Data libraries permissions oddity -- probably user error
From the admin interface I'll select "Manage data libraries" from the left bar, pick a library, and then from "library actions" select "edit
I've been setting up data libraries for researchers with their data as provided on USB drives, and the workflow is great, except that I'm doing something wrong with data library permissions and can't figure out just what. permissions". On that "Manage library permissions on library xxxxxx" screen the four associated/not-associated sections have only the role that I initially associated with the data library on import, and it's always the sole item in associated, and 'not-associated' is empty. How do I add other roles to associated if not-associated is empty, and more importantly how do I let the researcher who has 'manage library permissions' pick new ones when "roles not associated" is empty for them too"? The workaround I've found is to remove every role from "roles associated" in "access library", which briefly makes every role in the system show in "roles not associated", and then I can multi-select and re-add the removed roles and the new ones. I gather from Greg's write-ups that the right usage includes smarter use of groups and non-user roles, but is it really the case that I can't associate new roles to a library's "access library" right w/o first removing all those already there? Also, is there a way for researchers to be able to add users to their group/non-user-role without and administrator having to do it for them? Thanks, -- Ry4an Brase 612-626-6575 University of Minnesota Supercomputing Institute for Advanced Computational Research http://www.msi.umn.edu
Hi Ry4an, On Sep 7, 2010, at 10:12 AM, Ry4an Brase wrote:
I've been setting up data libraries for researchers with their data as provided on USB drives, and the workflow is great, except that I'm doing something wrong with data library permissions and can't figure out just what.
From the admin interface I'll select "Manage data libraries" from the left bar, pick a library, and then from "library actions" select "edit permissions".
On that "Manage library permissions on library xxxxxx" screen the four associated/not-associated sections have only the role that I initially associated with the data library on import, and it's always the sole item in associated, and 'not-associated' is empty.
It sounds like the role is a private role. Can you confirm this? If it is private, then the whole library is private to only that single user, so no other roles will be appropriate for associating with permissions.
How do I add other roles to associated if not-associated is empty, and more importantly how do I let the researcher who has 'manage library permissions' pick new ones when "roles not associated" is empty for them too"?
Roles that are populated in the permissions boxes for any library item ( folder, dataset ) are derived from the roles associated with the set of all users that have 1 or more of the roles associated with the LIBRARY_ACCESS permission on the data library itself. So if you want to restrict access on the data library to a set of users, create a role and associate each of those users with it.
The workaround I've found is to remove every role from "roles associated" in "access library", which briefly makes every role in the system show in "roles not associated", and then I can multi-select and re-add the removed roles and the new ones.
This behavior occurs because you have made the library public, so all roles are displayed in the permissions boxes.
I gather from Greg's write-ups that the right usage includes smarter use of groups and non-user roles, but is it really the case that I can't associate new roles to a library's "access library" right w/o first removing all those already there?
You can, just keep in mind that roles are derived from the roles associated with all users that are associated with the LIBRARY_ACCESS role on the data library.
Also, is there a way for researchers to be able to add users to their group/non-user-role without and administrator having to do it for them?
Yes, associate them with the LIBRARY_MANAGE permission on the library item.
Thanks,
-- Ry4an Brase 612-626-6575 University of Minnesota Supercomputing Institute for Advanced Computational Research http://www.msi.umn.edu _______________________________________________ galaxy-dev mailing list galaxy-dev@lists.bx.psu.edu http://lists.bx.psu.edu/listinfo/galaxy-dev
Greg Von Kuster Galaxy Development Team greg@bx.psu.edu
participants (2)
-
Greg Von Kuster -
Ry4an Brase