View markdown source on GitHub

User, Role, Group, Quota, and Authentication managment

Contributors

Questions

Objectives

last_modification Published: Jan 1, 1970
last_modification Last Updated: Mar 29, 2024

Users

Speaker Notes

Users


User Control

option description
require_login Prevent anonymous access.
show_welcome_with_login Show welcome page next to login page.
allow_user_creation Allow user registration. When False, admins must create users; often coupled with require_login.
allow_user_dataset_purge Users can purge (permanently delete) their datasets.
api_allow_run_as List of email addresses of API users who can make calls on behalf of other users.
expose_dataset_path Users to see the full path of datasets via the “View Details” option in the history.

.footnote[.center[options in galaxy.yml]]

Speaker Notes


User Activation

Require verification that a user’s email is real. You must enable SMTP first.

option description
user_activation_on Require users to click link in email before running jobs.
activation_grace_period Time (hours) that a user can ‘explore’ Galaxy before activation lockout.
inactivity_box_content Message provided to non-activated users.
email_domain_blocklist_file Defines domains in XXX.YYY format that will be rejected as user emails.

.footnote[.center[options in galaxy.yml]]

Speaker Notes


Admin Control

option description
admin_users Comma-separated list of admin users’ emails.
allow_user_deletion Admins can delete users.
allow_user_impersonation Admins can become other users. Great for debugging / user assistance.
bootstrap_admin_api_key Admin super-key allows many API admin actions without having a real admin user.

.footnote[.center[options in galaxy.yml]]

Speaker Notes


User Privacy

option description
expose_user_name Users can view other registered usernames.
expose_user_email Users can view other registered emails.
new_user_dataset_access_role_default_private Newly created datasets are private to the creating user.

.footnote[.center[options in galaxy.yml]]

Speaker Notes


Roles and Groups

Speaker Notes

Roles and Groups


Role Based Access Control (RBAC)

Admin can:

Speaker Notes


Dataset Roles

.left-column50[ manage permissions

access

new_user_dataset_access_role_default_private (galaxy.yml)

.right-column50[.middle[.image-90[ User_roles ]]]

Speaker Notes


Library Roles

.left-column50[

Speaker Notes


Quotas

Speaker Notes

Quotas


Quotas

Used to control user disk usage.

option description
enable_quotas Enable enforcement of quotas. Quotas can be set from the Admin interface (under Data).

Must create quotas in admin interface before any quota will be enforced, otherwise ‘unlimited’

Amounts:

Default for user class:

or associated with Groups or Users

.footnote[.center[options in galaxy.yml]]

Speaker Notes


class: left

Quota Details

Storage

Speaker Notes


Quota Automation

Speaker Notes


Authentication Systems

Speaker Notes

Authentication Systems


LDAP / AD

Speaker Notes


Shibboleth, CAS

Speaker Notes


OIDC

Speaker Notes


Built in Authentication

option description
password_expiration_period Days before requiring a user to change password. (NIST recommends not requiring password changes.)
session_duration Minutes before invaliding a user’s session, requiring re-login.

.footnote[.center[options in galaxy.yml]]

Speaker Notes


Others (REMOTE_USER)

Speaker Notes


Remote User (Security)

Speaker Notes


Key Points

Thank you!

This material is the result of a collaborative work. Thanks to the Galaxy Training Network and all the contributors! page logo Tutorial Content is licensed under Creative Commons Attribution 4.0 International License.