Ever wish you could automatically remove your unwanted output files from a submission without having to manually review them? If so, take this two minute survey and tell us more.
Latest Release: 1/10/19
Release Notes can be found here.

(howto) Access TCGA Controlled Access Data Workspaces

Tiffany_at_BroadTiffany_at_Broad Cambridge, MAMember, Broadie, Moderator admin
edited April 2018 in Tutorials

Requirements to access TCGA Controlled Access Data Workspaces

To access Controlled Access data in FireCloud, you must:

1. Have an eRA Commons or NIH account with dbGaP authorization. Go here for instructions to set up an eRA Commons or NIH account with dbGaP authorization.

2. Establish a link between your FireCloud and eRA Commons / NIH accounts. Go here for instructions to link your eRA Commons or NIH account to your FireCloud account.

You can also check out this FireCloud Webinar for more information.


Accessing TCGA Controlled Access Data Workspaces

If you meet the above Requirements to Access Controlled Access Data Workspaces, you will be granted READER access to all pre-populated TCGA Controlled Access Data workspaces.

Derived Data from Controlled Access Data Workspaces

The National Cancer Institute (NCI) and dbGaP consider any data derived from TCGA Controlled Access data to also be TCGA Controlled Access data.

FireCloud users can derive data from Controlled Access data by:

  • Cloning a Controlled Access Data workspace and running analyses in the cloned workspace.

  • Creating a new workspace, copying entities referencing Controlled Access data into the new workspace, and running analyses in that workspace.

Rather than track specific data objects as "controlled access", FireCloud identifies workspaces as TCGA Controlled Access and restricts access to those workspaces to users who meet the requirements stated above.

Creating and cloning a Controlled Access Data Workspace

When you create a new workspace, you can add the "TCGA-dbGap-Authorized" group to the Authorization Domain to protect any TCGA Controlled Access Data in your workspace. Once a workspace has this Authorization domain set up, it remains a Controlled Access Data workspace.

When you clone a Controlled Access Data workspace, the cloned workspace will automatically have "TCGA-dbGap-Authorized" group in the Authorization domain.

If you are granted access (READER, WRITER, or OWNER) to a TCGA Controlled Access Data Workspace but do not meet the requirements listed above, you can view the workspace in the workspaces list, but will be unable to enter it. This may occur, for example, if another user shared a TCGA Controlled Access Data workspace with you and your dbGaP authorization has not yet been approved or the linkage of your FireCloud and eRA Commons accounts has expired.

If you can not enter a TCGA Controlled Access Data workspace, but believe you have dbGaP authorization for Controlled Access data, you may need to re-link your eRA Commons / NIH account. You can go to your User Profile to check your dbGaP authorization status and click Log-In to NIH to re-link your account if your linkage has expired.

Sharing a Controlled Access Data Workspace

If you are the OWNER of a Controlled Access Data workspace, FireCloud will not prevent you from sharing the workspace with a user who does not meet the requirements to access Controlled Access Data Workspaces. However, these users will not be able to enter the workspace you shared unless they met the Requirements to access Controlled Access Data Workspaces.

Google buckets for Controlled Access Data Workspaces

Google buckets associated with Controlled Access Data workspaces will be accessible to FireCloud users who meet the requirements to access Controlled Access Data Workspaces and who have the appropriate permission of READER, WRITER, or OWNER for that workspace. Users who meet these requirements can access the buckets through the workspace Summary tab or gsutil.

Copying entities from Controlled Access Data Workspaces

In order to copy entities from a Controlled Access Data workspace, the destination workspace must also have the Authorization domain with the "TCGA-dbGap-Authorized" group set up. If you attempt to copy entities to an Open Access Data workspace, FireCloud will not allow you to choose a Controlled Access Data workspace from which to copy entities.

Disclaimer about TSV load files

FireCloud does not identify Controlled Access data within TSV load files. Therefore, FireCloud cannot prevent users from uploading TSV Load Files containing Controlled Access data to an Open Access Data workspace.

All users accessing controlled access data are bound by the dbGaP TCGA DATA USE CERTIFICATION AGREEMENT (DUCA). In addition, users must adhere to FireCloud’s Terms of Service.

Post edited by Tiffany_at_Broad on
Sign In or Register to comment.