- Introduction
- Getting Started
- Guides and Tutorials
- Introduction to Terra
- Introduction to Dockstore
- Understanding Cloud Costs
- Account Setup
- Overview of Account Setup
- Obtaining a Google ID
- Creating a Terra Account
- Billing Setup
- Overview of Billing Concepts
- Creating a Google Cloud Billing Account
- Accessing Data
- Discovering Data
- Requesting Data Access
- Data Access Controls
- Bringing Your Own Data
- Running Analysis Workflows
- Using Example Workspaces
- Running GATK in Terra
- Running Galaxy Workflows from Dockstore
- Running Interactive Analyses
- Running Jupyter Notebooks in AnVIL
- Running R / Bioconductor in AnVILL
- Running Galaxy in AnVIL
- MOOC
- What is AnVIL?
- Cloud Computing
- Cloud Costs
- Use Case: GATK
- Use Case: GWAS
- Use Case: eQTL
- Video Gallery
- Anvil
- Terra
- Dockstore
- Galaxy
- Seqr
- Workshop Archive
- Workshop Archive
- Reference
- Cross Platform Data Access with GA4GH DRS in Terra
Data Access Controls
Terra uses authorization groups (auth groups) to control access to workspaces. If a workspace has an auth group attached, the workspace can only be interacted with by users belonging to the auth group.
Auth groups can also contain other "secondary" auth groups, allowing auth group nesting to make additions and removals easier.
To control access to workspaces containing data, a top-level auth group is created for the workspace and user lists are added to secondary auth groups within the top-level auth group.
Enabling Data Access
Consortium Member Access
Members of the data-generating consortium are granted access directly in Terra by a designated official of the consortium. Guidelines for this official are outlined in the Consortium Guidelines for AnVIL Data Access resource.
External Researcher Access
Members of the wider community may request access through dbGaP. Upon receiving approval in dbGaP, the researcher will be able to access the requested data within AnVIL once they have linked their Terra account and eRA Commons address.
To synchronize dbGaP approvals with Terra, dbGaP periodically deposits a copy of their access list to a secure FTP site. This access list is then read by Terra and synchronized to the appropriate workspace auth groups. In this manner, workspace auth group membership for external researchers is maintained solely by dbGaP.
Data Access Monitoring and Logging
Both Terra and the AnVIL Data Explorer operate in a FISMA-Moderate environment and comply with all requirements set forth in NIST-800-53. This includes robust logging of access to data, periodic audits, and monitoring for abnormal use patterns.