Controlling access to the server, server tasks and external data
Access to the various aspects of the CLC Server can be controlled using settings under:
Configuration () | Global Permissions ()
See figure 6.5.
Figure 6.5: Access can be controlled for many aspects of the CLC Server, including restricting access to certain tools and granting administrative access for certain types of actions
Group-level access can be configured for the following:
- Login restrictions Restrict who can log into the CLC Server.
- Web admin access Give admin-level access to defined areas in the web administrative interface. This is described further below.
- Algorithms Restrict access to specific tools to specified groups (figure 6.8). Enter a term in the search field to list tools with names containing that term.
- Workflows Control access to workflows installed on the CLC Server and control who can submit CLC Workbench workflows for execution on a CLC Server.
Controlling access to installed workflows Each workflow installed on the CLC Server is listed and access to each is configured individually (figure 6.6). By default, all authorized users have access to all workflows installed on the CLC Server.
Control who can submit CLC Workbench workflows for execution on a CLC Server The "Server Execution of Workbench Workflows" workflow (figure 6.6) is used by the system when a workflow installed on a CLC Workbench, or a workflow open in the CLC Workbench Workflow Editor, is submitted for execution on the CLC Server. Thus, access to the "Server Execution of Workbench Workflows" workflow determines who can run CLC Workbench workflows on the CLC Server. By default, all authorized users can access this workflow.
Figure 6.6: All authorized users have access to the first installed workflow listed. Members of the testers and scientists groups can run the second installed workflow. All authorized users have access to the "Server Execution of Workbench Workflows" workflow, allowing them to run CLC Workbench workflows on this CLC Server.Permission to install and manage workflows on the CLC Server are configured under the "Web admin access" section, described below.
- External applications Restrict access to External Applications that have been configured and made available on the CLC Server. To grant administrative access to configure and install external applications, set the permissions under the "Web admin access" section.
- Import/export directories Restrict access to file system areas not part of the CLC data setup that the CLC Server is able to access. These are described in Import/export directories.
- AWS Connections Restrict access to AWS Connections configured under the External Data tab.
- Grid presets For grid node setups only: Restrict access to grid presets, which are used for sending jobs to a particular queue with particular parameters. Note that grid presets are identified by name. If you change the name of a preset (under the Job processing tab), then this, in effect, creates a new preset. In this situation, if you had access permissions previously set, you would need to reconfigure those settings for this, now new, preset.
- Cloud presets Only relevant when the Cloud Server Plugin is installed and an AWS Connection has been configured for accessing an AWS account with CLC Genomics Cloud resources in place. Access to each cloud preset can be customized. Note that to use a cloud preset, a user must have access to both the cloud preset and the AWS Connection configured in that preset.
To edit permissions, click on the relevant heading and then click on the relevant Edit Permissions button in the expanded list (figure 6.8). In the edit dialog, if the option Only authorized users from selected groups, is selected, a list of groups is shown, allowing access to be granted or removed, as relevant.
Figure 6.7: Setting group-level permissions for tools is done under the Algorithms section. By default, all authorized users have access to all tools. Here, access has been limited to members of the admin and bioinformaticians groups.
Web admin access
By default, only members of the admin group can access administrative areas of the web interface. Settings under the "Web admin access" heading allow access to be extended to members of other groups to the following areas:
- Audit log See and work with the audit log, available from under the Management tab . See Audit log.
- External applications Configure and administer external applications. See External applications.
- Queue See a list of the processes running on, or queued to be run on, the CLC Server. See Queue.
- Workflows Install and administer workflows on the CLC Server. See Workflows.
Figure 6.8: Access can be granted to members of non-admin groups to the Audit log, External applications, Queue, and Workflows tabs in the web administriative interface.