The DNAnexus platform can not only store files and run analyses in the cloud. You can also use the platform to collaborate on, annotate, and visualize your data. This page explains the details of how files are stored as objects, uniquely identified, and referenced on the platform.
All entities on the DNAnexus platform -- projects, data objects, apps, or jobs -- have unique IDs (e.g.
project-BQpp3Y804Y0xbyG4GJPQ01xv). These IDs must be used when trying to access or modify DNAnexus entities via our API. (You may also refer to these entities by name using our website, client libraries, and tools.) One of the key advantages of this system is that there is always a fixed machine-readable ID by which you can refer to something, even if its name changes.
You can collaborate with other users by making a project, adding data to it, and sharing it with other users.
When you add data by copying or cloning it from a different project, the underlying data objects keep the same IDs. To refer to a particular copy of a data object, you have to specify both the project and the data object.
Members of the other project are free to rename their copy and annotate it with different tags and properties. However, the underlying data is immutable so that all viewers see the same data.
Keeping the same object ID across projects has a number of advantages. It makes it easy for us to charge you only once for the same data you might have in multiple projects, and it makes it easy for you to tell when two data objects are actually the same even if they have different names in different projects.
NOTE: Some metadata are locked down and can never be changed once the data object is closed. These fields are considered an integral part of the data object itself. This is discussed more in the next section.
You can view the contents of a project from the Projects section of the user interface. Each object in the project also has actions that can be performed by selecting the item, right-clicking on the item, or using the menu at the end of the item's row.
Different actions are available when different objects are selected. Available actions include:
Download: File objects can be directly downloaded from the system.
Info: This action opens a window with more information about the object. Every DNAnexus object has a unique unambiguous identifier. Objects also carry metadata about their owners, time of creation, size, tags, properties, and other properties which help with data organization and search.
Delete: Removes selected objects from the system. A confirmation window appears before deletion. Deletion of data from the system cannot be undone.
Copy data to another project: To copy data from the current project and into another one for which you have CONTRIBUTE or greater permissions, first select all the objects for copying. Selecting Copy from the action bar opens the project browser window to allow you to select which project, and where within that project to place the selected items. Copying occurs instantly.
NOTE: While it is possible to copy data between projects (when you have sufficient permissions), you cannot have multiple copies of a data object within a project.
You can create a project by clicking on the New Project button on the Project list page. Enter a project name and select the project's billing account.
You can also add metadata such as a short description for the project, tags and properties as well as setup project policies.
You can collaborate on the platform by sharing projects with other DNAnexus users. You can give access to projects to individual users or a group of users within an organization at the levels described below. Access to projects can be revoked at any time by the project administrator.
Allows users to browse and visualize data stored in the project, download data to their local computer, and copy the data to further analyze it in their own projects.
Gives users VIEW access, plus the ability to create new folders and data objects, modify metadata of open data objects, and close data objects.
Gives users UPLOAD access, plus the ability to run executions directly in the project.
Gives users CONTRIBUTE access, plus the power to change project permissions and policies, including giving other users access, revoking access, transferring project ownership, and deleting the project.
You can give individual users access to a project at any of these access levels by sharing the project with them.
For example, suppose you have a collaborator who is interested in downloading some of your data. You can upload the data into a new project and share that new project with your collaborator, granting your collaborator VIEW access.
As another example, suppose you have a collaborator who is contributing some of the data that you are working on together. You can create a new project for your collaboration and upload your data to the project. You can then give your collaborator UPLOAD access to the project so that they can also upload their data. Both of you will then be able to use the shared data to perform downstream analyses on the data sets.
NOTE: If you wish to make your data available to all DNAnexus users, e.g. making available the data associated with a published research paper, contact
To share a project with a user or org, click the Share icon in the upper-right corner of the project page.
The resulting dialog box shows the current list of project members and lets you add a new member:
Type the username or the email address of an existing DNAnexus user (e.g.
user-smithj) or an org (e.g.
Pick an access level.
Click Add User.
Repeat the above steps to add more users.
To remove a user or org from a project in which you have ADMINISTER access open the Share dialog to see the members.
You can remove a user by finding the appropriate username and clicking the Remove.
To transfer a project to another user, click on Settings and select Transfer to Another User.
This will open the following dialog for you to enter the email address or username of the user to whom you want to transfer the project.
When you select Send Transfer Request, the recipient will receive an email notifying them that you have requested to transfer a project. The recipient will then have to log into the platform and accept the transfer.
NOTE: The transfer is not complete until the recipient has accepted the transfer request.
If you change your mind after sending a project transfer request and the recipient has not yet accepted the transfer, you can cancel the request. To do this, navigate to the project and where you will see a Pending Project Ownership Transfer notification in the project header. Select Cancel Transfer to cancel the transfer.
To transfer a project to an org, follow the instructions in the Org Member Guide.
When another user initiates a project transfer to you, you'll receive a project transfer request via email notification and in your list of notifications in the platform header. If you do not already have access to the project being transferred, you will be given VIEW access to the project and it will show up in your projects list. When navigating into the project, you will see a Pending Project Ownership Transfer notification in the project header.
To accept the transfer, click Accept Transfer and select a new billing account for the project from the dropdown of eligible accounts.
Users with ADMINISTER access to projects can configure several different project policies for the project which restrict how the data can be modified or copied to other projects.
The following policies exist:
Dictates whether project members can copy data to other projects or use data as input to executions in other projects. If not allowed, no users can copy data to other projects and no user can use data as analysis inputs that are executed in other projects.
Allowed (default) or Not Allowed
Dictates whether project members with CONTRIBUTE access to the project can delete data from the project. If not allowed, only members with ADMINISTER access to the project can delete data.
Allowed (default) or Not Allowed
Dictates whether project members can download data. If not allowed, no user can download data to their local machine.
Allowed (default) or Not Allowed
PHI Data Protection
If PHI Data Protection is enabled for a project, the data in the project will be considered protected health information (PHI) and will be subject to additional restrictions to ensure security and compliance.
Not Enabled (default) or Enabled
Users can view or configure policies for a given project on the project Settings.
All storage costs and compute costs associated with executions run in a particular project are invoiced to the project's billing account. You can bill a project to your own account (e.g. user-smithj) or to an org in which you have permissions to perform billable activities.
Users with UPLOAD or greater project access level to the project will be able to add more data to the project. All users with CONTRIBUTE or ADMINISTER access will be able to launch new executions and incur charges against the project's billing account.
You may change the billing account of a project by transferring the project to another user or to an org.
NOTE: Projects which are sponsored may not be transferred. You must terminate the sponsorship before transferring the project. Projects containing PHI data may only be transferred to org billing accounts which have PHI features enabled.
PHI (Protected Health Information) refers to identifiable health information that can be linked to a specific person. PHI Data Protection features in DNAnexus guard the confidentiality and integrity of the data stored in a project in compliance with HIPAA.
What does the PHI flag do?
Turning on the PHI flag at the org level enables additional behavior in the system -- specifically the flag now prohibits PHI projects from being made public. This flag propagates to jobs and tokens to protect PHI.
If a project is marked as containing PHI (a "PHI project"), the project will be subject to the following protective restrictions:
Objects in the project cannot be copied to other projects that are not marked as containing PHI ("non-PHI projects")
Jobs that run in non-PHI projects will not be able to access any data that can only be found in PHI projects
Job email notifications sent from the project will refer to objects by object ID instead of name for extra security, and other information in the notification may be elided. You will need to log in to DNAnexus to view the complete message.
When an analysis fails in non-PHI projects, the system emails the user the last 10 lines of the log (stdout and stderr of execution). But since logs may contain PHI information and email is an unsecure medium, within PHI projects we do not include logs in the notifications. The notification is still sent with all the other information, but in the section of the log it says "censored for possible PHI, consult website for more details."
PHI projects cannot be converted into non-PHI projects
Only projects with billing accounts set to an organization can be marked as containing PHI. To learn more read how to enable PHI Data Protection features.
Project sponsorship allows a user or org (the "initial Sponsor") to sponsor the storage cost for data objects stored in a project until the sponsorship end date. During the sponsorship period, other users may copy and store the data in their own projects without incurring storage charges.
The sponsorship end date is set at the time of project sponsorship and may be changed by the initial Sponsor at any time. Projects that are sponsored may not be transferred or deleted. If you wish to delete or transfer a sponsored project, you will first need to end the sponsorship.
NOTE: This feature is not available by default to users. For more information about data sponsorship and request access to sponsorship features, contact firstname.lastname@example.org.