In a nutshell, a proxy group is a list that holds service accounts for one or more users. This is used for managing access permissions to project data.
Each user has a unique proxy group, displayed in the user's profile page in Terra. This proxy group contains a user's login identity, alongside any service accounts Terra may make on their behalf. To find your proxy group address, go to the profile section under your name in the Terra UI:
You'll see your proxy group listed near the bottom:
As a Terra user, you should generally not need to think about your proxy group. You can share workspaces and the data they contain within Terra with any other user based on their login identity. However, if you want to share non-public data that is stored in buckets NOT associated with Terra workspace for the purpose of running Terra workflows, you must use the recipient's proxy group instead of their login username.
A typical use for the proxy group ID is when setting up access to a Google bucket using Access Control Lists (ACLs). Setting up an ACL is a method for micromanaging access to buckets (and to individual objects within buckets), and this method can work in tandem with Cloud Identity and Access Management (Cloud IAM).
To set up an ACL, follow these quick steps:
- Go to the Google storage browser, find the bucket to which you're granting access
- Select the object you want to share by clicking the three dots to the right of that object, then click "Edit permissions"
- Click "add" to create a new field, put in your proxy group ID, and select the appropriate entity and access level