How to manage users in your Mediaflux project, inclusive of adding and removing users, modifying users' access levels, and managing restricted folder acls

We encourage you to use the self-service UAM (User Account Management) Portal to manage your users' access.
The possible roles you can give users are described here.

Eligibility and access to the UAM Portal

To use the UAM Portal, you will have to:

be the RCAO (Research Computing Activity Owner) for the RCP Activity in which the Mediaflux project resides

and/or

have ‘manage resources’ permission in the RCP Activity in which the Mediaflux project resides

If you’re unable to use the UAM Portal, please contact Research Computing Services to share/restrict your project with collaborators.

Please make sure to provide us with the following information to speed up your request:

Your project id (e.g. /projects/proj-test-1128.4.8)
The user’s institution
The user’s institutional username
What kind of access you would like the user to have/not have, one or more of the following:
- read-only
- read-write
- something more complex (see detailed information about permissions for advanced users)

If you have MFA enabled and encounter an error when trying to use MFA, you'll need to login to Mediaflux (using any method like Explorer, Desktop or Aterm) on the same device and network you intend to use the UAM Portal from. After you accept the push notification and login successfully, you can then login to the UAM Portal directly after 2-3 minutes.

Managing user access

View projects and users

Login

For the Domain field, enter unimelb (for staff account-holders) or student (for student account-holders)
For the User and Password fields, please enter your UniMelb username and password (same ones you use when login to University's Themis system), and click “Sign In”

Click on Projects

Select a project from your list of projects
Click on the Users tab on the right to see which users have what access to your project

Add a user to your project

Click on the Add button at the bottom to add a user, choosing the correct role from the Standard Project Roles.

Modify a user’s access

If you wish to change a user’s access level, you can click on the Modify button at bottom after selecting the user.

Remove a user from your project

Click on the Remove button at bottom after selecting user(s) to remove them from the project.

Logout

Logout by clicking on the button on the top right of the screen.

[Coming Soon] Managing access to restricted folders

This new feature will be coming soon in conjunction with a server upgrade.

Restricted folders are special folders in your project that have extra privacy controls — you decide exactly who can see or edit what's inside them.
These folders are located under /projects/project-id/Restricted.

Note: A user must already be added to your project (with at least read-only access) before you can control their access to any restricted folders.

View current acls

Once you’ve selected your project from the list on the left hand side, click on the “FOLDER ACLS” tab next to the “USERS” tab to view who has access to a restricted folder.

Read - the user can view the contents of the folder and all subfolders (unless the subfolder has a specific access control set)
Write - the user can view, modify, create and delete the contents of the folder and all subfolders(unless the subfolder has a specific access control set)
Partial Write - the user can view and also do some of modify, create or deletion actions but not all of them

Change who can access a Restricted folder

To modify user access to a restricted folder, simply click on the tick/cross icon next to their username in the read/write column to grant or revoke their read/write access.

Important: If you want to remove someone's read access, you need to remove their write access first. Trying to remove read access while they still have write access won't work.

In addition to user based access, you can set project admins access to the folder by selecting the checkbox next to the folder name in the folder list on the left tab. When enabled to all users who have the project-administrator role for the project will automatically have Write access to that folder even if they have not been given access individually.

Create a new restricted folder

Click on the Create Folder button above the folder list to create a new restricted folder.
You will be prompted to enter the folder name in the pop up dialogue and click Create again to create your folder.
Folder names need to start with a letter/number and can only contain letters/numbers and dots in name.

Traverse the folder tree

Although you can only apply access controls for folders in the Restricted directory, you can view other folders of the project and any access controls that may have been set on them by traversing the folder tree:

to move up a folder click on the Up icon above the folder list on the left side
to move down into a folder double click on a folder

Note: For folders outside the restricted folder all users have access to them if no acls are indicated, with users that have access to the parent folder also having access to the child folders unless there is an acl set.

Known UI bug: sometimes the up arrow for traversal will be non responsive, when this happens click once on the right hand side list containing the users and try clicking on the up arrow again.

Adding/removing users