Meant for:
- iRODS admins
- iRODS users
Requirements:
- connected to iRODS, see How to connect to iRODS using iCommands
- access to data in iRODS
Sharing data objects and/or collections with other users
To view the current Access Control Lists (*i.e.* which users have what type of access to the data objects and collections in the current working collection):
ils -A
When you store a file, you are the owner and have full control - you can read, write or delete it and, by default, no one else can.
With the iCommand 'ichmod' you can modify ACLs for other users or groups (read access, read and write, or full ownership).
You can only give (or remove) access to others if you own the file yourself, but if you give the 'own' right to someone else, they can also give (and remove) access to others.
For example, if you like to give user or group `alice` recursive read permissions on folder `fruit` which is located in your iRODS current working directory (you could also use the full iRODS path), you should do the following:
ichmod -r read alice fruit
For more information, see `ichmod -h`, which includes the full list of permissions that you can apply to a user or group.
Sharing data with externals
Tickets are another way to provide access to iRODS data objects (files) or collections (directories or folders) which users outside of your iRODS instance (who have access to iCommands) can use to get access to your data.
The 'iticket' command allows you to create, modify, list, and delete tickets. When you create a ticket, its 15 character string is given to you and you can share this with others.
For example, if you would like to give read permission for a data object `mango.txt`:
user1@login:~$ iticket create read mango.txt ticket:0O5z23TltuCxQC7
This command will print out the ticket string to screen.
If you give this ticket string to someone else, this person can use the ticket in combination with other iCommands depending on the rights given to this ticket:
user2@login:~$ iticket ls 0O5z23TltuCxQC7 id: 1517126 string: 0O0z83TlwuCxQC7 ticket type: read obj type: data owner name: user1 ... data-object name: mango.txt data collection: /path/to/collection/mango ... user2@login:~$ iget -t 0O5z23TltuCxQC7 /path/to/collection/mango/mango.txt
This also works with collections.
Note that you can view all of your active tickets with:
user@login:~$ iticket ls
You can use `iticket mod ticket-string-or-id` to modify the restrictions on the ticket.
Restrictions can be set on who is able to use the ticket, how many times the ticket can be used, which host or IP is able to use the ticket, or the expiration date of the ticket.