tencent cloud

Feedback

Permission Management

Last updated: 2024-10-22 16:05:05

    Introduction to Permission Management System

    Permission System Composition

    The Tencent HealthCare Omics Platform supports five types of roles. Each of them has different permissions. Ranked in the order of the highest to the lowest, the roles are the manager, owner, writer, executor, and reader-only.
    The Tencent HealthCare Omics Platform divides permissions based on projects and supports two levels of granularity for permission assignment:
    Assign project role permissions to users.
    Assign project role permissions to user groups.
    Note:
    The permission actually assigned to the user in a project is the highest one between the permissions assigned through the two settings. For example, user A belongs to user group A. The manager assigns the role of the executor to user A, and the manager assigns the role of the writer to user group A. At this time, the actual role assigned to user A in the project is the highest one; that is, the writer.
    When a user belongs to multiple user groups that have different roles in the same project, the user is actually authorized to get the highest permission. For example, user B belongs to user group A and user group B. The manager assigns the role of the writer to user group A and the role of the executor to user group B. At this time, user B's actual role in the project is the highest one; that is, the writer.

    Permission Management Scope

    Resource Type
    Involved Operation Permissions
    Project
    Creating, viewing, editing, and deleting projects and modifying permissions
    Binding and unbinding a bucket
    Creating, setting, editing, viewing, running, deleting, and publishing applications
    Creating, viewing, and deleting tables
    Viewing, early terminating, and rerunning a run batch
    Image
    Namespace Management
    Associating and disassociating with TCR
    Creating and deleting repositories and pushing image
    Creating, modifying, and deleting categories
    Viewing and copying the image path
    File
    Viewing and deleting project buckets
    Viewing buckets and using bucket directories as input and output paths
    Binding and unbinding projects and buckets

    Project Permissions

    Overview of the Types of Project Roles Assigned and Their Operation Permissions

    The types of project roles assigned and their operation permissions can be found in the following table:
    Role Type
    Description
    Manager
    Having the highest permission for all projects
    Binding and unbinding a bucket
    Binding and unbinding environments
    Owner
    Having the highest permission within the project
    Writer
    Viewing, adding, writing, publishing, and running applications
    Deleting applications (only those you created)
    Creating and deleting tables
    Executor
    Viewing and running the published version of the application
    Creating, viewing, and deleting tables
    Read-Only User
    Viewing the published version of the application
    Viewing the table

    Viewing and Setting Project Permissions

    The Tencent HealthCare Omics Platform supports Managers in viewing and setting project permissions in the console and also supports project owners in setting project permissions on the Tencent HealthCare Omics Platform website. After completing the permission setting for the same user/user group in any module, it will be synchronized to the other module, and you can switch to the latest view after refreshing.

    Viewing and Setting Role Project Permissions in the Console

    Managers can log in to the Console to view and set all project permissions:
    Log in to the console and click User Management > User, enter the user list page,which shows necessary information about user accountes.
    If you need to grant a user permissions for a project, click Manage Authorization in the rightmost operation column of the row where the user is located. You can go to the permission details page to view and manage the user's project-level role assignment.
    
    
    
    On the permission details page, you can view the user's roles assigned for the user's related projects. Click Permission Management to go to the permission management page to manage the role's authorization in the project dimension.
    
    
    
    The permission management page can authorize the user at the project level, and the project list can be switched according to types and regions. The supported types are "partial authorization" and "for Managers", and the supported regions is Hong Kong(China).
    
    
    

    Assigning Permissions in the Project to Roles on the Omics Platform Website

    Project owners and managers can assign specific role and authorize permissions to a project member.
    1. Authorizing When Creating a New Project
    
    
    
    2. Changing Authorization for an Existing Project
    Click the icon in the upper right corner of the project to enter Project Settings to modify role permissions.
    
    
    

    Project Resource Authorization

    Managers can authorize resources for projects, including storage resources and environment resources through binding buckets and environments to projects.

    Binding a Bucket

    Managers have permission to bind a bucket to an environment. During the File Management-Source File stage, the manager can directly specify the bucket that needs to be bound for the environment. Click the button Associate Bucket, the Associating pop-up will appear, where Manager can bind buckets to the selected environment.
    
    
    
    Select the bucket need to be bound and comfirmed.
    
    
    
    After the bucket is bound, you can use the bound bucket data as input data for the project task. You can also set the path in the bucket as the task output directory. For details, see Application Editing (Code Editor).

    Binding a Environment

    Managers have permission to bind a environment for a project. During the creation of a new project stage, Managers can directly specify the bucket to be bound to the project. Managers can also bind a environment to an already created project in the project settings.
    
    
    

    Application Permissions

    After a user logs in to the Tencent HealthCare Omics Platform, the project list page only displays authorized projects. Within a project, different roles have different operation permissions. Within an application, the application editing page displays the corresponding operation view based on the operation permissions. For project application-level operation permissions, see the following table:
    Role Type
    Operation Permission Description
    Manager
    Creating, editing, running, and deleting applications and publishing application versions
    Viewing timeline editing historical and version history
    Owner
    Creating, editing, running, and deleting applications and publishing application versions
    Viewing timeline editing historical and version history
    Writer
    Creating, editing, running applications, and publishing application versions
    Deleting applications (only those you created)
    Viewing timeline editing historical and version history
    Executor
    Viewing and running the published application version
    Viewing timeline version history
    Read-Only User
    Viewing the published application version
    Viewing timeline version history

    Table Permissions

    For table-related operation permissions, see the following table:
    Role Type
    Operation Permission Description
    Manager
    Creating, deleting, and viewing tables
    Owner
    Creating, deleting, and viewing tables
    Writer
    Creating, deleting (only those you created), and viewing tables.
    Executor
    Creating, deleting (only those you created), and viewing tables.
    Read-Only User
    Viewing tables

    Running Groups-related Operation Permissions

    The following table contains the running groups-related permissions generated after the task is successfully submitted:
    Role Type
    Operation Permission Description
    Manager
    Viewing running groups
    Terminating and rerunning groups early
    Owner
    Viewing running groups
    Terminating and rerunning groups early
    Writer
    Viewing running groups
    Terminating and rerunning groups early (only for running groups submitted by the Writer)
    Executor
    Viewing running groups
    Terminating and rerunning groups early (only for running groups submitted by the Writer)
    Read-Only User
    Viewing running groups

    User Group Permissions

    User Group Overview

    The user group is a group of user members. It represents a resource access control mechanism provided by the Tencent HealthCare Omics Platform. This mechanism supports managers in creating, maintaining, and deleting user groups, as well as adding users to groups and modifying permissions in batches to make permission management easier.
    In the bioinformatics analysis scenerio, the user group mode can help managers better authorize projects. For example, you can create a user group, add all team members involved in a specific project to the user group, and then grant the user group the permissions required to access and operate the project. In this way, all user group members can access and operate the project as needed, and you have no need to grant each user the permissions respectively.
    This section mainly introduces operations related to grant permissions to user groups. For operations such as creating a new user group and adding or removing members from a user group, see User Management.
    Grant Permissions to User Groups
    Switch to the Permissions module and click Permission Management, and the permission management page is displayed.
    
    
    
    The permission management page displays a list of projects under each region and authorizes roles to user groups.
    
    
    

    Permission Management of other modules

    Image Management Permissions

    Permission for associating and disassociating Tencent Cloud Tencent Container Registry
    To use the image management module, the manager must first activate Tencent Cloud Tencent Container Registry in the Tencent Cloud Console and associate it with the Tencent HealthCare Omics Platform account. For specific operations, see Image Repository Management.
    Image Repository Management-related Permissions
    For image repository management permissions, see the following table:
    Role Type
    Operation Permission Description
    Manager
    Creating, modifying, and deleting category tags are supported.
    Viewing quick instructions and repositories in the image repository list is supported.
    Copying image addresses is supported.
    Deleting image repositories is supported.
    Owner
    Writer
    Executor
    Read-Only User
    Viewing quick instructions and repositories in the image repository list is supported.
    Copying image addresses is supported.

    File Management Permissions

    The file management module involves three types: bucket, public bucket, and project bucket. The operation permissions are as follows:
    After the manager associates a bucket, users can view the file directory of the bucket. After the manager binds a project, project members can use the bucket directory as an input and output path.
    Public buckets are open to all platform users;
    Project buckets are open to project members.
    For specific operation permissions, see the following table:
    Role Type
    Bucket Operation Permissions
    Public Bucket Operation Permissions
    Project Bucket Operation Permissions
    Manager
    You can associate and disassociate buckets.
    You can bind and unbind projects.
    You can view items.
    You can use input and output paths.
    You can view items.
    You can use input and output paths.
    
    You can view and delete items.
    Owner
    You can view items.
    You can use input and output paths.
    You can view items.
    You can use input and output paths.
    You can view and delete items.
    Writer
    You can view items.
    You can use input and output paths.
    You can view items.
    You can use input and output paths.
    You can view items.
    Executor
    You can view items.
    You can use input and output paths.
    You can view items.
    You can use input and output paths.
    You can view items.
    Read-Only User
    You can only view items.
    You can only view items.
    You can only view items.
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support