As a data owner, I would like to prevent read access to data in a specific dataset for everyone outside explicitly specified groups. This is so that users or principals with non-scoped/”All” access do not accidentally get access to more sensitive data.
Example:
Dataset MyDataset exists and contains some sequence data we would like to restrict access to.
Group A has sequences:read (unscoped) capability.
Group B has sequences:read (scoped to MyDataset).
Today: both Group A and B can read the sequence data in MyDataset.
Desired: only Group B can read the sequence data in MyDataset.
Hi Sverre,
Thank you for raising this and taking the time to provide a well written example.
The sequence:read capability will, as you experience, provide access to all sequences regardless of which data set the sequences are in.
To achieve what you need you can change Group A from having sequences:read (unscoped) capability, to have sequences:read (scoped to each data set - except MyDataset).
I recognize that this might not be ideal in the case where you want group A to have access to sequences in many data sets, and especially if you regularly add new data sets they should have access to. I have included your example for our future evolvement of the flexibility in our access control.
Best regards,
Jørgen Tennøe
Hi Jørgen,
thanks for getting back on this one. We appreciate the workaround you propose could do the job, but as you state, it is cumbersome and not future proof.
Cheers,
Sverre
Thank your for this input Sverre,
I’m bringing this concrete case in for considerations for our access control design and plannings for the future.
Best regards,
Jørgen
Would you be able to share the plan forward on this request ?