Controlling access to studies and data
Not all data are FAIR all the time. When data are still being verified and papers are not yet published we need to be able to hide them for a time. In BioConnect, studies and their data can be protected from view while still being shared with collaborators. Here we describe how permissions and roles are assigned for fine-grained access control to research data in BioConnect.
Access authorization in BioConnect refers to applying permissions to resources so that they are protected but also sharable, much like a file in Box or Google Docs. Permissions are granted by assigning roles to users for a given resource, such as a study or file. Each role has a set of permissions that determines what can be done with the resource. There are simple, pre-defined roles in BioConnect that allow easy assignment of permissions. These are owner, editor, and viewer. They determine whether a user can view, change, or delete something and whether they can see and change permissions. The roles and permissions are summarized as follows:
| Role | Permissions | ||||
|---|---|---|---|---|---|
| View | Edit | Delete | View permissions | Assign permissions | |
| Viewer |  |
||||
| Editor | |
|
|
||
| Owner | |
|
|
|
|
| Curator | |
|
|
|
|
Roles can be assigned to individual users or to groups. In BioConnect, there are two groups: All Jackson Laboratory
Users and All BioConnect Users. A given resource may have multiple users or groups for each role. For example, a
study may have multiple owners.
There is a specially designated group of Curators in BioConnect who have access to all studies regardless of their
role in the research group. Curators are responsible for metadata integrity within and across studies in
the system.
Assigning Permissions
When you create a study, you are assigned as the owner and are granted all permissions. You may choose to keep the study or file private (shared only with you) or share it with other users and groups. When you share it, you indicate a role for each user, including assigning additional owners. Access to resources is managed individually with one exception: when an uploaded file is added to a study, it will inherit the study's access settings. This means that if a user has permissions to a study, they have the same level of permissions for all the files within the study.