Flow Logo

Core Flow Concepts

Permissions

Data, executions, samples and projects are 'permissioned' objects. This means that by default they are not viewable by anyone.

Owners

Whenever one of these objects is created, it is given an owner - the user who caused it to exist, whether directly, or indirectly (i.e. data generated by a pipeline will be owned by whoever triggered the pipeline run, samples created from demultiplexing will be owned by whoever triggered the demultiplex, etc.).

The owner can also be a group, if a user chooses to transfer one of their objects to that group. In that case, every member of the group will effectively be an owner.

The owner of an object has full permissions on it - they can view it, they can edit it, they can alter its permissions (more on this below) and they can delete it.

Privacy

The simplest form of access control is privacy. All four of these objects can either be private, or public.

If an object is private, only the owner can access it (unless they have explicitly shared it with the specific users or groups - see below). To anyone else, it is invisible. If it is public, anyone can see it - other users, even logged out users. They can't edit it or delete it, but they can view it.

Public status cascades downwards. If a project is public, any samples in it will also be public. Data produced by an execution will be public if the execution is public. Note that being private doesn't cascade - if an execution is private but you manually set some of its data to be public, that data will be public.

To adjust an object's privacy, click 'edit' in the top right of the object's page, and move the toggle. Sometimes an object will have certain criteria to be met before it can be made public (primarily samples).

Dependency

Executions can be part of samples or projects, and permissions on the project/sample do cascade down to the execution - but only if the execution is marked as 'dependent'. A dependent execution is one which inherits permissions from the sample or project it is in.

We make this distinction as your execution will be part of a sample or project automatically based on its input data, and you may not have any control over the sample or project's privacy status. This allows you to keep your execution private if you wish, even if the sample or project is made public.

Sharing

In addition to the blanket public/private distinction, you can also share an object with specific people or groups, to a specific access level.

On any project, sample, execution or data, go to the edit page for that object. Scroll down to 'Permissions' and, for any user or group, you can choose to share in the following ways:

  • Read access. This lets the user/group view the object. It is essentially the same as being public, but only for specific users/groups.
  • Edit access. This lets the user/group edit attributes of the object, such as description or metadata.
  • Share access. This lets the user/group share the object with additional users/groups with this same interface.

The three types form a hierarchy - each level has all the permissions of the ones below it.

These permissions cascade just as privacy does - if you share a project with a user, they will be able to access the samples, etc.

Previous
Filesets
Next
Overview