A FireCloud group is simply a list of users who are classed together. You may be a member of a lab, a team, or a collaboration, which could find utilizing groups very handy. Groups make it easier to share workspaces or billing projects with a single click. Groups can be maintained easily (adding or removing members) in one place, rather than needing to go to each workspace or billing project you manage.
The roles you can set in a group are:
- Administrator: If you create the group, you are the Administrator of the group. As an Administrator you can add and remove members or designate other Administrators. Groups are private, so only Administrators can see who is in the Group.
- Member: If you are a member of the group you will inherit any actions that are applied to that group. See below for examples.
For example, a Project Manager may want to share multiple workspaces with a group of users who are collaborating on a project. The Project Manager creates a Group and adds that Group as a Reader to the project’s workspaces (similar to adding one individual user). Now the Project Manager won’t have to type individual user emails over and over again when trying to share. If someone leaves the collaboration, the Project Manager can remove that person from one list instead of from multiple workspaces. The Project Manager could also create a group within a group. For example, a collaboration may involve two labs. The “Collaboration” Group would encompass “Lab1” and “Lab2” Groups.
A Principal Investigator could create a group for their lab and may want to give all members of the lab access to a specific FireCloud billing project in order to enable computation. The Principal Investigator would create a Group, then add that Group as a “user” of the Billing Project.
If the PI did not want to manage billing project access on their own, they could add the entire Group as an “owner.” All members of the Group would be able to add other users to that billing project. Or, if they did not want to give everyone “owner” access, they could simply create a smaller Group of people that are in charge of managing access to the billing project. This Group would have the ability to add users on behalf of the PI.
The requirements for a Group are simple:
- Any user can create a group and give it a name.
- The name must be unique across the system so you can’t overwrite another user’s group.