About Projects

On the DNAnexus Platform, a project is first and foremost a means of enabling users to collaborate, by providing them with shared access to specific data and tools.

Projects have a series of features designed to facilitate collaboration, help project members coordinate and organize their work, and ensure appropriate control over both data and tools.

Managing Project Content

A key function of each project is to serve as a shared storehouse of data objects used by project members as they collaborate.

Click on a project's Manage tab to see a list of all the data objects stored in the project. Within the Manage screen, you can browse and manage these objects, with the range of available actions for an object dependent on its type.

The following are four common actions you can perform on objects from within the Manage screen.

Downloading Files

File objects can be directly downloaded from the system. To download a file:

1. Select its row, then click the More Actions button - the "..." icon - at the end of the row showing the file's name.

2. Select "Download" from the list of available actions.

3. Follow the instructions in the modal window that opens.

Getting More Information on Objects

To learn more about an object:

1. Select its row, then click the Show Info Panel button - the "i" icon - in the upper corner of the Manage screen.

2. Select the row showing the name of the object about which you want to know more. An info panel will open on the right, displaying a range of information about the object. This will include its unique ID, as well as metadata about its owner, time of creation, size, tags, properties, and more.

Deleting Objects

To delete an object:

1. Select its row, then click on the More Actions button - the "..." icon - at the end of the row.

2. Select "Delete" from the list of available actions.

3. Follow the instructions in the modal window that opens.

Copying Data to Another Project

1. Select the object or objects you want to copy to a new project, by clicking the box to the left of the name of each object in the objects list.

2. Click the Copy button in the upper right corner of the Manage screen. A modal window will open.

3. Select the project to which you want to copy the object or objects, then select the location within the project to which the objects should be copied.

4. Click the Copy Selected button.

Access and Sharing

Adding Project Members

You can collaborate on the platform by sharing a project with other DNAnexus users. On sharing a project with a user, or group of users in an organization, they become project members, with access at one of the levels described below. Project access can be revoked at any time by a project administrator.

Removing Project Members

To remove a user or org from a project to which you have ADMINISTER access:

1. On the project's Manage screen, click the Share Project button - the "two people" icon - in the top right corner of the page. A modal window will open, showing a list of project members.

2. Find the row showing the user you want to remove from the project.

3. Move your mouse over that row, then click the Remove from Members button at the right end of the row.

Project Access Levels

Project Access Levels: Two Examples

Suppose you have a set of samples sequenced at your lab, and you have a collaborator who's interested in three of the samples. You can upload the data associated with those samples into a new project, then share that new project with your collaborator, granting him or her VIEW access.

Alternatively, suppose that you and your collaborator are working on the same tissue samples, but each of you wants to try a different sequencing process. You can create a new project, then upload your sequenced data to the project. Then grant your collaborator UPLOAD access to the project, allowing him or her to upload his or her data. You'll then both be able to use one another's data to perform downstream analyses.

Restricting Access to Executables

A project admin can configure a project to allow project members to run only specific executables as root executions. The list of permitted executables is set by entering the following command, via the CLI:

$ dx update project project-xxxx --allowed-executables applet-yyyy --allowed-executables workflow-zzzz [...] 

Note that by entering this command, you will overwrite any existing set of permitted executables.

To unset the list, and thus permit project members to run all available executables as root executions, enter the following command:

$ dx update project project-xxxx --unset-allowed-executables 

Note that executables that are called by a permitted executable are permitted to run, even if they are not included in the list.

Project Data Access Controls

Users with ADMINISTER access to a project can restrict the ability of project members to view, copy, delete, and download project data. The project-level boolean flags below provide fine-grained data access control. All data access control flags default tofalse and can be viewed and modified via CLI and platform API. protected, restricted, downloadRestricted, externalUploadRestricted and containsPHI settings can be viewed and modified in the project's Settings web screen as described below.

• protected: If set to true, only project members with ADMINISTER access to the project can can delete project data. Otherwise, project members with ADMINISTER and CONTRIBUTE access can delete project data. This flag corresponds to the Delete Access policy in the project's Settings web interface screen.

• restricted: If set to true,

  • data in this project cannot be cloned to another project

  • data in this project cannot be used as input to a job or an analysis in another project

  • any running app or applet that reads from this project cannot write results to any other project

  • a job running in the project will have singleContext flag set to true irrespective of the singleContext value supplied to /job/new and /executable-xxxx/run, and will only be allowed to use the job's DNAnexus authentication token when issuing requests to the proxied DNAnexus api endpoint within the job. Use of any other authentication token will result in an error.

  This flag corresponds to the Copy Access policy in the project's Settings web interface screen.

• downloadRestricted: If set to true, data in this project cannot be downloaded outside of the platform. For database objects, users would not be able to access the data in the project from outside DNAnexus. This includes read and write operations. This flag corresponds to the Download Access policy in the project's Settings web interface screen.

• databaseUIViewOnly: If set to true, project members with VIEW access will have their access to project databases restricted to the Cohort Browser only. This feature is only available to customers with an Apollo license. Contact DNAnexus Sales for more information.

• containsPHI: If set to true, data in this project is treated as Protected Health Information (PHI), an identifiable health information that can be linked to a specific person. PHI data protection safeguards the confidentiality and integrity of the project data in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by imposing additional restrictions documented in PHI Data Protection section. This flag corresponds to the PHI Data Protection setting in the Administration section of a project's Settings web interface screen.

• displayDataProtectionNotice: If set to true, ADMIN users will be able to turn on/off the ability to show a Data Protection Notice to any users accessing the selected project. If the Data Protection Notice feature is enabled for a project, all users, when first accessing the project, will be required to review and confirm their acceptance of a requirement not to egress data from the project. Note that a license is required to use this feature. Contact DNAnexus Sales for more information.

• externalUploadRestricted: If set to true, external file uploads to this project (from outside the job context) are rejected. The creation of Apollo databases, tables, and inserts of data into tables is disallowed from Thrift with a non-job token. This flag corresponds to the External Upload Access policy in the project's Settings web interface screen. A license is required to use this feature. Contact DNAnexus Sales for more information.

PHI Data Protection

Protected Health Information, or PHI, is identifiable health information that can be linked to a specific person. On the DNAnexus Platform, PHI Data Protection safeguards the confidentiality and integrity of data in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

When PHI Data Protection is enabled for a project, it is subject to the following protective restrictions:

• Data in this project cannot be cloned to other projects that do not have containsPHI set to true

• Any jobs that run in non-PHI projects will not be able to access any data that can only be found in PHI projects

• Job email notifications sent from the project refer to objects by object ID instead of by name, and other information in the notification may be elided. If you receive such a notification, you can view the elided information by logging onto the Platform and opening the notification and accessing it in the Notifications pane, accessible by clicking the "bell" icon at the far right end of the main menu.

• Apollo database access is subject to additional restrictions

• Once PHI Data Protection is activated for a project, it cannot be disabled.

Billing and Charges

On the DNAnexus Platform, running analyses, storing data, and egressing data are billable activities, and always take place within a specific project. Each project is associated with a billing account, to which invoices are sent, covering all billable activities carried out within the project.

Transferring Project Billing Responsibility

Transferring Billing Responsibility to Another User

If you have ADMINISTER access to a project, you can transfer project billing responsibility to another user, by doing the following:

1. On the project's Settings screen, scroll down to the Administration section.

2. Click the Transfer Billing button. A modal window will open.

3. Enter the email address or username of the user to whom you want to transfer billing responsibility for the project.

4. Click Send Transfer Request.

The user will receive an email notification of your request. To finalize the transfer, he or she must log onto the Platform and formally accept it.

Transferring Billing Responsibility to an Org

If you have billable activities access in the org to which you wish to transfer the project, you can change the billing account of the project to the org. To do this, navigate to the project settings page by clicking on the gear icon in the project header. On the project settings page, you can then select which to which billing account the project should be billed.

If you do not have billable activities access in the org you wish to transfer the project to, you will need to transfer the project to a user who does have this access. The recipient will then be able to follow the instructions below to accept a project transfer on behalf of an org.

Cancelling a Transfer of Billing Responsibility

You can cancel a transfer of project billing responsibility, so long as it hasn't yet been formally accepted by the user in question. To do this:

1. Select All Projects from the Projects link in the main menu. Open the project in question. You'll see a Pending Project Ownership Transfer notification at the top of the screen.

2. Click the Cancel Transfer button to cancel the transfer.

Accepting a Transfer Request

When another user initiates a project transfer to you, you’ll receive a project transfer request, via both an email, and a notification accessible by clicking the Notifications button - the "bell" - at the far right end of the main menu.

Note that if you did not already have access to the project being transferred, you'll get VIEW access, and the project will appear in the list on the Projects screen.

To accept the transfer:

1. Open the project. You'll see a Pending Project Ownership Transfer notification in the project header.

2. Click the Accept Transfer button.

3. Select a new billing account for the project from the dropdown of eligible accounts.

Projects with the Auto-Symlink feature Enabled

If the auto-symlink feature has been enabled for a project, billing responsibility for the project cannot be transferred. See this documentation for more on the auto-symlink feature.

Projects with PHI Data Protection Enabled

If a project has PHI Data Protection enabled, it may only be transferred to an org billing account which also has PHI Data Protection enabled.

Sponsored Projects

Ownership of sponsored projects may not be transferred without the sponsorship first being terminated.

Project Sponsorship

A user or org can sponsor the cost of data storage in a project for a fixed term. During the sponsorship period, project members may copy this data to their own projects and store it there, without incurring storage charges.

On setting up the sponsorship, the sponsor sets it end date. The sponsor can change this end date at any time.

Billing responsibility for sponsored projects may not be transferred.

Sponsored projects may not be deleted, without the project sponsor first ending the sponsorship, by changing its end date to a date in the past.

For more information about sponsorship, contact DNAnexus Support.

Learn More

See the Org Management page for detailed information on projects that are billed to an org.

Learn about accessing and working with projects via the CLI:

• Project Navigation

• Path Resolution

Learn about working with projects as a developer:

• Project API Specifications

• Project Permissions and Sharing