Giving only Terra workflows permission to access data

Follow

ajwils

• October 09, 2019 17:36

So, I understand how to make my project's google bucket public to all authenticated users by changing storage object viewer permissions, which gives Terra gsutil access. The thing is, I really can't have my organization's clinical data open to the public.

 

Is there a way to make it so only a specific Terra workflow has gsutil access? If not, we'll probably have to do everything locally with Docker/Git/Cromwell.

 

Thanks in advance.

0

• 

  Sushma Chaluvadi

  • October 15, 2019 20:17

  Hello,

  Can you clarify if your Google bucket is an external google bucket or if it is associated with a Terra workspace? Are you attempting to give Terra access to the contents of the bucket to run a workflow or also allow multiple users to get access to the contents of the bucket to run workflows?

  0

  Comment actions Permalink
• 

  Tiffany Miller

  • October 17, 2019 15:18

  Hi @ajwils,

  Just adding from Sushma's comment. 

  If you have a private google bucket containing data you'd like to run a workflow on (not a Terra created google bucket), you would just need to grant your proxy group access to the bucket or the files in the bucket you want to run on. Your proxy group is listed in your profile. Depending on how you configured the bucket, you'd either grant your proxy group Storage Object Viewer or Reader permission.

  Hope this helps!

  1

  Comment actions Permalink
• 

  ajwils

  • October 17, 2019 17:07

  Thanks for the replies. Yes it is an external bucket not in a workspace.

  I will try the proxy group solution.

  0

  Comment actions Permalink

Please sign in to leave a comment.