Throughout this page and elsewhere in this documentation, you'll see references to IDs. Every entity on the Platform - whether it's a project, data object, app, or job - has a unique entity ID. A project, for example, might have the ID
This system ensures that there is always a fixed, machine-readable ID by which you can refer to any entity, even if its name changes.
You can collaborate with other users by making a project, adding data to it, and sharing it with other users.
When you add data by copying or cloning it from a different project, each underlying data objects keeps its original ID. To refer to a particular copy of a data object, you have to specify both the project and the data object.
Project members can rename their project's copy of a data object, and annotate it with different tags and properties. But the underlying data is immutable.
Keeping the same object ID across projects has a number of advantages. It allows the system to avoid billing the same file twice when computing storage costs across projects, and differentiates two data objects if they have the same file name.
From the user interface, there are a number of actions you can perform on each object in the project by selecting the item, right-clicking on the item, or using the menu at the end of the item's row.
Different actions are available when different objects are selected. Available actions include:
Download: File objects can be directly downloaded from the system.
Info: This action opens a window with more information about the object. Every DNAnexus object has a unique, unambiguous identifier. Objects also carry metadata about their owners, time of creation, size, tags, properties, and other properties which help with data organization and search.
Delete: Removes selected objects from the system. A confirmation window appears before deletion. Deletion of data from the system cannot be undone.
Copy data to another project: To copy data from the current project and into another one for which you have CONTRIBUTE or greater permissions, first select all the objects for copying. Selecting Copy from the action bar opens the project browser window to allow you to select which project, and where within that project to place the selected items. Copying occurs instantly.
You can create a project by clicking on the New Project button on the Project list page. Enter a project name and select the project's billing account.
You can also add metadata, such as a short project description, tags, and properties, and set up project billing and access controls.
You can collaborate on the platform by sharing projects with other DNAnexus users. You can give access to projects to individual users or a group of users within an organization at the levels described below. Access to projects can be revoked at any time by the project administrator.
Allows users to browse and visualize data stored in the project, download data to their local computer, and copy the data to further analyze it in their own projects.
Gives users VIEW access, plus the ability to create new folders and data objects, modify metadata of open data objects, and close data objects.
Gives users UPLOAD access, plus the ability to run executions directly in the project.
Gives users CONTRIBUTE access, plus the power to change project permissions and policies, including giving other users access, revoking access, transferring project ownership, and deleting the project.
You can give individual users access to a project at any of these access levels by sharing the project with them.
For example, suppose you have a collaborator who is interested in downloading some of your data. You can upload the data into a new project and share that new project with your collaborator, granting your collaborator VIEW access.
As another example, suppose you have a collaborator who is contributing some of the data that you are working on together. You can create a new project for your collaboration and upload your data to the project. You can then give your collaborator CONTRIBUTE access to the project so that they can also upload their data and run analyses. Both of you will then be able to use the shared data to perform downstream analyses on the data sets.
To share a project with a user or org, click the Share icon in the upper-right corner of the project page.
The resulting dialog box shows the current list of project members and lets you add a new member:
Type the username or the email address of an existing DNAnexus user (e.g.
user-smithj) or an org (e.g.
Pick an access level.
Click Add User.
Repeat the above steps to add more users.
To remove a user or org from a project in which you have ADMINISTER access open the Share dialog to see the members.
You can remove a user by finding the appropriate username and clicking the Remove.
To leave a project, select Leave Project from the project Settings. (In certain cases, this option may be unavailable to prevent a project from entering an abandoned state.)
Users with ADMINISTER access to projects can configure several different access policies for the project, which restrict how the data can be modified or copied to other projects.
The following policies exist:
Dictates whether project members can copy data to other projects or use data as input to executions in other projects. If not allowed, no users can copy data to other projects and no user can use data as analysis inputs that are executed in other projects.
Allowed (default) or Not Allowed
Dictates whether project members with CONTRIBUTE access to the project can delete data from the project. If not allowed, only members with ADMINISTER access to the project can delete data.
Allowed (default) or Not Allowed
Dictates whether project members can download data. If not allowed, no user can download data to their local machine.
Allowed (default) or Not Allowed
PHI Data Protection
If PHI Data Protection is enabled for a project, data in the project will be considered protected health information (PHI) and will be subject to additional restrictions to ensure security and compliance.
Not Enabled (default) or Enabled
If the database UI View Only flag is enabled (True), for project VIEWERS, databases in the project can only be accessed from the cohort browser. All other roles can continue to use databases with full functionality. All other file types are subject to the expected project policies.
This flag can only be set through dx-toolkit and only impact Apollo customers.
Not Enabled (default) or Enabled
Users can view or configure access policies for a given project on the project Settings.
Storage costs, data egress costs (where applicable), and compute costs associated with executions run in a particular project are invoiced to the project's billing account. You can bill a project to your own account (e.g.
user-smithj) or to an org in which you have permissions to perform billable activities.
Users with UPLOAD or greater project access level to the project will be able to add more data to the project, incurring storage charges. Users with VIEW or greater access will be able to download data and incur egress charges. Users with CONTRIBUTE or ADMINISTER access will be able to launch new executions and incur compute and egress charges.
If you need to assign financial responsibility for a project to a different entity, you may change the project's billing account. To be able to do that, the following conditions must be met:
You must have ADMINISTER access to the project.
If the project is currently billed to an org, you must be a member of that org. (Depending on org policies, you may also be required to be an admin of that org).
There are two ways to change the project's billing account.
If the new billing account is an org in which you already have billable activities access, you can directly select the new billing account in the Billed To dropdown in the project Settings.
For all other cases, you must initiate a project transfer, and have it accepted by the other party, as discussed in the next section.
To initiate a project transfer, click on Settings and select Transfer to Another User.
This will open a dialog for you to enter the email address or username of the user to whom you want to transfer the project. You cannot explicitly choose an org to transfer the project to; it is up to the recipient to choose an org when they accept the transfer.
When you select Send Transfer Request, the system will grant VIEW access to the recipient (if they are not already a member of the project). No other permissions are changed at this time. The recipient will also receive an email notifying them that you have requested to transfer a project.
The recipient will then have to log into the platform, navigate to the project, and accept the transfer by choosing a new billing account. Once they do that, their access is changed to ADMINISTER. No other changes are made; it is the responsibility of the recipient to adjust any other permissions (e.g. to remove your access if needed). The transfer is not complete until the recipient has accepted the transfer request.
If you change your mind after sending a project transfer request and the recipient has not yet accepted the transfer, you can cancel the request. To do this, navigate to the project, where you will see a Pending Project Ownership Transfer notification in the project header. Select Cancel Transfer to cancel the transfer.
When another user initiates a project transfer to you, you'll receive a project transfer request via email notification and in your list of notifications in the platform header. If you do not already have access to the project being transferred, you will be given VIEW access to the project and it will show up in your projects list. When navigating into the project, you will see a Pending Project Ownership Transfer notification in the project header.
To accept the transfer, click Accept Transfer and select a new billing account for the project from the dropdown of eligible accounts.
PHI (Protected Health Information) refers to identifiable health information that can be linked to a specific person. Once enabled for a project, PHI Data Protection safeguards the confidentiality of data stored in that project, in compliance with HIPAA.
What does the PHI flag do?
Turning on the PHI flag at the org level prevents public disclosure of data in projects for which PHI Data Protection has been enabled. This flag propagates to jobs and tokens, to ensure the protection of PHI.
Once PHI Data Protection is enabled for a project, the following restrictions apply to the project:
Objects in the project cannot be copied to other projects for which PHI Data Protection has not been enabled
Data in the project cannot be accessed by jobs running in other projects for which PHI Data Protection has not been enabled
Job email notifications sent from the project will refer to objects by object ID instead of by name, to add an extra layer of security. Other information in the notification may be elided. To view the full notification message, you will need to log onto the DNAnexus Platform.
When an analysis fails in a project without PHI Data Protection, the Platform sends a notification email containing the last 10 lines of the log (
stderr of execution). But logs may contain PHI, and email is an insecure medium. For projects with PHI Data Protection enabled, this notification email does not include this log detail. Users must log into the Platform to get full details on the failed analysis.
Once enabled for a project, PHI Data Protection cannot be disabled.
Project sponsorship allows a user or org (the "initial sponsor") to sponsor the storage cost for data objects stored in a project until the sponsorship end date. During the sponsorship period, other users may copy and store the data in their own projects without incurring storage charges.
The sponsorship end date is set at the time of project sponsorship and may be changed by the initial sponsor at any time. Projects that are sponsored may not be transferred or deleted. If you wish to delete or transfer a sponsored project, you will first need to end the sponsorship.