Org Management

Video Tutorials: Managing members, removing members, creating new accounts

Several users can form an organization on DNAnexus, which is an entity with a common pool of funds that all users draw from. All projects billed to that organization (as well as all jobs run in those projects) will incur charges against the same pool of funds, regardless of user.

The Organizations list shows you the list of all orgs to which you have admin access. On this page, you can quickly see all of your orgs, the number of projects per org, and the funds available to the org. You can also see additional settings for each org by enabling optional columns (icon on the right side of the column headers).

Org Admin Guide

These operations are restricted to only org admins -- org members with ADMIN membership level.

If you are an admin of an org, you will be able to access the org admin tools from the header of the DNAnexus platform. From here, you can quickly navigate to the list of orgs you administer (via "All Orgs"), or to a specific org (e.g. Demo Organization in this example).

In the "Basic Information" section of the org settings tab, you will be able to see an overview of the org.

  • View and edit the organization name. This is how the org will be referred to in the UI and in email notifications

  • View the organization ID, the unique ID used to reference a particular org on the CLI (e.g. org-demo_org)

  • View the number of org members, org projects and org apps

  • View the list of organization admins

Minimum dx-toolkit version: These tools are only available in dx-toolkit v0.178.0 or later. To upgrade to the latest version of dx-toolkit, please run dx upgrade or visit our downloads page.

Update org policies

You can use the dx update org command to update your org policies.

To update the membership list visibility policy so all org members can view the list of org members, use the following command, replacing org-demo with your org ID.

$ dx update org org-demo --member-list-visibility MEMBER
Updated org-demo

To update the restrict project transfer policy so that only org admins can change the billing account of an org project, use the following command, replacing org-demo with your org ID.

$ dx update org org-demo --project-transfer-ability ADMIN
Updated org-demo

Via the UI

You can also update org policies for your org in the "Policies and Administration" section of the org settings tab. Here, you can both change the membership list visibility and restrict project transfer policies for the org and contact DNAnexus support to enable PHI data policies for org projects.

For general information about org policies, please see the Organizations page.

Edit org membership

Within an org page, the Members tab allows you to view all the members of the org, invite new members, remove existing members, and update existing members' permission levels.

To add existing DNAnexus user to your org, you can use the "+ Invite New Member" button from the org's Members tab. This will open a dialog where you can enter the user's username (e.g. smithj) or user-ID (e.g. user-smithj). Then you can configure the user's access level in the org.

  • Organization Membership: Whether they are a member or admin of the org.

  • Billable Activities Access: Whether the user should be able to create projects and apps billed to the org.

  • Shared Project Access: The maximum permission the user will have to projects that were shared with the org. For example, if this is set to "Contributor" but someone shares a project with the org at an Administrator level, this user will still only have Contributor access, even if other members of this org receive the full Administrator permissions.

  • Shared Apps Access: Whether the user should have access to apps shared with the org.

If you add a member to the org with billable activities access set to billing allowed, they will have the ability to create new projects billed to the org. However, adding the member will not change their default billing account. If the user wishes to use the org as their default billing account, they will have to set their own default billing account.

Additionally, if the member has any pre-existing projects that are not billed to the org, the user will need to transfer the project to the org if they wish to have the project billed to the org.

The user will receive an email notification informing them that they have been added to the organization.

Via the CLI

The dx add member command allows org admins to add existing DNAnexus users to a pre-existing org. The command will add a member to the org but will not set their default billing account; the member will have to set their own default billing account. Additionally, if the member has any pre-existing projects that are not billed to the org, the user will need to transfer the project to the org if they wish to have the project billed to the org.

Below are some examples of adding users to an org.

To add an existing user to an org with:

  • Membership level: MEMBER

  • Billable activities access: Allowed

  • Shared apps access: Allowed

  • Shared projects access: CONTRIBUTE

Use the following command, replacing org-demo with your org ID and xxxx in user-xxxx with the new member's username.

$ dx add member org-demo user-xxxx --level MEMBER --allow-billable-activities --project-access CONTRIBUTE
Invited user-xxxx to org-demo

To add an existing user to an org with:

  • Membership level: MEMBER

  • Billable activities access: Not allowed

  • Shared apps access: Not allowed

  • Shared projects access: VIEW

Use the following command, replacing org-demo with your org ID and xxxx in user-xxxx with the new member's username.

$ dx add member org-demo user-xxxx --level MEMBER --project-access VIEW --no-app-access
Invited user-xxxx to org-demo

To add another org admin to the org, use the following command, replacing org-demo with your org ID and xxxx in user-xxxx with the new member's username.

$ dx add member org-demo user-xxxx --level ADMIN
Invited user-xxxx to org-demo

For more information about adding members to an org, use the dx add members command with the -h flag.

Update membership access

From the org Members tab, you can edit the permissions for one or multiple members of the org. The option to "Edit Access" appears when you have one or more org members selected on the Members tab.

If you select only one member, you can specify their new access via the dialog.

You can also edit multiple members at the same time by selecting multiple members from the members list and clicking "Edit Access".

When you're editing multiple members, you have the option of changing only one access while leaving the rest as is. In the example below, we are editing the member access for User Alice and Jennifer Smith. In this case, we updating their access so both have the ability to create new projects billed to the org, Billing Allowed. We will keep all the rest of their permissions the same.

Via the CLI

The dx update member command allows org admins to update a member's access within an org.

To grant an existing org member billable activities access, use the following command, replacing org-demo with your org ID and xxxx in user-xxxx with the member's username.

$ dx update member org-demo user-xxxx --level MEMBER --allow-billable-activities true
Updated membership of user-xxxx in org-demo

To grant an existing org member shared projects access, use the following command, replacing org-demo with your org ID and xxxx in user-xxxx with the member's username.

$ dx update member org-demo user-xxxx --level MEMBER --app-access true
Updated membership of user-xxxx in org-demo

To update an existing org member's shared projects access, use the following command, replacing org-demo with your org ID, xxxx in user-xxxx with the member's username, and ACCESS with one of ADMINISTER, CONTRIBUTE, UPLOAD, VIEW, or NONE.

$ dx update member org-demo user-xxxx --level MEMBER --project-access ADMINISTER
Updated membership of user-xxxx in org-demo

To make an existing org member an org admin, use the following command, replacing org-demo with your org ID and xxxx in username with the member's username.

$ dx update member org-demo user-xxxx --level ADMIN
Updated membership of user-xxxx in org-demo

For more information about updating members' access and level in an org, use the dx update members command with the -h flag.

Remove a member from an org

Org admins can remove a member from an org using the dx remove member command. This command will remove the user from the org, revoking the user's access to projects and apps shared with the org. This command will also, by default and if applicable, remove the user's access to apps and projects billed to the org.

From the org Members tab, you can remove one or more members from the org. The option to "Remove" appears when you have one or more org members selected on the Members tab.

This will open the following dialog where you can confirm the action to remove members from the org. This action will revoke the user's access to all projects and apps billed to or shared with the org.

Via the CLI

To remove a member from an org, use the following command, replacing org-demo with your org ID and xxxx user-xxxx with the member's username. You will be prompted to confirm the removal of the user from the org.

$ dx remove member org-demo user-xxxx
WARNING: About to remove user-xxxx from org-demo; project
permissions will be removed and app permissions will be removed
Please confirm [y/n]: y
Removed user-xxxx from org-demo
Removed user-xxxx from the following projects:
None
Removed user-xxxx from the following apps:
None

For more information about removing members from an org, use the dx remove members command with the -h flag.

Org Projects

The org's Projects tab allows you to see the list of all projects billed to the org. This list will include all projects in which you have View and above permissions as well as projects that are billed to the org in which you do not have permissions (Not a Member).

You will be able to view all project metadata (e.g. the members list, data usage, creation date), as well as some other optional columns (e.g. project creator). To enable the optional columns, select the column from the dropdown menu to the right of the column names.

Grant yourself access to org projects

In addition to viewing the list of projects, org admins can give themselves access to any project billed to the org. If you select a project in which you are not a member, you will still be able to navigate into the project's settings page. From the project settings page, you will see a button allowing you to grant yourself Administer permissions to the project.

You will also be able to grant yourself Administer permissions if you are currently a member of a project billed to your org but you only have View, Contribute, or Upload permissions.

List all org projects

To list all org projects, including projects to which you do not have access, use the dx find org projects command, replacing org-demo with your org ID.

# List all org projects
$ dx find org projects org-demo
project-xxxx : my_new_project (ADMINISTER)
project-yyyy : example_project (CONTRIBUTE)
# Return only the project IDs for all projects billed to the
org
$ dx find org projects org-demo --brief
project-xxxx
project-yyyy
# Return JSON-formatted string of org projects and project metadata
$ dx find org projects org-demo --json
[
{
"level": "ADMINISTER",
"describe": {
"id": "project-xxxx",
...
You can also use JQ (a [command-line JSON parser](https://stedolan.github.io/jq/))
to format a command-delimited list of project-ID, project name, your access
level , project creator, and number of bytes stored in the project.
$ dx find org projects org-demo --json | jq -r '.[] .describe | .id + "," + .name + "," + .level + "," + .createdBy.user + "," + (.dataUsage | tostring)'
project-xxxx,my_new_project,ADMINISTER,user-xxxx,0.059
project-yyyy,example_project,CONTRIBUTE,user-yyyy,0.048

Org Billing and Finance

Set or update org billing information

Org admins can set or update billing information for their respective orgs in the profile settings page. This page is accessible by clicking on your name in the header and going to "Profile". You can edit your billing information and set your default billing account in the "Account" tab, under "Billing Accounts".

On this page, you will see all all the orgs you administer as well as all the orgs where you have been granted billable activities access. To set the billing information for an org you administer, click on the "View/Edit Info" link for your org's billing account and fill out the form.

By setting the billing information for an org, you are designating somebody to be responsible for handling invoices sent by DNAnexus. This person can be you, somebody within your company's finance department, or someone else. All invoices will be sent to the person listed in the billing information.

Once you click the "confirm billing" button, an email will be sent to the billing email address asking for confirmation. Until the billing recipient activates the confirmation link contained in the email, your billing account will not be updated. Orgs must have confirmed billing information or a non-negative spending limit remaining in order to incur charges on behalf of the org.

View historical charges and spending limit

You can view the historical charges for your org -- total storage costs, compute costs, and estimated spending limit remaining (if applicable) -- in the "Billing Information" tab of your profile page. This page is accessible by clicking on your name in the header and going to "Profile". You can edit your billing information and set your default billing account in the "Account" tab, under "Billing Accounts".

This section is only visible if your org is a billable org; that is, if your org has confirmed billing information or has a non-negative spending limit remaining. The "Estimated Charges" section of the org allows org admins to view the total charges accumulated over the lifetime of an account.

The "Funds Left" shows org admins how much is left of the org's spending limit. If your org does not have a spending limit, your org is unlimited, and this box will show as n/a. See below for more information about spending limits and how to set a spending limit for your org.

You can set or modify a spending limit for org activities. Spending limits can help you associate your activities on DNAnexus to a fixed budget amount or a purchase order.

As an org admin, you can use the "Set / Update Spending Limit" link in the "Funds Remaining" box to contact support@dnanexus.com to request a spending limit change. Please note that this is only a request to change the spending limit. The DNAnexus support team may follow up with you via email to clarify the change before it takes effect.

Set a spending limit for your org

If you are an org admin, you can set a spending limit for your org by contacting support@dnanexus.com from the email address associated with your DNAnexus account. Each org can have a single spending limit for org activities and spending limits can be increased or decreased by the org admin. Spending limits can help you associate your activities on DNAnexus to a fixed budget amount or to a purchase order.

Learn More About An Org

List all org members

From the org Members tab, you can quickly see the names and access levels for all org members.

To list all the members of an org using the CLI, use the dx find org members command, replacing org-demo with your org ID.

# List all org members & admin
$ dx find org members org-demo
user-xxxx : Jane Doe (ADMIN)
user-yyyy : John Doe (MEMBER)
# List only org admin
$ dx find org members org-demo --level ADMIN
user-xxxx : Jane Doe (ADMIN)
# Return only user IDs of org members & admin
$ dx find org members org-demo --brief
user-xxxx
user-yyyy

List all org apps

To list all the apps billed to your app, use the dx find org apps command, replacing org-demo with your org ID.

# Return list of all org apps
$ dx find org apps org-demo
Example App (example_app), v0.0.1

Grant Yourself Access to Org Objects

Give yourself access to any org project

Org admins can give themselves access to any project billed to the org by using the dx invite command. To invite yourself to a project with ADMINISTER access, use the following command, replacing project-xxxx with the project ID of the org project you want access to and user-xxxx with your username. The --no-email flag will suppress the email that would normally be sent notifying you that you have been given access to a project.

$ dx invite user-xxxx project-xxxx --no-email
Invited user-xxxx to project-xxxx (accepted)

For more information about inviting yourself to a project, use the dx invite command with the -h flag.

Grant yourself access to any org app

Org admins can grant themselves developer access to any app billed to the org. App developers can publish new app versions, deprecate old app versions, and manage the group of developers and authorized users of the app.

$ dx add developers app-xxxx user-xxxx

Creating an Organization

If you would like to set up an organization for several DNAnexus users to join, please contact us at DNAnexus support. Organizations fall into two categories: unlimited and limited.

Unlimited Organizations

Unlimited organizations have no monthly limit on the amount they spend; users can do whatever they wish, and projects and jobs billed to unlimited organizations are not in danger of running out of credit. The organization's billing recipient will receive a monthly statement of all users' activity during the previous billing cycle.

Limited Organizations

A limited organization has a cap on its spending, and all projects billed to that organization (as well as all jobs run in those projects) will incur charges against that cap, regardless of user. Limited organizations can ensure that bills do not become unexpectedly large, but at the cost of flexibility.

Users whose primary organization is limited will see how much credit is available to that organization in the upper right corner of the platform. You can also see the available funds by going to the profile page by clicking on your name in the upper right corner and clicking Profile from the dropdown menu.

If you wish to request more funds for your limited organization, please contact us at DNAnexus support.

Advanced Org Options

Provision new DNAnexus accounts

Org admins have the ability to provision new DNAnexus accounts on behalf of the org. The user will then receive an email with instructions to activate their account and set their password. This feature is not available by default -- if you are an org admin, please contact DNAnexus support for more information about provisioning user accounts.

If this feature has already been turned on for an org you administer, you can create new accounts using the dx new user command.

To create a new user and add them to your org as a member with billable activities access and set their default billing account to the org, use the following command. You will need to provide the following information:

  • EMAIL: the user's email -- there cannot be multiple accounts associated with the same email

  • USERNAME: the user's username -- must be a unique username

  • FIRST: the user's first name

  • LAST: the user's last name

$ dx new user --username USERNAME --email EMAIL --first FIRST --last LAST --org org-demo --level MEMBER --set-bill-to
Created new user account (user-xxxx)

For more information about provisioning new user accounts, run the dx new user command with the -h flag.

Org admins have the ability to create new DNAnexus accounts on behalf of the org. The user will then receive an email with instructions to activate their account and set their password.

Limited Feature Note:

This feature is not available by default. If you are an org admin, please contact DNAnexus support for more information about provisioning user accounts.

If this feature has already been turned on for an org you administer, you will see an option to "Create New User" when you invite a new member.

The dialog will expand to allow you to specify a username (e.g. alice or smithj), the new user's name, and email address. This dialog will automatically create a new user account for the given email address and add them as a member in the org.

Please note that if you create a new user and set their Billable Activities Access to Billing Allowed, we recommend that you set the org as the user's default billing account. This option is available as a checkbox under the Billable Activities Access dropdown.

Enable PHI features for your org

PHI (Protected Health Information) refers to identifiable health information that can be linked to a specific person. PHI Data Protection guards the confidentiality and integrity of the data stored in your project in compliance with HIPAA. You must sign a BAA (Business Associate Agreement) with DNAnexus in order to enable this feature.

If you are an org admin and interested in enabling PHI features for your org, please contact DNAnexus support.