Meant for:

  • iRODS admins
  • iRODS users


Sharing data objects and/or collections with other users

To view the current Access Control Lists (*i.e.* which users have what type of access to the data objects and collections in the current working collection):

ils -A

When you store a file, you are the owner and have full control - you can read, write or delete it and, by default, no one else can.

With the iCommand 'ichmod' you can modify ACLs for other users or groups (read access, read and write, or full ownership).

You can only give (or remove) access to others if you own the file yourself, but if you give the 'own' right to someone else, they can also give (and remove) access to others.

For example, if you like to give user or group `alice` recursive read permissions on folder `fruit` which is located in your iRODS current working directory (you could also use the full iRODS path), you should do the following:

ichmod -r read alice fruit

For more information, see `ichmod -h`, which includes the full list of permissions that you can apply to a user or group.

Sharing data with externals

Tickets are another way to provide access to iRODS data objects (files) or collections (directories or folders) which users outside of your iRODS instance (who have access to iCommands) can use to get access to your data.

The 'iticket' command allows you to create, modify, list, and delete tickets. When you create a ticket, its 15 character string is given to you and you can share this with others.

For example, if you would like to give read permission for a data object `mango.txt`:

user1@login:~$ iticket create read mango.txt

This command will print out the ticket string to screen.

If you give this ticket string to someone else, this person can use the ticket in combination with other iCommands depending on the rights given to this ticket:

user2@login:~$ iticket ls 0O5z23TltuCxQC7
id: 1517126
string: 0O0z83TlwuCxQC7
ticket type: read
obj type: data
owner name: user1
data-object name: mango.txt
data collection: /path/to/collection/mango
user2@login:~$ iget -t 0O5z23TltuCxQC7 /path/to/collection/mango/mango.txt

This also works with collections.

Note that you can view all of your active tickets with:

user@login:~$ iticket ls

You can use `iticket mod ticket-string-or-id` to modify the restrictions on the ticket.

Restrictions can be set on who is able to use the ticket, how many times the ticket can be used, which host or IP is able to use the ticket, or the expiration date of the ticket.

  • No labels