On Sep 7, 2010, at 10:12 AM, Ry4an Brase wrote:
I've been setting up data libraries for researchers with their
provided on USB drives, and the workflow is great, except that I'm doing
something wrong with data library permissions and can't figure out just
> From the admin interface I'll select "Manage data libraries" from the
left bar, pick a library, and then from "library actions" select "edit
On that "Manage library permissions on library xxxxxx" screen the four
associated/not-associated sections have only the role that I initially
associated with the data library on import, and it's always the sole
item in associated, and 'not-associated' is empty.
It sounds like the role is a private role. Can you confirm this? If it is private, then
the whole library is private to only that single user, so no other roles will be
appropriate for associating with permissions.
How do I add other roles to associated if not-associated is empty, and
more importantly how do I let the researcher who has 'manage library
permissions' pick new ones when "roles not associated" is empty for them
Roles that are populated in the permissions boxes for any library item ( folder, dataset )
are derived from the roles associated with the set of all users that have 1 or more of the
roles associated with the LIBRARY_ACCESS permission on the data library itself. So if you
want to restrict access on the data library to a set of users, create a role and associate
each of those users with it.
The workaround I've found is to remove every role from "roles
associated" in "access library", which briefly makes every role in the
system show in "roles not associated", and then I can multi-select and
re-add the removed roles and the new ones.
This behavior occurs because you have made the library public, so all roles are displayed
in the permissions boxes.
I gather from Greg's write-ups that the right usage includes smarter use
of groups and non-user roles, but is it really the case that I can't
associate new roles to a library's "access library" right w/o first
removing all those already there?
You can, just keep in mind that roles are derived from the roles associated with all users
that are associated with the LIBRARY_ACCESS role on the data library.
Also, is there a way for researchers to be able to add users to their
group/non-user-role without and administrator having to do it for them?
Yes, associate them with the LIBRARY_MANAGE permission on the library item.
Ry4an Brase 612-626-6575
University of Minnesota Supercomputing Institute
for Advanced Computational Research http://www.msi.umn.edu
galaxy-dev mailing list
Greg Von Kuster
Galaxy Development Team