Data on the DNAnexus Platform is organized inside data containers which can be thought of as different hard drives or storage devices. A data object, e.g. a file, applet, etc., must always reside in a data container to be accessible. There are two classes of data containers: projects and the more generic containers. Projects are special cases of containers intended for collaboration; access permissions are controlled by the users who have administrative access to the project.
When an object is first created, it must always be created inside a project or container. However, objects may be cloned (copied) into other containers if they have been closed to future modifications (more details in Data Object Lifecycle). Removing an object from a container does not affect any remaining copies of the object in other containers.
Permissions are applied on projects and containers as a whole.
The access permissions for a project are controlled by the users with ADMINISTER access (the creator of a project is automatically granted ADMINISTER access).
Generic containers will have permissions resolved differently depending on their purpose.
The permissions on a project or container are stored as a list of members and their associated permission level. A member is any user. Permission levels are:
VIEW: Allows read-only access to data objects and their metadata in a data container.
UPLOAD: Allows "VIEW", the ability to create new folders and data objects, modify the metadata of open data objects, and close data objects. UPLOAD can also modify open files.
CONTRIBUTE: Allows "UPLOAD", the ability to modify the contents of all types of data objects, and delete objects if the "PROTECTED" flag on the container is set to false.
ADMINISTER: Allows "CONTRIBUTE", the ability to modify the member list and to modify or delete the data container.
(For a precise definition of what each permission level allows, see the PermissionDenied error of individual routes. Briefly, "metadata" refers to object names, tags, types, properties, table column names, file media types, etc.; "content" refers to details, file contents, table rows, table entries, etc.).
For generic information about managing data in either projects or containers, see the following pages:
Folders and Deletion: for organizing and managing data within a data container
Cloning: for copying data between data containers
For more details specific to projects and managing their permissions, see the following pages:
Projects: for creating projects and updating their metadata
Project Permissions and Sharing: for inviting and removing other DNAnexus users to your project and making your project available to the public
For more details specific to containers of class "container", see the following:
Containers for Execution: for describing containers created for apps and job execution