General Concepts of the RDMS Team Drives
Initial Setup
Working with Team Drives
- Team Drive Owners and Group Admins
- Regular Team Drive Users

Team Drives

General Concepts of the RDMS Team Drives

The following points summarise some of the basics of Team Drives in the RDMS:

Within the different storage areas of the RDMS, Team Drives fulfil the role of a shared storage space for research groups.
They can be used to store a group's research data in the mid- and long-term.
The RDMS Team Drive can be seen as the RDMS equivalent of the Y: Drive.
Within the RDMS, Team Drives are always located at /<zone>/home/<Team_Name>.
The data in an RDMS Team Drive can be shared with other group members, but also with other RDMS users.
Automated Policies can be implemented by the managers of a Team Drive.
The initial setup of a Team Drive has to be requested.
The management of Team Drives (new users, permissions management) is in the hands of the research groups themselves.

In the following sections, it will be described how an RDMS Team Drive is initially requested and set up. Furthermore, the management of a Team Drive and working with a Team Drive will be explained by using some examples.

Initial Setup

While the management and maintenance of an RDMS Team Drive are in the hands of the individual research groups or Team Drive owners, the initial setup of a Team Drive has to be requested via the RDMS Support.

To request a Team Drive, please contact rdms-support@rug.nl.

For the setup of a Team Drive, the following additional information is needed:

Name of the Team Drive: The requester decides on a name that the Team Drive should have. The name will also define the location within the RDMS. The new drive will be at /<zone>/home/<Team_Name>.
Owner Information: Every RDMS Team Drive gets at least one owner assigned to it. This is usually the PI of a research group. As it is just possible to assign an owner if this person is already registered in the RDMS, please log in at least once via the RDMS web interface to have your account registered.
Further Information: As will be explained later, individual users and also groups can be added with different permissions to a Team Drive. This can be done at any time by the owner of an RDMS Team Drive, but if it is already known that certain groups or users should have access to the Team Drive, it is also possible to adjust this already during the initial setup.

It should be noted that the creation of an RDMS Team Drive also creates an associated RDMS Group with the same name as the Team Drive. This group is automatically added to the newly created Team Drive.

Moreover, the creator of the Team Drive will get elevated 'groupadmin' permissions within the RDMS that allow them to manage Team Drive via the Data Management tab of the web interface as well as create further new Team Drives if needed (see below).

Working with Team Drives

For this example, we assume that a new Team Drive with the name “Example_Group1” was requested. Accordingly, the location of the new Team Drive is at /<zone>/home/Example_Group1, the top-level of our RDMS Team Drive.

As there is a difference in the usage of Team Drives by the managers/owners of the Team Drives and by regular RDMS users, the following section will be split according to this distinction:

The section for Team Drive owners/managers will focus on managing the RDMS Drive (permissions, sharing options, etc.) with the RDMS web interface.
The section for regular RDMS users will mostly focus on accessing the Team Drive collection to transfer data in/out of this area, as well as collaboration.

Team Drive Owners and Group Admins

The section below describes various activities that can be performed by a Team Drive Owner and group admin, such as adding users, creating a new Team Drive, and adding new group members to a group. Please note that to perform some of these activities, one must be both a Team Drive Owner and a group admin, while for others, it is sufficient to be only a Team Drive Owner.

Managing a Team Drive as an owner and/or group admin

Team Drive owners, if they are also group admins, can use the Data Management tab in the interface to get an overview of currently set permissions of the respective Team Drives, and also to manage the Team Drive.

Navigating to the Data Management tab and selecting the “Team drives” button will reveal an overview of all RDMS Team Drives that are available for the user.

Clicking on the name of one of the available RDMS Team Drives opens the management tab of the respective Team Drive. On this page, diverse management tasks can be performed by the owner/manager of the Team Drive.

Group Users Management Tab (Manage RDMS Team Drive Group Members)

The leftmost button gives an overview of the current members of the RDMS Group that is automatically created and added to a Team Drive when it is set up.

Adding a new group member

To add a new member to this group, the cogwheel symbol in the top-right corner reveals a context menu. Selecting “Add Group member” from this menu can be used to add a new member to this Team Drive Group. Select the user that should be added in the next menu and then confirm.

Removing group members

Removing Group members is done from the same tab. Simply click on the trash bin symbol next to the user's name. The user will be removed.

Note:
Do not remove yourself from the Group. Otherwise, you lose the capability to manage it. In case you accidentally remove yourself from a group, get in contact with the RDMS support.

Team Drive Permissions Tab

The middle button gives an overview of the current assigned permissions on the top-level of the Team Drive. The RDMS Groups that have permissions are also listed here. The currently set permission levels are listed in the table next to the user/group name.

Changing/revoking permissions of listed users and groups

To change the permission level, just click on the pencil symbol next to the name of the user/group. This will open a new window where a new permission level can be selected. Also, permissions can be removed by selecting “None” from the permission selection field.

When adjusting the permissions, there is an additional selection possibility which decides if the permission change should apply for all files/folders within the Team Drive (select 'Including sub files and folders') or just for the top-level of the Team Drive (select 'Only this file/folder').

Assigning new permissions

To add a new permission for the Team Drive, the cogwheel button on the top-right corner of the interface is again used.

Clicking on it reveals the interface that was already described when adding new members to an RDMS group (see above). Via this menu, there are three possibilities to assign new permissions:

Add User: Can be used to grant permissions for an individual user to the Team Drive.
Add Project: Can be used to grant permissions for the members of a specific RDMS Project to the content of the Team Drive.
Add Group: Can be used to assign permission for an RDMS group, instead of a single user.

For all three selection, it is possible to choose a suitable permission level and also to decide if the newly set permissions should apply to all files/folders in the Team Drive location (also all sub-folders, etc.) or just for the top-level (in this example /<zone>/home/Example_Team1)

Adding a new user as a Team Drive owner only

As a Team Drive owner without group admin privileges, you can still add new users and manage their permissions. To do this, you do not need to use the “Data Management” tab. Instead, follow the steps below:

1. Go to your Team Drive using the “Team drives” drop-down menu, then click the “i” icon in the top right corner of the dashboard.

2. In the new side window, click on the vertical three dots.

3. Select the Add User option.

4. On the new User permission screen, type the user's email address in the Select User field, assign the appropriate permission level (Readonly, Read/Write, Owner, None), and specify whether this permission should apply to all subfiles and folders or only the selected file or folder.

Team Drive Data Tab

The rightmost button gives an overview of the data that is currently stored on the Team Drive. From this overview, it is also possible to do some basic tasks, like creating a new folder, moving a folder/file to another location, or uploading small files.

Selecting first a file/folder and then pressing the i button results in a new menu which displays some information about the selected file/folder. Here, it is possible to see the currently set permissions on the respective data, see its metadata entries (if there are any), and it also gives the possibility to set up/remove a shared link.

Permission Management and Usage of Groups

Assigning other Owners/Managers to a Team Drive

Sometimes, it is helpful to have multiple owner/managers for a Team Drive. For example if a PI as the initial requester of the Team Drive would like to delegate the management tasks to another group member.

To assign a new owner, just follow the steps in the section above which describes how to assign new permissions for a Team Drive. Then select 'own' as the permission for the new owner. Within the RDMS, it is not a problem to assign multiple owners.

Changing permissions for individual files and folders

The steps to assign permissions that were described above always assign permissions on the top-level of the Team Drive, and all of its sub-folders and files if the specific checkbox was selected.

For a more granular permission assignment, it is possible to adjust the permission levels also differently for different files/folders that are contained in the Team Drive.

For this, the respective file/folder has to be selected from the data tab. Subsequently, pressing the i button while the file/folder are selected will open a new menu which also contains a 'Members' tab which lists all the currently set permissions for that file/folder.

Note:
While there are several use-cases and advantages of a granular permission management of data in a Team Drive, please take into account that this can lead to a loss of overview about which permissions are currently set on which files/folders in the Team Drive.

Also please take into account that a permission change on a higher level will overwrite the different individual permissions of the same user/group if 'Including sub files and folder' is selected during permission assignments.

If you want to have a Team Drive that is setup with granular permissions for different users/groups, it is recommended to get in contact with the RDMS support if you are unsure how this is realized in the best way.

Permission inheritance and Team Drives

It is furthermore possible to enable/disable permission inheritance for the whole Team Drive or its sub-folders. If a Team Drive is created, the standard setting will create it with permission inheritance 'false' (inheritance disabled), which means that a newly created sub-folder or file within the Team Drive's main folder will not inherit the permissions that were assigned on the main folder.

The owner of a Team Drive can enable permission inheritance on the whole drive if that is desired. To do this, you have to navigate to the management tab of the Team Drive and then first select the i button to reveal the information window.

From there, you can access a context menu that allows you to select 'Set permission inheritance'.

Please read the section about permissions which also contains a more detailed explanation about permission inheritance in general.

Advantages of using groups for permission management

As indicated earlier, it is possible to assign permissions either for individual users or for RDMS Groups. Both ways of managing a Team Drive, either individual-based or group-based, can have their advantages.

Using RDMS Groups gives an additional layer of structure to the permission management.
Using RDMS Groups allows grouping users with different permissions. Permission changes can then be done in a single step.
Grouping of users can also be beneficial for other parts of the RDMS if the person within a respective group needs access to another section of the RDMS. Instead of assigning permissions for everyone individually or creating a new group and adding the respective users, the already existing groups can be reused.

It should be emphasised again that while a group is automatically created during Team Drive creation, it is not mandatory to use RDMS groups for the management of the drive.

If it is desired to manage the drive based on Groups, you can already specify this during the setup, and we will assign 'groupadmin' privileges for the respective user. This allows for managing the members of an RDMS group as well as giving the privilege to create new RDMS groups.

If you are unsure if using RDMS Groups is suitable/beneficial for your use case, do not hesitate to get in contact with the RDMS support and we can further assist you.

An additional note for iCommands users

For those RDMS users who do not use the web interface to work in the system, but who rather work via the command-line interface (CLI) using iCommands, it is also possible to do these management tasks from the CLI. Please refer to the icommands wiki, which provides some examples on specific commands that can be used for management tasks. Also refer to the official iRODS documentation, which also has a summary of the available commands.

A selection of the most common commands for CLI-based Team Drive management:

ils -A: Shows the files/folders including the currently set access permissions.
ichmod: Allows to modify permissions for files/folders.
igroupadmin: Command to manage groups from the CLI.

Creating Team Drives as a Group Admin

The “groupadmin” role does not just allow for the management of RDMS Groups, but also makes the Data Management tab available in the web interface.

To create a Team Drive as a “groupadmin”, first navigate to the Data Management tab, then select the “+” button to reveal the menu that allows you to create a new Team Drive by selecting 'New Team Drive'.

Afterwards, the system will ask you for the desired name of the new Team Drive. Specify a name, then confirm, and a new Team Drive is created with the specified name.

Regular Team Drive Users

For regular RDMS users, the above-described drive management tasks are of lesser importance. In the following section, we will therefore focus on the description of where these users find their available RDMS Team Drives in the web interface or when using one of the clients. We will also explain how to transfer files to/from a Team Drive location, as a short example.

Working with Team Drives as a regular user

Accessing Team Drives from the Web Interface and RDMS Clients

From the web interface

From the web interface, available Team Drives are listed in the Data Browser tab. Clicking on the name of one of the listed Team Drives will open it.

Afterwards, basic tasks can be performed directly in the web interface, for example the creation of new folders or uploading of small files (<50 MB).

Alternatively, if the correct location of the respective Team Drive is known, in our example /rug/home/Example_Team1, it is also possible to copy this location to the address bar in the web interface, and confirm by pressing 'Enter' to reach the Team Drive.

Using one of the GUI clients (e.g. Cyberduck)

When using Cyberduck as an example for a GUI client for the RDMS, the Team Drive locations can be accessed in the following way:

If using the native iRODS protocol for Cyberduck and when no special configuration is made in Cyberduck, you will see your personal Home location after login (e.g. /rug/home/<mailadress>).

As this is one level down the folder hierarchy of the RDMS, you first need to navigate one level up to see the available RDMS Team Drive.

In the higher level, in this example /rug/home/, all of the locations where you have some level of permissions (this includes Team Drives) will be available. Just click on a folder to access/open it. Afterwards, file management tasks like up-/download (see below) can be performed.

For Cyberduck on Windows, it is also possible to directly specify the full location to reach a Team Drive.

Within Cyberduck, this can be done from the Menu under Go → Go to Folder…, then specify the location and confirm to open it.

Note:
If you do not use the native iRODS protocol for the connection to the RDMS in Cyberduck, but instead use the WebDAV protocol, the situation is slightly different:

Using the WebDAV protocol in Cyberduck always opens the location above the user's personal home location, for example, /rug/home/.

From there, other locations like Team Drives can be accessed directly.

Via the CLI using iCommands

For users of iCommands the easiest way to access a Team Drive location is by directly navigating to its full location using the icd command like:

$ icd /rug/home/Example_Team1

Data Transfer/Sharing and Metadata Management within Team Drives

Data transfer in/out of a Team Drive works in the same way as in/out of your personal Home location.

If this does not work out as expected, you likely lack the correct permissions for your desired task.

Please check our overview about the different permission levels for the needed permissions.

If in doubt, contact the owner/manager of the Team Drive for further information or contact the RDMS support for assistance.

Table of Contents