Fine-grained authorization refactor (Users and Roles)
evaluating
Anton Tsyganov-Bodounov
Merged in a post:
Introduce Platform Admin Role Without Workspace Deletion Permissions
Anton Tsyganov-Bodounov
Add an additional platform admin-like role without workspace deletion privileges.
Andrew Dawson
evaluating
Rob Newman
acknowledged
Rob Newman
Merged in a post:
More fine-grained control of Pipeline visibility to specific users
W
Weekly Elk
Is it possible to get fine-grained control over what Pipelines a given user can see? I know this would be possible by splitting up the Pipelines into different Workspaces, but these Pipelines share all their infrastructure (Compute Environments, Credentials, Secrets), so it would be frustrating to recreate them across separate Workspaces. Is it possible to achieve this through shared Workspaces?
Note: we have other Workspaces that do not share the same infrastructure as this one, so we would not want those to also get any shared infrastructure.
Rob Newman
Merged in a post:
Ability for power users (Owner-role, Admin-role, Maintain-role) to assume Launch-role users
Jon Manning
When writing up processes for
Launch
role users I've encountered a number of problems when the features I've prototyped (tags, launch settings, etc) are unavailable to the users the process is defined for. As a a user with elevated role permissions, it would be very useful to interact with the Seqera Platform as if I were a user with the
Launch
role, so that I can work up processes that will work for everyone.Rob Newman
Merged in a post:
Allowing the user to provide a file in the launchpad?
O
Olive Aardvark
We are trying to deploy a demultiplexing / pre-processing pipeline on Seqera.
The input to the pipeline is typically a list of fastq files. Nevertheless, the users (which will be the customer) might want to give an additional metadata table, which will allow our script to re-name samples after demultiplexing, and thus allow the user to provide their own personalised sample names, a feature that is really important to us.
To our sense, the best way to do that would be to allow the user to provide an excel file as an input in the LaunchPad on Seqera. Our pipeline is able to read and process this excel file. The only problem is that we can only "Browse" files that are on the S3 buckets we deployed, but we would like the user to be able to browse its own computer's files.
Rob Newman
Merged in a post:
Launchpad user role is too restrictive
C
Charcoal Mandrill
The current
Launch
user role permissions in Seqera Platform is problematic due to two key restrictions that the role applies (due to the inability to adjust the "Pipeline Settings" during pipeline launching). These are:- the need to change Git revision (so users can compare results from different pipeline versions)
- the need to submit pipeline run using a params JSON instead of the Platform user interface
Both of these have ended up being critical deficiencies in the
Launch
user role. It's become a basic requirement for even the most simple usages that all Platform users need to be able to modulate the version (Git revision) of the pipeline they are running.Also, considering the sheer number of input parameters for many pipelines from nf-core (I think the nf-core
rnaseq
pipeline has ~60 input parameters) the usage of the Platform Launchpad UI to manually "click-ops" through the selection of a large set of custom parameters is not feasible. Even the most basic users end up needing to resort to using the params JSON for pipeline submission, both due to the size and complexity of the input pipeline params, but also for record-keeping so that they don't have to manually click ~60+ buttons in a UI every time they want to submit a Run with a given input params setup.
Rob Newman
Right now,
Maintain
role users and above can upload files when launching a pipeline and selecting input data file(s) via the Data Explorer modal window. Is this enough or do you need elevated Launch
role permissons? If so, please upvote the "Elevated Launch role" feature request or let us know and we can merge these feature requests.Drew DiPalma
Merged in a post:
Selectively hide pipelines across shared workspaces
G
Gold Orca
Shared workspace pipelines are currently all-or-nothing at the organization level. The platform does not allow for selective sharing.
We have ten workspaces and we would like to share a pipeline across nine of the workspaces but not the other one.
Ideally we would have one admin workspace where all shared pipelines could be published, then the admin user could decide which workspaces (based on certain user groups) have access to which shared pipelines. Today we have to publish the pipeline to several different workspaces independently and manually manage updates.
Y
Yellow sunshine Firefly
We currently have to use a dummy account for this, being to impersonate would be helpful.
Load More
→