View markdown source on GitHub

User, Role, Group and Quota managment

Contributors

Questions

Objectives

last_modification Last modification: Mar 14, 2022

Users, Groups, and Quotas

Speaker Notes

Users, Groups, and Quotas


Overview

This section will cover handling of users, groups and quotas for Galaxy. We will look at the following in particular:

Speaker Notes


User Control

option description
require_login Prevent anonymous access.
show_welcome_with_login Show welcome page next to login page.
allow_user_creation Allow user registration. When False, admins must create users; often coupled with require_login.
allow_user_dataset_purge Users can purge (permanently delete) their datasets.
api_allow_run_as List of email addresses of API users who can make calls on behalf of other users.
expose_dataset_path Users to see the full path of datasets via the “View Details” option in the history.

.footnote[.center[options in galaxy.yml]]

Speaker Notes


User Activation

Require verification that a user’s email is real. You must enable SMTP first.

option description
user_activation_on Require users to click link in email before running jobs.
activation_grace_period Time (hours) that a user can ‘explore’ Galaxy before activation lockout.
inactivity_box_content Message provided to non-activated users.
email_domain_blocklist_file Defines domains in XXX.YYY format that will be rejected as user emails.

.footnote[.center[options in galaxy.yml]]

Speaker Notes


Password & Session Policies

option description
password_expiration_period Days before requiring a user to change password. (NIST recommends not requiring password changes.)
session_duration Minutes before invaliding a user’s session, requiring re-login.

.footnote[.center[options in galaxy.yml]]

Speaker Notes


Admin Control

option description
admin_users Comma-separated list of admin users’ emails.
allow_user_deletion Admins can delete users.
allow_user_impersonation Admins can become other users. Great for debugging / user assistance.
master_api_key Admin super-key allows many API admin actions without having a real admin user.

.footnote[.center[options in galaxy.yml]]

Speaker Notes


User Privacy

option description
expose_user_name Users can view other registered usernames.
expose_user_email Users can view other registered emails.
new_user_dataset_access_role_default_private Newly created datasets are private to the creating user.

.footnote[.center[options in galaxy.yml]]

Speaker Notes


Roles and Groups

Role Based Access Control (RBAC)

Admin can:

Speaker Notes


Dataset Roles

.left-column50[ manage permissions

access

new_user_dataset_access_role_default_private (galaxy.yml)

.right-column50[.middle[.image-90[ User_roles ]]]

Speaker Notes


Library Roles

.left-column50[

Speaker Notes


Quotas

Used to control user disk usage.

option description
enable_quotas Enable enforcement of quotas. Quotas can be set from the Admin interface (under Data).

Must create quotas in admin interface before any quota will be enforced, otherwise ‘unlimited’

Amounts:

Default for user class:

or associated with Groups or Users

.footnote[.center[options in galaxy.yml]]

Speaker Notes


class: left

Quota Details

Storage

Speaker Notes


Quota Automation

Speaker Notes


Key Points

Thank you!

This material is the result of a collaborative work. Thanks to the Galaxy Training Network and all the contributors! page logo This material is licensed under the Creative Commons Attribution 4.0 International License.