General Concepts of the RDMS Team Drives
Initial Setup
Working with Team Drives
- For Team Drive Owners/Managers
- For 'normal' Team Drive Users

Team Drives

General Concepts of the RDMS Team Drives

The following points summarize some of the basics of Team Drives in the RDMS:

Within the different storage areas of the RDMS, Team Drives fulfil the role of a shared storage space for research groups.
They can be used to store a group's research data in the mid- and long-term.
The RDMS Team Drive are can be seen as the RDMS equivalent of the Y: Drive.
Within the RDMS, Team Drives are always located at /<zone>/home/<Team_Name>.
The data in a RDMS Team Drive can be shared with other group members, but also other RDMS users.
Automated Policies can be implemented by the managers of a Team Drive.
The initial setup of a Team Drive has to be request.
The management of Team Drives (new users, permissions management) is in the hand of the research groups themselves.

In the following sections, it will be described how a RDMS Team Drive is initially requested and setup. Furthermore, the management of a Team Drive and the working with a Team Drive will be explained by using some examples.

Initial Setup

While the management and maintenance of a RDMS Team Drive are in the hands of the individual research groups or Team Drive owners, the initial setup of a Team Drive has to be requested via the RDMS Support.

To request a Team Drive, please contact rdms-support@rug.nl.

For the setup of a Team Drive, the following additional information are needed:

Name of the Team Drive: The requester decides for a name that the Team Drive should have. The name will also define the location within the RDMS. The new drive will be at /<zone>/home/<Team_Name>.
Owner Information: Every RDMS Team Drive gets at least one owner assigned to it. This is usually the PI of a research group. As is just possible to assign a owner if this person is already registered in the RDMS, please login at least once via the RDMS web portal to have your account registered.
Further Information: As will be explained later, individual users and also groups can be added with different permissions to a Team Drive. This can be done at any time by the owner of a RDMS Team Drive, but if it is already known that certain groups or users should have access to the Team Drive, it is also possible to adjust this already during the initial setup.

It should be noted that the creation of a RDMS Team Drive also creates an associated RDMS Group with the same name as the Team Drive. This group is automatically added to the newly created Team Drive.

Moreover, the creator of the Team Drive will get elevated 'groupadmin' permissions within the RDMS that allow to manage Team Drive via the Data Management tab of the web portal as well as create further new Team Drives if needed (see below).

Working with Team Drives

For this example, we assume that a new Team Drive with the name Example_Group1 was requested. Accordingly, the location of the new Team Drive is at /<zone>/home/Example_Group1, the top-level of our RDMS Team Drive.

As there is a difference for the usage of Team Drives by by the managers/owners of the Team Drives and by 'normal' RDMS users, the following section will be split according to this distinction:

The section for Team Drive owners/managers will focus on managing of the RDMS Drive (permissions, sharing options, etc.) with the RDMS web interface.
The section for 'normal' RDMS users will mostly focus on accessing the Team Drive collection to transfer data in/out of this area as well as collaboration.

For Team Drive Owners/Managers

Click to display section

Team Drive owners/managers can use the Data Management tab in the interface to get an overview about currently set permissions of the respective Team Drives, and also to manage the Team Drive.

Navigating to the Data Management tab and selecting the Team drives button will reveal an overview of all RDMS Team Drives that are available for the user.

Clicking on the name of one of the available RDMS Team Drives, opens the management tab of the respective Team Drive. On this page, diverse management tasks can be performed by the owner/manager of the Team Drive.

Group Users Management Tab (Manage RDMS Team Drive Group Members)

The leftmost button gives an overview about the current members of the RDMS Group that is automatically created and added to a Team Drive when it is setup.

Adding a new Group member

To add a new member to this group, the cogwheel symbol in the top-right corner reveals a context menu. Selecting 'Add Group member' from this menu can be used to add a new member to this Team Drive Group. Select the user that should be added in the next menu and then confirm.

Removing Group Members

Removing Group members is done from the same tab. Simply click on the trash bin symbol next to the user's name. The user will be removed.

Note:
Do not remove yourself from the Group. Otherwise, you loose the capability to manage it. In case you accidentally remove yourself from a group, get in contact with the RDMS support.

Team Drive Permissions Tab

The middle button gives an overview about the current assigned permissions on the top-level of the Team Drive. The RDMS Groups that have permissions are also listed here. The currently set permission levels are listed in the table next to the user/group name.

Changing/Revoking Permissions of listed Users/Groups

To change the permission level, just click on the pencil symbol next to the name of the user/group. This will open a new window where a new permission level can be select. Also permissions can be removed by selecting 'None' from the permission selection field.

When adjusting the permissions, there is an additional selection possibility which decides if the permission change should apply for all files/folders within the Team Drive (select 'Including sub files and folder') or just for the top-level of the Team Drive (select 'Only this file/folder').

Assigning new Permissions

To add a new permission for the Team Drive, the cogwheel button on the top-right corner of the interface is again used.

Clicking on it, reveals the interface that was already described when adding new members to a RDMS group (see above). Via this menu, there are three possibilities to assign new permissions:

Add User: Can be used to grant permissions for an individual user to the Team Drive.
Add Project: Can be used to grant permissions for the members of a specific RDMS Project to the content of the Team Drive.
Add Group: Can be used to assign permission for a RDMS group, instead of a single user.

For all three selection, it is possible to choose a suitable permission level and also to decide if the newly set permissions should apply to all files/folders in the Team Drive location (also all sub-folders, etc.) or just for the top-level (in this example /<zone>/home/Example_Team1)

Team Drive Data Tab

The rightmost button gives an overview about the data that is currently stored on the Team Drive. From this overview, it is also possible to do some basic tasks, like creation of a new folder, moving of a folder/file to another location, uploading of small files.

Selecting first a file/folder and then pressing the i button results in a new menu which displays some information about the selected file/folder. Here, it is possible to see the currently set permissions on the respective data, see its metadata entries (if there are any), and it also gives the possibility to setup/remove a shared link.

Additional Info: Permission Management and Usage of Groups

Assigning other Owners/Managers for a Team Drive

Sometimes, it is helpful to have multiple owner/managers for a Team Drive. For example if a PI as the initial requester of the Team Drive would like to delegate the management tasks to another group member.

To assign a new owner, just follow the steps above which describe how to assign new permission for a Team Drive and then select 'own' permissions. Within the RDMS, it is not a problem to assign multiple owners.

Changing Permissions for individual Files/Folders

The steps to assign permissions that were described above always assign permissions on the top-level of the Team Drive, and all of its sub-folder and files if the specific checkbox was selected.

For a more granular permission assignment, it is possible to adjust the permission levels also differently for different files/folders that are contained in the Team Drive.

For this, the respective file/folder has to be selected from the data tab. Subsequently, pressing the i button while the file/folder are selected will open a new menu which also contains a 'Members' tab which lists all the currently set permissions for that file/folder.

Note:
While there are several use-cases and advantages of a granular permission management of data in a Team Drive, please take into account that this can lead to a loss of overview about which permissions are currently set on which files/folders in the Team Drive.

Also please take into account that a permission change on a higher level will overwrite the different individual permissions of the same user/group if 'Including sub files and folder' is selected during permission assignments.

If you want to have a Team Drive that is setup with granular permissions for different users/groups, it is recommended to get in contact with the RDMS support if you are unsure how this is realized in the best way.

Permission Inheritance and Team Drives

It is furthermore possible to enable/disable permission inheritance for the whole Team Drive or its sub-folders. If a Team Drive is created, the standard setting will create it with permission inheritance 'false' (inheritance disabled) which means that a newly created sub-folder or file within the Team Drive's main folder will not inherit the permissions that were assigned on the main folder.

The owner of a Team Drive can enable permission inheritance on the whole drive if that is desired. To do this, you have to navigate to the management tab of the Team Drive and then first select the i button to reveal the information window.

From there, you can access a context menu that allows you to select 'Set permission inheritance'.

Please read the section about permissions which also contains a more detailed explanation about permission inheritance in general.

The Advantages of using Groups for Permission Management

As indicated earlier, it is possible to assign permissions either for individual users or also for RDMS Groups. Both ways of managing a Team Drive, either individual-based or group-based, can have their advantages.

Using RDMS Groups gives and additional layer of structure to the permission management.
Using RDMS Groups allows to group users with different permissions. Permission changes can than be done in a single step.
Grouping of users can be beneficial also for other parts of the RDMS if the person within a respective group needs access to another section of the RDMS. Instead of assigning permissions for everyone individually or creating a new group and adding the respective users, the already existing groups can be re-used.

It should be again emphasized that while a group is automatically created during Team Drive creation, it is not mandatory to use RDMS groups for the management of the drive.

If it is desired to manage the drive based on Groups, you can already specify this during the setup and we will assign 'groupadmin' privileges for the respective user. This allows to manage the members of a RDMS group as well as give the privilege to create new RDMS groups.

If you are unsure if using RDMS Groups is suitable/beneficial for your use case, do not hesitate to get in contact with the RDMS support and we can further assist you.

An additional note for icommands users

For those RDMS users that do not use the web portal to work in the system, but who rather work via the command-line interface (CLI) using iCommands, it is also possible to do this management tasks from the CLI. Please refer to the icommands wiki which provides some examples on specific commands that can be used for management tasks. Also refer to the official iRODS documentation which also has a summary of the available commands.

A selection of the most common commands for CLI-based Team Drive management:

ils -A: Shows the files/folders including the currently set access permissions.
ichmod: Allows to modify permissions for files/folders.
igroupadmin: Command to manage groups from the CLI.

Additional Info: Creation of Team Drives by the User

If you have requested a Team Drive, your account gets promoted to 'groupadmin' level within the RDMS. This role does not just allow for the management of RDMS Groups, but also makes the Data Management tab available in the web interface.

To create a Team Drive as a 'groupadmin', first navigate to the Data Management tab, then select the + button to reveal the menu that allows you to create a new Team Drive by selecting 'New Team Drive'.

Afterwards, the system will ask you for the desired name of the new Team Drive. Specify a name, then confirm, and a new Team Drive is created with the specified name.

For 'normal' Team Drive Users

Click to display section

For 'normal' RDMS users, the above described drive management tasks are of lesser importance. In the following section, we will therefore focus on the description where these users find their available RDMS Team Drives in the web portal or when using one of the clients.

It will be also explained how to transfer files to/from a Team Drive location as a short example.

Accessing Team Drives from the Web Portal and RDMS Clients

From the web portal

From the web portal, available Team Drives are listed in the Data Browser tab. Clicking on the name of one of the listed Team Drives will open it.

Afterwards, basic tasks can be performed directly in the web interface, for example the creation of new folders or uploading of small files (<50 MB).

Alternatively, if the correct location of the respective Team Drive is known, in our example /rug/home/Example_Team1, it is also possible to copy this location to the address bar in the web portal, and confirm by pressing 'Enter' to reach the Team Drive.

Using one of the GUI clients (e.g. Cyberduck)

When using Cyberduck as an example for a GUI client for the RDMS, the Team Drive locations can be accessed in the following way:

If using the native iRODS protocol for Cyberduck and when no special configuration are made in Cyberduck, you will see your personal Home location after login (e.g. /rug/home/<mailadress>).

As this is one level down the folder hierarchy of the RDMS, it is first needed to navigate one level up to see available RDMS Team Drive.

In the higher level, in this example /rug/home/, all of your available location, including Team Drives will be available. Just click on a folder to access/open it. Afterwards, file management tasks like up-/download (see below) can be performed.

For Cyberduck on Windows, it is also again possible to directly specify the full location to reach a Team Drive.

Within Cyberduck, this can be done from the Menu under Go → Go to Folder…, then specify the location and confirm to open it.

Note:
If you do not use the native iRODS protocol for the connection to the RDMS in Cyberduck, but instead use the WebDAV protocol, the situation is slightly different:

Using the WebDAV protocol in Cyberduck always opens the location above the users's personal home location, for example /rug/home/.

From there, other location like Team Drives can be accessed directly.

Via the CLI using iCommands

For users of iCommands the easiest way to access a Team Drive location is by directly navigating to its full location using the icd command like:

$ icd /rug/home/Example_Team1

Data Transfer/Sharing and Metadata Management within Team Drives

Data transfer in/out of a Team Drive works in the same way as in/out of your personal Home location.

If this does not work out as expected, you likely miss the correct permissions for your desired task.

Please check our overview about the different permission levels for the needed permissions.

If in doubt, contact the owner/manager of the Team Drive for further information or contact the RDMS support for assistance.

Table of Contents