Roles in myDRE workspace
Roles are defined per workspace. A myDRE user can have different roles in different workspaces they are part of.
Each workspace member can have one of these specified roles within that workspace:
- Accountable
The Accountable is the responsible person for the research study or project. Accountable will receive similar or the same rights as Privileged members, but will be responsible for the entire workspace. Accountable cannot be removed from the workspace, but the role can be reassigned.
- Privileged member
Privileged member (formerly known as Owner) has the same privileges as Accountable. They are responsible for the research study or project and have therefore the most privileges in the context of the workspace. View the tables below.
- Advanced member
Advanced member is a member who is able to upload data, submit data requests, and work in a virtual machine. In addition to working in a virtual machine, Advanced members are also able to resize the virtual machine. View the tables below for specific functionalities.
- Standard member
Standard member (formerly knowns as Researcher) is able to upload data, submit data requests and work in a virtual machine. Functions that affect the data egress, costs, memberships, external access are disabled for standard members. View the tables below for specific functionalities.
- Data contributor
Data contributor can upload data, and put in data requests, but they cannot connect to the VM. So they are not performing analyses within the VM, such as other workspace members can do.
- Data reader
Data reader can view data in the Files overview and can submit data requests. Data reader does not have access to the VM.
These roles differ in their privileges. You can learn more about the differences in the overview tables below. When you start adding people to your workspace, it's wise to consider which roles they should have. The guiding principle should be to only give the least amount of access that is required. So ask yourself the question: should this person really be added in this role to the workspace?
For roles within anDREa: see Definition of (Security) Roles and Responsibilities
Overview of capabilities per role
In the table below, you find an overview of all the capabilities per role. The roles are ordered from left to right: from least privileged to most privileged.
Functional overview
Data Reader | Data Contributor | Standard Member | Advanced Member | Privileged Member | Accountable | Local Support Team*** | |
Workspace creation | X | X | X | X | X | X | ✔ |
How many per workspace? | Any | Any | Any | Any | Max 100 | Max 1 | None |
Upload data | X | ✔ | ✔ | ✔ | ✔ | ✔ | X |
Request file download or transfer to another workspace | X | ✔ | ✔ | ✔ | ✔ | ✔ | X |
Download data after approval* | X | ✔ | ✔ | ✔ | ✔ | ✔ | X |
Approve/reject data request | X | X | X | X | ✔ | ✔ | X |
Start or Stop VM | X | X | ✔ | ✔ | ✔ | ✔ | X |
Connect to VM | X | X | ✔ | ✔ | ✔ | ✔ | X |
Add or Delete VM | X | X | X | X | ✔ | ✔ | X |
Resize VM | X | X | X | ✔ | ✔ | ✔ | X |
Installations within VM | X | X | X | ✔ | ✔ | ✔ | X |
Add, remove, change role workspace members | X | X | X | X | ✔ | ✔ | X |
Open up ports | X | X | X | X | ✔ | ✔ | X |
Request domains to be allowlisted (via ticket system) | X | X | X | X | ✔ | ✔ | X |
Create support tickets on support.mydre.org | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Handle tickets | X | X | X | X | X | X | ✔ |
Escalate tickets to anDREa | X | X | X | X | X | X | ✔ |
*only file download requestor is able to download requested file after the approval
Technical overview
Details
Resource | Action | Data Reader | Data Contributor | Standard member | Advanced member | Priviledged member | Accountable | Local Support Team*** |
Virtual machine | ||||||||
RDP / Bastion | X | X | ✔ | ✔ | ✔ | ✔ | X | |
Start/stop | X | X | ✔ | ✔ | ✔ | ✔ | X | |
Manage & Monitor | X | X | ✔ | ✔ | ✔ | ✔ | X | |
Create | X | X | X | X | ✔ | ✔ | X | |
Generalize | X | X | X | X | ✔ | ✔ | X | |
Resize | X | X | X | ✔ | ✔ | ✔ | X | |
Rename | X | X | X | ✔ | ✔ | ✔ | X | |
Delete | X | X | X | X | ✔ | ✔ | X | |
Install software in VM | X | X | X | ✔ | ✔ | ✔ | X | |
Admin in VM | X | X | X | ✔ | ✔ | ✔ | X | |
Auto-shutdown on/off | X | X | X | X | ✔ | ✔ | X | |
Auto-shutdown time/timezone | X | X | X | X | ✔ | ✔ | X | |
Data or Files | ||||||||
List | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | X | |
Read | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | X | |
Create folder | X | ✔ | ✔ | ✔ | ✔ | ✔ | X | |
Upload | X | ✔ | ✔ | ✔ | ✔ | ✔ | X | |
Download request | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | X | |
Data transfer | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | X | |
Delete | X | X | ✔ | ✔ | ✔ | ✔ | X | |
Create Folder | X | ✔ | ✔ | ✔ | ✔ | ✔ | X | |
Copy, cut & paste | X | X | ✔ | ✔ | ✔ | ✔ | X | |
View file properties | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | X | |
Rename file | X | X | ✔ | ✔ | ✔ | ✔ | X | |
Data Egress Request | ||||||||
Download and workspace-to-workspace transfer | Read (=Request) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | X |
Approve request | X | X | X | X | ✔ | ✔ | X | |
Reject request | X | X | X | X | ✔ | ✔ | X | |
Preview request | X | X | X | X | ✔ | ✔ | X | |
Download files after approval* | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | X | |
Members | ||||||||
Read | X | X | ✔ | ✔ | ✔ | ✔ | X | |
Add | X | X | ✔ | ✔ | X | |||
Remove | X | X | only self-remove | only self-remove | ✔ | ✔ | X | |
Change role | X | X | X | X | ✔ | ✔ | X | |
Budget | ||||||||
Read | X | X | ✔ | ✔ | ✔ | ✔ | X | |
Create | X | X | X | X | ✔ | ✔ | X | |
Edit | X | X | X | X | ✔ | ✔ | X | |
Delete | X | X | X | X | ✔ | ✔ | X | |
Read | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | X | |
External access | ||||||||
IP ports | Read | X | X | ✔ | ✔ | ✔ | ✔ | X |
Create | X | X | X | X | ✔ | ✔ | X | |
Delete | X | X | X | X | ✔ | ✔ | X | |
Enable/disable | X | X | X | X | ✔ | ✔ | X | |
API | Read | X | X | X | X | ✔ | ✔ | X |
Create | X | X | X | X | ✔ | ✔ | X | |
Delete | X | X | X | X | ✔ | ✔ | X | |
Domain allowlist** | Request | X | X | X | X | ✔ | ✔ | ✔ |
** ticket based requests
*** Local Support team member does not have access to the workspace unless invited
Related Articles
Adding, removing, changing roles
Adding members to a workspace On myDRE platform, Workspace Accountable and Workspace Privileged member can invite or add members with existing @mydre.org accounts to their workspace. Simply navigate to the Members tab of your workspace and select the ...What is workspace management?
By workspace management, we mean the administrative tasks that workspace Accountable and Privileged members of the workspace can ánd should perform to ensure smooth operation of the workspace. It includes: Adding, removing, changing roles: so to make ...What is a workspace?
A DRE workspace is a self-contained island where you can work and collaborate on your own data. Workspaces are especially suited for the analytical phase of your research; when you already have your data, and you need to prepare, combine and/or ...Requesting a workspace
Are you ready to work within a workspace? Then read below how you can request a workspace. To be able to request a workspace, you need to have an account on https://support.mydre.org. Note that this is not the same as your @mydre.org account. If you ...Shiny Server in a myDRE Workspace
Version = 2023-02-02 This instruction is used to get Shiny Server up and running in a Workspace. For your actual workloads you might need other size VMs. Also there is much more to be configured, but being able to get Shiny up and running is a good ...