Controlling group access to CLC Server data
Folders are the basic unit for controlling access to data. Permissions applied to a folder also apply to the data elements within it. This section describes how to control access to folders on server file locations where permissions have been enabled and the "Group-based permissions" option has been selected, as described in File system locations. For information about Server File Locations with the "User homes" permission setting enabled, see File system locations.
When group-based permissions are enabled on a file system location, initially only the root user or users in a configured admin group have access to data stored there. Permissions can then be granted on folders to specified groups using the web administrative interface or using a CLC Workbench acting as a client for the CLC Server, as described in Setting permissions on a folder.
Members of groups can be granted two types of access:
- Read access
- Elements in these folders can be listed, opened or copied using the CLC Server Command Line Tools, the web client, or a CLC Workbench, for example by browsing in the Navigation Area, searching, or clicking the "Originates from" link in the History () of a data element.
- Write access
- New elements and subfolders can be created in this area, and changes made to existing data or folders can be saved.
Note: To access a folder and its contents, a user must be a member of a group with read access to all the folders above it in the hierarchy. In the example shown in figure 5.1, to access the Sequences folder, the group must have access to both the Example Data and Protein folders.
Figure 5.1: A folder hierarchy as seen through a CLC Workbench Navigation Area.
It is fine to give write access to just the final folder in a hieararchy. For example, in the hierarchy shown in figure 5.1, read access could be granted to the Example Data and Protein folders, with read and write access granted to just the Sequences folder.
Please see Technical notes about permissions and security for further details about the system behavior relating to permissions.