tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent HealthCare Omics Platform
    Documentation
    Download PDF

    Permission Management

    Last updated: 2024-10-22 16:05:05
    Download PDF

      Introduction to Permission Management System

      Permission System Composition

      The Tencent HealthCare Omics Platform supports five types of roles. Each of them has different permissions. Ranked in the order of the highest to the lowest, the roles are the manager, owner, writer, executor, and reader-only.
      The Tencent HealthCare Omics Platform divides permissions based on projects and supports two levels of granularity for permission assignment:
      Assign project role permissions to users.
      Assign project role permissions to user groups.
      Note:
      The permission actually assigned to the user in a project is the highest one between the permissions assigned through the two settings. For example, user A belongs to user group A. The manager assigns the role of the executor to user A, and the manager assigns the role of the writer to user group A. At this time, the actual role assigned to user A in the project is the highest one; that is, the writer.
      When a user belongs to multiple user groups that have different roles in the same project, the user is actually authorized to get the highest permission. For example, user B belongs to user group A and user group B. The manager assigns the role of the writer to user group A and the role of the executor to user group B. At this time, user B's actual role in the project is the highest one; that is, the writer.

      Permission Management Scope

      Resource Type
      Involved Operation Permissions
      Project
      Creating, viewing, editing, and deleting projects and modifying permissions
      Binding and unbinding a bucket
      Creating, setting, editing, viewing, running, deleting, and publishing applications
      Creating, viewing, and deleting tables
      Viewing, early terminating, and rerunning a run batch
      Image
      Namespace Management
      Associating and disassociating with TCR
      Creating and deleting repositories and pushing image
      Creating, modifying, and deleting categories
      Viewing and copying the image path
      File
      Viewing and deleting project buckets
      Viewing buckets and using bucket directories as input and output paths
      Binding and unbinding projects and buckets

      Project Permissions

      Overview of the Types of Project Roles Assigned and Their Operation Permissions

      The types of project roles assigned and their operation permissions can be found in the following table:
      Role Type
      Description
      Manager
      Having the highest permission for all projects
      Binding and unbinding a bucket
      Binding and unbinding environments
      Owner
      Having the highest permission within the project
      Writer
      Viewing, adding, writing, publishing, and running applications
      Deleting applications (only those you created)
      Creating and deleting tables
      Executor
      Viewing and running the published version of the application
      Creating, viewing, and deleting tables
      Read-Only User
      Viewing the published version of the application
      Viewing the table

      Viewing and Setting Project Permissions

      The Tencent HealthCare Omics Platform supports Managers in viewing and setting project permissions in the console and also supports project owners in setting project permissions on the Tencent HealthCare Omics Platform website. After completing the permission setting for the same user/user group in any module, it will be synchronized to the other module, and you can switch to the latest view after refreshing.

      Viewing and Setting Role Project Permissions in the Console

      Managers can log in to the Console to view and set all project permissions:
      Log in to the console and click User Management > User, enter the user list page,which shows necessary information about user accountes.
      If you need to grant a user permissions for a project, click Manage Authorization in the rightmost operation column of the row where the user is located. You can go to the permission details page to view and manage the user's project-level role assignment.
      
      
      
      On the permission details page, you can view the user's roles assigned for the user's related projects. Click Permission Management to go to the permission management page to manage the role's authorization in the project dimension.
      
      
      
      The permission management page can authorize the user at the project level, and the project list can be switched according to types and regions. The supported types are "partial authorization" and "for Managers", and the supported regions is Hong Kong(China).
      
      
      

      Assigning Permissions in the Project to Roles on the Omics Platform Website

      Project owners and managers can assign specific role and authorize permissions to a project member.
      1. Authorizing When Creating a New Project
      
      
      
      2. Changing Authorization for an Existing Project
      Click the icon in the upper right corner of the project to enter Project Settings to modify role permissions.
      
      
      

      Project Resource Authorization

      Managers can authorize resources for projects, including storage resources and environment resources through binding buckets and environments to projects.

      Binding a Bucket

      Managers have permission to bind a bucket to an environment. During the File Management-Source File stage, the manager can directly specify the bucket that needs to be bound for the environment. Click the button Associate Bucket, the Associating pop-up will appear, where Manager can bind buckets to the selected environment.
      
      
      
      Select the bucket need to be bound and comfirmed.
      
      
      
      After the bucket is bound, you can use the bound bucket data as input data for the project task. You can also set the path in the bucket as the task output directory. For details, see Application Editing (Code Editor).

      Binding a Environment

      Managers have permission to bind a environment for a project. During the creation of a new project stage, Managers can directly specify the bucket to be bound to the project. Managers can also bind a environment to an already created project in the project settings.
      
      
      

      Application Permissions

      After a user logs in to the Tencent HealthCare Omics Platform, the project list page only displays authorized projects. Within a project, different roles have different operation permissions. Within an application, the application editing page displays the corresponding operation view based on the operation permissions. For project application-level operation permissions, see the following table:
      Role Type
      Operation Permission Description
      Manager
      Creating, editing, running, and deleting applications and publishing application versions
      Viewing timeline editing historical and version history
      Owner
      Creating, editing, running, and deleting applications and publishing application versions
      Viewing timeline editing historical and version history
      Writer
      Creating, editing, running applications, and publishing application versions
      Deleting applications (only those you created)
      Viewing timeline editing historical and version history
      Executor
      Viewing and running the published application version
      Viewing timeline version history
      Read-Only User
      Viewing the published application version
      Viewing timeline version history

      Table Permissions

      For table-related operation permissions, see the following table:
      Role Type
      Operation Permission Description
      Manager
      Creating, deleting, and viewing tables
      Owner
      Creating, deleting, and viewing tables
      Writer
      Creating, deleting (only those you created), and viewing tables.
      Executor
      Creating, deleting (only those you created), and viewing tables.
      Read-Only User
      Viewing tables

      Running Groups-related Operation Permissions

      The following table contains the running groups-related permissions generated after the task is successfully submitted:
      Role Type
      Operation Permission Description
      Manager
      Viewing running groups
      Terminating and rerunning groups early
      Owner
      Viewing running groups
      Terminating and rerunning groups early
      Writer
      Viewing running groups
      Terminating and rerunning groups early (only for running groups submitted by the Writer)
      Executor
      Viewing running groups
      Terminating and rerunning groups early (only for running groups submitted by the Writer)
      Read-Only User
      Viewing running groups

      User Group Permissions

      User Group Overview

      The user group is a group of user members. It represents a resource access control mechanism provided by the Tencent HealthCare Omics Platform. This mechanism supports managers in creating, maintaining, and deleting user groups, as well as adding users to groups and modifying permissions in batches to make permission management easier.
      In the bioinformatics analysis scenerio, the user group mode can help managers better authorize projects. For example, you can create a user group, add all team members involved in a specific project to the user group, and then grant the user group the permissions required to access and operate the project. In this way, all user group members can access and operate the project as needed, and you have no need to grant each user the permissions respectively.
      This section mainly introduces operations related to grant permissions to user groups. For operations such as creating a new user group and adding or removing members from a user group, see User Management.
      Grant Permissions to User Groups
      Switch to the Permissions module and click Permission Management, and the permission management page is displayed.
      
      
      
      The permission management page displays a list of projects under each region and authorizes roles to user groups.
      
      
      

      Permission Management of other modules

      Image Management Permissions

      Permission for associating and disassociating Tencent Cloud Tencent Container Registry
      To use the image management module, the manager must first activate Tencent Cloud Tencent Container Registry in the Tencent Cloud Console and associate it with the Tencent HealthCare Omics Platform account. For specific operations, see Image Repository Management.
      Image Repository Management-related Permissions
      For image repository management permissions, see the following table:
      Role Type
      Operation Permission Description
      Manager
      Creating, modifying, and deleting category tags are supported.
      Viewing quick instructions and repositories in the image repository list is supported.
      Copying image addresses is supported.
      Deleting image repositories is supported.
      Owner
      Writer
      Executor
      Read-Only User
      Viewing quick instructions and repositories in the image repository list is supported.
      Copying image addresses is supported.

      File Management Permissions

      The file management module involves three types: bucket, public bucket, and project bucket. The operation permissions are as follows:
      After the manager associates a bucket, users can view the file directory of the bucket. After the manager binds a project, project members can use the bucket directory as an input and output path.
      Public buckets are open to all platform users;
      Project buckets are open to project members.
      For specific operation permissions, see the following table:
      Role Type
      Bucket Operation Permissions
      Public Bucket Operation Permissions
      Project Bucket Operation Permissions
      Manager
      You can associate and disassociate buckets.
      You can bind and unbind projects.
      You can view items.
      You can use input and output paths.
      You can view items.
      You can use input and output paths.
      
      You can view and delete items.
      Owner
      You can view items.
      You can use input and output paths.
      You can view items.
      You can use input and output paths.
      You can view and delete items.
      Writer
      You can view items.
      You can use input and output paths.
      You can view items.
      You can use input and output paths.
      You can view items.
      Executor
      You can view items.
      You can use input and output paths.
      You can view items.
      You can use input and output paths.
      You can view items.
      Read-Only User
      You can only view items.
      You can only view items.
      You can only view items.
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy