Security policies
The Workbench has a security policy configuration that enables administrators to restrict users' access to things like:
- Tools accessing services on the internet
- Notifications about updates
- Plugin and Workflow management
Policies are specified in a file called policy.properties
that needs to be placed within the settings
folder under the Workbench installation directory. Users without administrator access typically would not be able to change the contents of this file.
Each of the following keys within a policy.properties
file can be followed by either = allow or = deny. No policy.properties
file is present in a default Workbench installation, and thus by default, all the policies listed below are allowed.
- workbench_version_check
- Controls whether notifications for Workbench updates should be shown.
- plugin_version_check
- Controls whether notifications for plugin updates should be shown. Note that if
plugin_download
is set to "deny", plugin update notifications will not be shown, regardless of this setting. - online_search
- Controls access to online sequence and structure search engines and some databases from third party providers. Depending on the Workbench being used, this includes Search for Sequences at NCBI (), Search for PDB Structures at NCBI (), Search for Sequences in UniProt (), Download Genomes () and Search for Reads in SRA ().
- online_ncbi_blast
- Controls whether tools performing BLAST at NCBI's servers should be available to users. This includes NCBI BLAST () run from the Toolbox and also from sequence selections.
- ncbi_blast_download
- Controls whether the Download BLAST databases () tool, which allows download of BLAST databases from NCBI's servers, should be available.
- plugin_manage
- Controls whether the Plugin Manager should be available. Users will still be able to install plugin updates if
plugin_download
andplugin_version_check
are allowed. - plugin_file_install
- Controls whether plugins can be installed from a local file.
- plugin_download
- Controls whether plugins can be downloaded and installed via the Download Plugins tab of the Workbench Plugin Manager. Setting this policy to deny also stops checks for for updated plugins and the display of notification dialogs about available plugin updates during Workbench startup.
- workflow_manage
- Controls whether the Manage Workflows dialog should be available.
- workflow_file_install
- Controls whether workflows can be installed from a file.
- sequence_to_structure
- Controls access to the Link Variants To Structure () and Download 3D Protein Structure Database () tools, as well as whether the 'Link to Structure' links in variant tables should be enabled or not.
- usage_information_collection
- Controls whether anonymous information about the usage of the workbench is shared with QIAGEN, helping us improve our products. It is also possible to opt out of providing usage information on a per-user basis via a setting in the General section of the Preferences dialog.
- welcome_center
- Controls whether the Workbench should contact the server that distributes content for the Welcome Center.
- run_on_workbench_when_server_is_available
- Controls whether server-enabled tools, run directly or in the context of a workflow, can be run on a Workbench when it is connected to a CLC Server. It has no effect on tools that can be run only on a CLC Workbench or on the ability to download reference data to a CLC Server CLC_References location using the Reference Data Manager.
A sample policy.properties file can be downloaded from
https://resources.qiagenbioinformatics.com/deployment/policy.properties. This can then be placed in the settings
folder and edited to contain the relevant values. The new policy will take effect next time the Workbench is started.