Giving only Terra workflows permission to access data
So, I understand how to make my project's google bucket public to all authenticated users by changing storage object viewer permissions, which gives Terra gsutil access. The thing is, I really can't have my organization's clinical data open to the public.
Is there a way to make it so only a specific Terra workflow has gsutil access? If not, we'll probably have to do everything locally with Docker/Git/Cromwell.
Thanks in advance.
Comments
3 comments
Hello,
Can you clarify if your Google bucket is an external google bucket or if it is associated with a Terra workspace? Are you attempting to give Terra access to the contents of the bucket to run a workflow or also allow multiple users to get access to the contents of the bucket to run workflows?
Hi @ajwils,
Just adding from Sushma's comment.
If you have a private google bucket containing data you'd like to run a workflow on (not a Terra created google bucket), you would just need to grant your proxy group access to the bucket or the files in the bucket you want to run on. Your proxy group is listed in your profile. Depending on how you configured the bucket, you'd either grant your proxy group Storage Object Viewer or Reader permission.
Hope this helps!
Thanks for the replies. Yes it is an external bucket not in a workspace.
I will try the proxy group solution.
Please sign in to leave a comment.