Stronghold
HomeServicesDocumentationBlog
  • Highly Secure Computing (Stronghold)
  • Data Management
    • SFTP Data Transfers
      • Data Imports
      • Data Exports
    • HTTPS Direct Downloads
      • FastX 3
      • FastX 2
    • Data Storage
    • Globus Transfers
      • Windows Tenants
      • Adding New Users
  • Usage
    • New Tenant Onboarding
    • Windows Environments
      • Access from Mac
      • Access from Windows
      • RDP Gateway from Mac
      • RDP Gateway from Windows
    • Linux Environments
      • FastX 3
      • FastX 2
  • Software
    • Windows Standard Software
    • Linux Standard Software
      • Julia
    • Package Archive Mirrors
      • BioConductor Mirror
      • CRAN Mirror
      • PyPI Mirror
    • Install R/Python Packages from Local File
    • Jupyter Lab on Linux Workstations
    • Changing the temporary folder for softwares
      • SAS
      • STATA
      • RStudio
    • Changing Default Package install locations on Windows
      • Python (Pypi packages)
      • R (CRAN Packages)
      • Stata packages
  • Git
    • Git Sync
    • GitLab
  • Access & Security Groups
    • User Groups
    • Lifespan Staff Access
  • Multi-Protocol Access
    • Access Same Data from Windows and Linux Workstations
Powered by GitBook
On this page

Was this helpful?

  1. Access & Security Groups

User Groups

The section below describes how user groups are implemented in Stronghold. Note that the term "tenant" is used throughout; this refers a group, lab, or center's Stronghold instance.

Stronghold employs Active Directory security groups to control access to the system and to the data. These groups allow for specific access and control over data. While we can create custom security groups for finer control over data, below are the typical groups provided at the outset of the environment. It is up to the discretion of the PIs to place users into specific groups and the PIs must assign data permissions to those groups.

sh_<tenant>_all ← Membership in this group is required for access to the system. All individuals who need to access the system should be members of this group. Membership in this group does not mean access to the data is granted. It means the user has access to the system. For example, members of the sh_datasci group can access the datasci tenant's workstation(s) in Stronghold.

sh_<tenant>_admins ← Members of this group have access to all data on this tenant and are members of all other security groups on the tenant. Members of this group can also create new folders/directories. Typically, only the PI is a member of this group by default.

sh_<tenant>_staff ← Members of this group are typically permanent/vital members of the research team. Typically, PIs allow this group to access the majority/all data files.

sh_<tenant>_users ← Members of this group are usually students/interns. Typically, PIs allow this group to access some of the data files (as needed).

sh_<tenant>_import_w ← This group is used to transfer data into Stronghold. Members of this group can execute step 1 of the 2 step process for importing data. Members of this group can write to the transfer server from outside of Stronghold.

sh_<tenant>_import_r ← This group is used to transfer data into Stronghold. Members of this group can execute step 2 of the 2 step process for importing data. Members of this group can read from the transfer server from inside of Stronghold, and pull the data down to Stronghold.

sh_<tenant>_export_w ← This group is used to transfer data out of Stronghold. Members of this group can execute step 1 of the 2 step process for exporting data. Members of this group can write to the transfer server from inside of Stronghold.

sh_<tenant>_export_r ← This group is used to transfer data out of Stronghold. Members of this group can execute step 2 of the 2 step process for exporting data. Members of this group can read from the transfer server from outside of Stronghold, and pull the data out of Stronghold.

A PI can request to create a new security group and add users to the new group.

PreviousGitLabNextLifespan Staff Access

Last updated 4 years ago

Was this helpful?