Controlling access to CLC Server data

The CLC Server uses folders as the basic unit for controlling access to data, and access is granted (or denied) to groups of users.

Members of groups can be granted two types of access on folders within a server location:

Read access
Members of the designated group(s) can see the elements in the folder, open them and copy from them. Access can be through any client software, for example, via the CLC Server Command Line Tools or via a CLC Workbench, for example when browsing in the Navigation Area, searching, or when clicking the "Originates from" link in the History (Image history_16_n_p) of a data element.
Write access
Members of the designated group(s) can make and Save (Image Save_Blue_16_n_p) changes to an element, and new elements and subfolders can be created in that area.

For a user to be able to access a folder, they must have read access to all the folders above it in the hierarchy. In the example shown in figure 5.1, to access the Sequences folder, the user must have access to both the Example Data and Protein folders.

Image dbtree
Figure 5.1: A folder hierarchy on the server.

It is fine to just give write access to the final folder. For example, read access only could be granted to the Example Data and Protein folders, with read and write access granted to the Sequences folder.

At the point when permissions are enabled on a file system location, i.e. after the Enable permissions option described in File system locations, has been checked, only the CLC Server root user or users in a configured admin group will have access to data stored in that file system location. Permissions are then set by the root or other admin user on the folders in that area, via a CLC Workbench acting as a client for the CLC Server, as described in the next section.

Please see 5.1.3 for further details about the system behavior if permissions are not enabled and configured.