opening or saving. HTTP://www.HPA.org.uk **___ The Galaxy User list should be used for the discussion of Galaxy analysis and other features on the public server at usegalaxy.org. Please keep all replies on the list by using reply all in your mail client. For discussion of local Galaxy instances and the Galaxy source code, please use the Galaxy Development list: http://lists.bx.psu.edu/listinfo/galaxy-dev To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-user] Permissions and private roles
I'm not following you here - please decipher your folder names, which I assume are mapped to your encoded request strings. On Oct 24, 2011, at 1:27 PM, Anthony Underwood wrote: Thanks for the reply Greg Still don’t think I’ve quite got it in my head though it’s becoming clearer. I have 2 users each whom I have given permission to access 2 datasets. user 1 has access to data in a folder called 1st result and user 2 has access to data found in both a folder called fastqs and 2nd result (very artificial data scenario:)) user 1 can see http://cl.ly/3M3t0P2n3H101P1z393e I would not have expected him to see the fastqs folder user 2 can see http://cl.ly/1r2y1h2c0F0a0V403F1f I would not have expected them to be able to see 1st result. Thanks for your patience Anthony ** The information contained in the EMail and any attachments is confidential and intended solely and for the attention and use of the named addressee(s). It may not be disclosed to any other person without the express authority of the HPA, or the intended recipient, or both. If you are not the intended recipient, you must not disclose, copy, distribute or retain this message or any part of it. This footnote also confirms that this EMail has been swept for computer viruses, but please re-sweep any attachments before opening or saving. HTTP://www.HPA.org.uk ** Greg Von Kuster Galaxy Development Team g...@bx.psu.edu ___ The Galaxy User list should be used for the discussion of Galaxy analysis and other features on the public server at usegalaxy.org. Please keep all replies on the list by using reply all in your mail client. For discussion of local Galaxy instances and the Galaxy source code, please use the Galaxy Development list: http://lists.bx.psu.edu/listinfo/galaxy-dev To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-user] Permissions and private roles
Also another question about permissions. If I create a Galaxy page and share that with limited users then it appears that the datasets are all public via a URL is that correct? Yes, all datasets are public via URL by default in Galaxy, and a Galaxy Page makes it easy to find this URL. Without knowing the dataset hash id and/or the instance's secret key, it's very difficult to guess a URL that leads to a valid dataset. To change a dataset's permissions, click on the pencil (Edit attributes) and scroll to the bottom of the attributes page. Thanks, J. ___ The Galaxy User list should be used for the discussion of Galaxy analysis and other features on the public server at usegalaxy.org. Please keep all replies on the list by using reply all in your mail client. For discussion of local Galaxy instances and the Galaxy source code, please use the Galaxy Development list: http://lists.bx.psu.edu/listinfo/galaxy-dev To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
