Personal tools

You are here: Home Support OMERO Platform v4 OMERO.server Permissions
 

Permissions

In the Beta 4.2 release of OMERO, the permissions system has been re-enabled to allow users to share data, after having been disabled in earlier releases to prevent inappropriate access.

Overview

A user may belong to one or more groups, and the data in a group may at most be shared with users in the same group on the same OMERO server. The degree to which their data is available to other members of the group depends on the permissions settings for that group. Whenever a user logs on to an OMERO server, they are connected under one of their groups. All data they import and work that is done is assigned to the current group and cannot be moved to another group.

Groups must be created by the server administrator. Users can then be added by the admin or by a group 'owner' assigned by the admin. This would typically be the PI of the lab. The group owners or server admin can also choose the permission level for that group.

An example (see image)

In this lab, all the lab members are in a group called "Smith-Lab", with the owner being the lab PI. The permissions on this group would reflect the culture of that particular lab (see below). In this case it is Read-only. Two other groups have been created to allow scientists to collaborate on particular work. One of these contains only members of the Smith lab, while the other contains collaborators from another lab. These collaborators would only be able to see the data in the "APC" group, not any of the other work from the Smith lab. As mentioned above, there is no limit on the number of groups or the number of members in a group. This allows a lab or institution to configure a solution that suits them.

Permission Levels

The various permission levels are:

  • Private: All data in this group is only visible to the user who owns it and the group owners. The group owner can view the data for other group members but not make any edits (same as read-only behaviour).

  • Collaborative - Read-only: Users in groups with this permission setting can view each others' data, but cannot edit or annotate another user's data. You can view another users' images but not comment, rate or tag their images.

  • Collaborative: Users in a collaborative group can view and annotate the data belonging to other users. You can tag another user's images or use their tags to annotate your own images. You can add comments to their images and save your own rendering settings for each image. However, you cannot edit the names of their images, projects, datasets or tags etc.

Changing Permissions

It is possible for the group owner or server admin to change the permissions level on a group after it has been created and populated with data, with the following limitations:

  • It is not possible to 'reduce' permissions to 'Private'. Once links have been created in the database under 'Collaborative' (or Collaborative - Read-only) permissions, these cannot be severed. However, it is possible to 'promote' a Private group to be Collaborative or Read-only permissions.

Collaborative permissions

Here is a more detailed list of what you can and can't do in a collaborative group. Some of these policies may evolve as the permissions functionality matures in response to user feedback. Please let us know any comments or suggestions you have.

CAN DO:

  • Tagging:

    • You can add your tags to your images or another user's images
    • You can add another user's tags to your images, their images or another user's images
    • You can remove tags that you have added

  • Comments:

    • You can add comments to your images or another user's images

  • Rendering settings:

    • You can apply and save your own rendering settings to another user's images
    • This will not affect their rendering settings on their images

CAN'T DO

  • You can't edit another user's Project, Dataset or Image names or descriptions

  • You can't remove Images to another user's Dataset, or remove Datasets to Projects

  • You can't delete anything that belongs to another user

  • Tagging:

    • You can't remove a tag that another user has added, even if it is your tag on your own image
    • You can't edit another user's tag names or descriptions

  • Comments:

    • You can't edit any comments on any images. Comments are a historical record (same for all permissions levels).

  • DELETING:

    • If another user has added any Tags, Comments, Rating or Attached Files to your Image, you cannot remove these annotations and you are therefore prevented from deleting the Image.

EVOLUTION, QUESTIONS, TODO

  • Tag as predefined terms e.g. subset of an ontology, terms agreed within a group (e.g. Angus's Lab)...
  • Rating: known entities
  • If I add my tag to another user's image when the group is collaborative, then the group permission changes to read-only, should I be able to remove the tag? (I can now).
  • Would like your own rendering settings to be saved on someone else's images, even in read-only mode. "Rendering settings are different" from other data/edits.
Document Actions