|
Permissions
In the Beta 4.2 release of OMERO, the permissions system has been re-enabled to allow users to share data, after having been disabled in earlier releases to prevent inappropriate access. OverviewA user may belong to one or more groups, and the data in a group may at most be shared with users in the same group on the same OMERO server. The degree to which their data is available to other members of the group depends on the permissions settings for that group. Whenever a user logs on to an OMERO server, they are connected under one of their groups. All data they import and work that is done is assigned to the current group and cannot be moved to another group. Groups must be created by the server administrator. Users can then be added by the admin or by a group 'owner' assigned by the admin. This would typically be the PI of the lab. The group owners or server admin can also choose the permission level for that group. An example (see image)In this lab, all the lab members are in a group called "Smith-Lab", with the owner being the lab PI. The permissions on this group would reflect the culture of that particular lab (see below). In this case it is Read-only. Two other groups have been created to allow scientists to collaborate on particular work. One of these contains only members of the Smith lab, while the other contains collaborators from another lab. These collaborators would only be able to see the data in the "APC" group, not any of the other work from the Smith lab. As mentioned above, there is no limit on the number of groups or the number of members in a group. This allows a lab or institution to configure a solution that suits them. Permission LevelsThe various permission levels are:
Changing PermissionsIt is possible for the group owner or server admin to change the permissions level on a group after it has been created and populated with data, with the following limitations:
Collaborative permissionsHere is a more detailed list of what you can and can't do in a collaborative group. Some of these policies may evolve as the permissions functionality matures in response to user feedback. Please let us know any comments or suggestions you have. CAN DO:
CANNOT DO:
DeletingDeleting has been revamped in the OMERO 4.2.1 release, changing the behavior with respect to permissions. Previously in the 4.2 release it was not possible to delete anything that had another user's annotations on it (since you couldn't remove them). The new delete service in OMERO 4.2.1 allows you to delete your Images etc even if they have been annotated by another user. However, you are not allowed to delete your own Tags that have been used by another user. This is because another user may have spent considerable effort tagging their own images with your Tags and this work would be lost if you are allowed to delete them. Known Issue: if the owner of the tag is also an owner of the group, they will be able to delete their tag, even if others have used it. As with other aspects of the permissions system, these rules are subject to evaluation and may evolve depending on feedback from the community. Please let us know if you have an opinion on these matters. For more information on the new delete functionality, please see Delete page Document Actions |