Need Help?

Search our documentation and community forum

Terra is a cloud-native platform for biomedical researchers to access data, run analysis tools, and collaborate.
Terra powers important scientific projects like FireCloud, AnVIL, and BioData Catalyst. Learn more.

Understanding and setting up a proxy group

Follow

Comments

2 comments

  • Avatar
    Kyle Vernest

    Thanks, Allie Hajian! Great article, I'll make sure to share it when we have requests from folks looking to use external buckets

    0
    Comment actions Permalink
  • Avatar
    Matt Bookman

    I'd like to suggest a related "best practice" for Terra users.

    The Proxy Group identifier is not very human-friendly. If I am looking at a list of grants on a GCS bucket, seeing that there's a grant to PROXY_11564<etc>@firecloud.org is not helpful unless I happen to have a place to look up that Proxy Group.

    Instead, I suggest if your registered Terra account is j_doe@someplace.org, create a Terra Group named j_doe_at_someplace_org. Don't add anyone else to this group. You can then make grants to j_doe_at_someplace_org@firecloud.org. This group contains one member, namely the proxy group for j_doe@someplace.org. This is much easier for a human to reason over.

    Note that this approach extends to when you actually do want to make grants to groups of Terra users. It is better to add them all to a Terra group and then grant access to that group's firecloud.org Google Group, rather than directly granting to proxy groups.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk