Controlling access to CLC Server data

The CLC Bioinformatics Database uses folders as the basic unit for controlling access to data, and access is granted (or denied) to groups of users.

Two types of access can be granted to a group on any folder within a server location:

Read access
Users of the designated group(s) can see the elements in the folder, open them and copy from them. Access can be through any route, for example, via the CLC Command Line Tools or via the Workbench, for example when browsing in the Navigation Area of a Workbench, searching, or when clicking the "originates from" link in the History (Image history_16_n_p) of data.
Write access
Users of the designated group(s) can make and Save (Image Save_Blue_16_n_p) changes to an element, and new elements and subfolders can be created in that area.

For a user to be able to access a folder, they must have read access to all the folders above it in the hierarchy. In the example shown in figure 5.1, to access the Sequences folder, the user must have access to both the Example Data and Protein folders.

Image dbtree
Figure 5.1: A folder hierarchy on the server.

It is fine to just give write access to the final folder. For example, read access only could be granted to the Example Data and Protein folders, with read and write access granted to the Sequences folder.

Permissions on CLC Server File Locations must be explicitly enabled via the web administrative interface if they are desired (see Adding a file system location). Please see 5.1.3 for further details about the system behaviour if permissions are not enabled and configured.

Configuring the permissions is done via a CLC Workbench acting as a client for the CLC Server. At the point when permissions are enabled on a File Location via the server web administrative interface, Only the CLC Bioinformatics Database root user or users in a configured admin group have access to data held in that File Location at this point. No groups will have read or write access to any area under this location. Permissions should then be explicitly set by the root or other admin user on the folders in that area, as described below.



Subsections