LogoLogo
  • Overview
  • publisher
    • Introduction
    • Getting Started
      • Logging in to Publisher
    • Data Sources
      • Connecting a Data Source
      • Managing a Data Source
      • Connectors
        • AWS S3 Permissions
        • Connecting to AWS S3 Storage
        • Google Cloud Storage (GCS) Permissions
        • Connecting to Google Cloud Storage
        • PostgreSQL Permissions
        • Connecting to PostgreSQL
        • PostgreSQL on Azure Permissions
        • Microsoft Azure Blob Storage Permissions
        • Connecting to Microsoft Azure Blob Storage
        • Connecting to HTTPS
        • Connecting to other sources via Trino
          • BigQuery
    • Collections
      • Creating a Collection
      • Sharing a Collection
      • Collection Filters
      • Editing Collection Metadata
      • Updating Collection Contents
    • Access Policies
      • Creating an Access Policy
      • Managing Access Policies
    • Questions
      • Adding Questions
      • Example Question
    • Settings
      • Viewing Current and Past Administrators
      • Adding an Administrator
      • Removing an Administrator
      • Setting Notification Preferences
  • Explorer
    • Introduction
    • Viewing a Collection
    • Browsing Collections
    • Asking Questions
    • Accessing a Private Collection
      • Requesting Access to a Private Collection
    • Filtering Data in Tables
      • Strings
      • Dates
      • Numbers
  • Workbench
    • Introduction
    • Getting Started
      • Logging into Workbench
      • Connecting an Engine
      • Finding or Importing a Workflow
      • Configuring Workflow Inputs
      • Running and Monitoring a Workflow
      • Locating Outputs
    • Engines
      • Adding and Updating an Engine
        • On AWS HealthOmics
        • On Microsoft Azure
        • On Google Cloud Platform
        • On Premises
      • Parameters
        • AWS HealthOmics
        • Google Cloud Platform
        • Microsoft Azure
        • On-Premises
        • Cromwell
        • Amazon Genomics CLI
    • Workflows
      • Finding Workflows
      • Adding a Workflow
      • Supported Languages
      • Repositories
        • Dockstore
    • Instruments
      • Getting Started with Instruments
      • Connecting a Storage Account
      • Using Sample Data in a Workflow
      • Running Workflows Using Samples
      • Monitor the Workflow
      • CLI Reference
        • Instruments
        • Storage
        • Samples
        • OpenAPI Specification
    • Entities
    • Terminology
  • Passport
    • Introduction
    • Registering an Email Address for a Google Identity
  • Command Line Interface
    • Installation
    • Usage Examples
    • Working with JSON Data
    • Reference
      • workbench
        • runs submit
        • runs list
        • runs describe
        • runs cancel
        • runs delete
        • runs logs
        • runs tasks list
        • runs events list
        • engines list
        • engines describe
        • engines parameters list
        • engines parameters describe
        • engines health-checks list
        • workflows create
        • workflows list
        • workflows describe
        • workflows update
        • workflows delete
        • workflows versions create
        • workflows versions list
        • workflows versions describe
        • workflows versions files
        • workflows versions update
        • workflows versions delete
        • workflows versions defaults create
        • workflows versions defaults list
        • workflows versions defaults describe
        • workflows versions defaults update
        • workflows versions defaults delete
        • namespaces get-default
        • storage add
        • storage delete
        • storage describe
        • storage list
        • storage update
        • storage platforms add
        • storage platforms delete
        • storage platforms describe
        • storage platforms list
        • samples list
        • samples describe
        • samples files list
      • publisher
        • datasources list
  • Analysis
    • Python Library
    • Popular Environments
      • Cromwell
      • CWL Tool
      • Terra
      • Nextflow
      • DNAnexus
Powered by GitBook

© DNAstack. All rights reserved.

On this page
  • Understanding Access Policies
  • Access Policy Types
  • Public Access
  • Registered Access
  • Controlled Access
  • Managing Access Policies
  • Implementation Tips

Was this helpful?

  1. publisher

Access Policies

PreviousUpdating Collection ContentsNextCreating an Access Policy

Last updated 3 months ago

Was this helpful?

Understanding Access Policies

Access policies in control who can view and interact with your collections. These policies form the foundation of Publisher's security model, ensuring your data reaches the right audience while maintaining appropriate access controls.

Access Policy Types

Publisher provides three distinct levels of access control, each designed for different sharing needs and security requirements.

Public Access

with public access are available to anyone, including users who aren't logged in. This policy is ideal for openly available datasets, research findings meant for broad distribution, or resources that should be discoverable by search engines.

Public access policies come pre-configured and cannot be modified.

Registered Access

Registered access requires users to log in through before accessing collections. While still relatively permissive, this policy adds a layer of accountability by tracking who accesses your data.

It's particularly useful for:

  • Maintaining usage statistics

  • Understanding your user base

  • Meeting basic compliance requirements

  • Enabling user-specific features

Like public policies, registered access comes pre-configured and cannot be modified.

Controlled Access

Collections with a controlled access policy can only be accessed by a user if their email is listed within the access policy's allow list.

These policies differ from public and registered access in several important ways:

  • Created and managed by Publisher Admin

  • Limit access to specifically approved users

  • Allow multiple policies to exist simultaneously

When implementing controlled access, you can configure several important features:

Terms of Use enable you to present specific usage agreements that users must accept before accessing the data.

Access Requests allow potential users to submit formal requests for collection access, which administrators can review and approve. You can also maintain detailed "allow lists" of approved users, providing granular control over data access.

Managing Access Policies

Navigate to the Access Policies dashboard through the left sidebar to manage your policies.

Each policy appears with its name, creation date, access type, and number of pending requests. For controlled access policies, hover over any entry to reveal edit and delete options.

Implementation Tips

When choosing an access policy, consider your data's sensitivity and sharing requirements. Public access maximizes visibility, while registered access enables basic tracking. For sensitive data, controlled access provides the most security but requires more active management.

Remember that you can modify which policy is applied to a collection as your needs change. If you've enabled access requests for controlled access policies, monitor the dashboard regularly to review pending requests.

Controlled access provides the most sophisticated level of security for sensitive or restricted data. Unlike the other policy types, controlled access policies are and can be created by Publisher administrators to meet specific security requirements.

Publisher
Collections
Passport
fully customizable