DNAnexus Documentation
DNAnexus Documentation
Getting Started
Developers
Downloads
Science Corner
Overview
Getting Started
User
Developer
Developing Portable Pipelines
Interactive Workstations
Apps
Workflows
Apollo Tools
Creating Custom Viewers
Client Libraries
DNAnexus API
Entity IDs
Protocols
Authentication
Regions
Nonces
Users
Organizations
Data Containers
Folders-and-Deletion
Cloning
Projects
Project Permissions and Sharing
Data Object Lifecycle
Data Object Metadata
Data Object Classes
Running Analyses
Search
System Methods
Directory of API Methods
DNAnexus Service Limits
Administrator
Science Corner
Downloads
FAQs
Release Notes
Contacting Technical Support
Powered by GitBook

Data Containers

Data on the DNAnexus Platform is organized inside data containers which can be thought of as different hard drives or storage devices. A data object, e.g. a file, applet, etc., must always reside in a data container to be accessible. There are two classes of data containers: projects and the more generic containers. Projects are special cases of containers intended for collaboration; access permissions are controlled by the users who have administrative access to the project.

When an object is first created, it must always be created inside a project or container. However, objects may be cloned (copied) into other containers if they have been closed to future modifications (more details in Data Object Lifecycle). Removing an object from a container does not affect any remaining copies of the object in other containers.

Access and Permissions

Permissions are applied on projects and containers as a whole.

  • The access permissions for a project are controlled by the users with ADMINISTER access (the creator of a project is automatically granted ADMINISTER access).

  • Generic containers will have permissions resolved differently depending on their purpose.

  • The permissions on a project or container are stored as a list of members and their associated permission level. A member is any user. Permission levels are:

    • VIEW: Allows read-only access to data objects and their metadata in a data container.

    • UPLOAD: Allows "VIEW", the ability to create new folders and data objects, modify the metadata of open data objects, and close data objects. UPLOAD can also modify open files.

    • CONTRIBUTE: Allows "UPLOAD", the ability to modify the contents of all types of data objects, and delete objects if the "PROTECTED" flag on the container is set to false.

    • ADMINISTER: Allows "CONTRIBUTE", the ability to modify the member list and to modify or delete the data container.

(For a precise definition of what each permission level allows, see the PermissionDenied error of individual routes. Briefly, "metadata" refers to object names, tags, types, properties, table column names, file media types, etc.; "content" refers to details, file contents, table rows, table entries, etc.).

More on Projects and Containers

For generic information about managing data in either projects or containers, see the following pages:

For more details specific to projects and managing their permissions, see the following pages:

  • Projects: for creating projects and updating their metadata

  • Project Permissions and Sharing: for inviting and removing other DNAnexus users to your project and making your project available to the public

For more details specific to containers of class "container", see the following:

Previous
Organizations
Next
Folders-and-Deletion
Last updated 1 year ago
Contents
Access and Permissions
More on Projects and Containers