- iRODS admins
- iRODS users
- connected to iRODS, see How to connect to iRODS using iCommands
- access to data in iRODS
Sharing data objects and/or collections with other users
To view the current Access Control Lists (*i.e.* which users have what type of access to the data objects and collections in the current working collection):
When you store a file, you are the owner and have full control - you can read, write or delete it and, by default, no one else can.
With the iCommand 'ichmod' you can modify ACLs for other users or groups (read access, read and write, or full ownership).
You can only give (or remove) access to others if you own the file yourself, but if you give the 'own' right to someone else, they can also give (and remove) access to others.
For example, if you like to give user or group `alice` recursive read permissions on folder `fruit` which is located in your iRODS current working directory (you could also use the full iRODS path), you should do the following:
For more information, see `ichmod -h`, which includes the full list of permissions that you can apply to a user or group.
Sharing data with externals
Tickets are another way to provide access to iRODS data objects (files) or collections (directories or folders) which users outside of your iRODS instance (who have access to iCommands) can use to get access to your data.
The 'iticket' command allows you to create, modify, list, and delete tickets. When you create a ticket, its 15 character string is given to you and you can share this with others.
For example, if you would like to give read permission for a data object `mango.txt`:
This command will print out the ticket string to screen.
If you give this ticket string to someone else, this person can use the ticket in combination with other iCommands depending on the rights given to this ticket:
This also works with collections.
Note that you can view all of your active tickets with:
You can use `iticket mod ticket-string-or-id` to modify the restrictions on the ticket.
Restrictions can be set on who is able to use the ticket, how many times the ticket can be used, which host or IP is able to use the ticket, or the expiration date of the ticket.