Need Help?

Search our documentation and community forum

Terra is a cloud-native platform for biomedical researchers to access data, run analysis tools, and collaborate.
Terra powers important scientific projects like FireCloud, AnVIL, and BioData Catalyst. Learn more.

Pet service accounts and proxy groups




  • Avatar
    Kyle Vernest

    Thanks, Allie Hajian! Great article, I'll make sure to share it when we have requests from folks looking to use external buckets

    Comment actions Permalink
  • Avatar
    Matt Bookman

    I'd like to suggest a related "best practice" for Terra users.

    The Proxy Group identifier is not very human-friendly. If I am looking at a list of grants on a GCS bucket, seeing that there's a grant to PROXY_11564<etc> is not helpful unless I happen to have a place to look up that Proxy Group.

    Instead, I suggest if your registered Terra account is, create a Terra Group named j_doe_at_someplace_org. Don't add anyone else to this group. You can then make grants to This group contains one member, namely the proxy group for This is much easier for a human to reason over.

    Note that this approach extends to when you actually do want to make grants to groups of Terra users. It is better to add them all to a Terra group and then grant access to that group's Google Group, rather than directly granting to proxy groups.

    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk