We have a system in place that sends jobs to a compute cluster based on the real user name, as opposed to something like ‘galaxyuser’. Galaxy workflows are created and invoked using bioblend code, so the users don’t have to go in and manually set workflow inputs. However, this means each user needs admin access in order to create these workflows via API.
Additionally, we have one or two actual admin users that are charged with fixing the occasional workflow problem that pops up. The ability to impersonate users is super helpful in this situation, as you might imagine. So, I’m stuck in this situation where I’d rather not have MOST users with impersonate access. I don’t know of any way to do this, do you? With our setup, can anyone recommend an alternate configuration that would close this security hole? How hard is it to feed a list on email address to the user impersonation config variable?