Versions Compared

Old Version 71

changes.mady.by.user Kimyen Truong

Saved on

compared with

New Version 72

changes.mady.by.user Kimyen Truong

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
outlinetrue

...

Use Cases for this Workflow can be found here.

Setting up the Access Requirement

ACT has been using an R script to create Access Requirement on a set of entities (data set). On some data set, there will be multiple Access Requirements: ACTAccessRequirement, and SelfSignAccessRequirement.

Example form:

View file
nameROS.MAP_DataUseCertificate_July24.2015.pdf
height250

Link to instructions: https://www.synapse.org/#!Synapse:syn2954404

Requesting Access

Dataset A has ACTAccessRequirement. User B wants to download dataset A, s/he needs to email the ACT to request access to data set A. Via emails, an ACT member would ask the user to complete some forms. The forms are different for each dataset. A form includes the information that Sage and data contributors requires. It is an agreement between Sage and data contributors, so it will not change after it's established for a data set. When there is updated on the data set, we have the data in a different project/ folder and have a new set of Access Requirements on that data.

Each request may request n number of users to access the data. A request normally includes information about the institution, the signing official at the institution and the research statement for the project that the list of accessors are working on. Some request requires accessors' signatures, some requires other certificates. For human sensitive data, the request requires that accessors have their Synapse profile validated.

Granting Access

After the users meets all requirements given by the ACT (via emails), an ACT member would go to the dataset and manually enter the user(s) and run an R script to give the user(s) access to the dataset.

Updating Information

When someone leaves an institution, a requestor will email the ACT about removing a member from their request. The ACT will manually remove this user access.

When a new member join a lab, a requestor will email the ACT about adding a new member to their request (and their signatures in some cases). The ACT will manually grant the new user access.

Renewal

Every month, an ACT member will loop over all requests to see which one will expire in a month and send an email to the requestor to remind them about updating their request. If s/he does not response, the ACT member will email other members in their request.

Exporting Information

Every few months, an ACT member will download all DUC forms and Intended Data use Statement in that period and send them to the data contributor.

...

  • Manually entering the detailed information (in a spreadsheet) about the request for access (including approval status) is a burden for the ACT.

  • User's handwriting is hard to read.
  • Since requests are submitted via email, there is no ways to prevent requests coming in with missing information.
  • Keeping track of which request is about to expire and emailing reminding users about their expired request takes a lot of time.

Proposed Work Flow

Setting up the Access Requirement

...

The ACT member will navigate to a page specifically for managing AccessRequirement and DataAccessSubmission.

...

For ACTAcessRequirement:


After creating an ACTAccessRequirement:

From this page, there they can create a new Access Requirement, selecting entities to associate with it. Once the Access Requirement is created, they can create a form for accepting access requests.

Image Removed

For existing Access Requirement, the ACT can open it by entering/selecting an entity associated with that Access Requirement. They would be able to see the preview of the Access Requirement before opening it.

Image Removed

The ACT member will be able to update any part of the Access Requirement, including adding a form for accepting access requests.

Image Removed

(Please see the process of creating a form below.)
Once a form has been created, the table of requests will be shown on the page, and there will be a button for viewing the form as a requestor would see it.

Image Removed

The form creation process is as follows:

Every form contains an instruction given by the ACT, and the following fields:

  • Project Lead
  • Intended Data Use Statement 
  • List of Accessors

For each form, the ACT will determine the expiration period (number of months or NONE.)

For the list of accessors, the ACT may specify that accessors must be certified and/or have validated profiles.

Image Removed

The ACT member can add existing fields:

  • DUC
  • IRB

Image Removed

They can remove fields using the "x" to the right of the field.

Image Removed

The ACT member can also add a custom new field to the form.

Image Removed

The ACT can preview the form before creating it.

...

AccessRequirement, an ACT member will be directed to a page to manage the created AccessRequirement:


For an ACTAccessRequirement, an ACT member will find the DataAccessSubmissions that need to be reviewed:


From the Access Requirement Manager home page, an ACT can also look for an AccessRequirement by entityId:

Requesting Access

User B goes to any entity A with an ACTAccessRequirement associated with it, and clicks on "show unmet conditions" to get to the data access request form (if one has been set up.  If not, the process will be the same as it is currently for requesting access).  If they are not logged in, then they will be met with this view:

...

____________________________________________________________________________________________________________________________________

Hi:

The Synapse Access and Compliance Team has approved your application for use of the MayoGWAS data distributed through Synapse.

To use this data you must adhere to the Terms of Use as described in the MayoGWAS DUC: https://www.synapse.org/#!Synapse:syn2910256

The MayoGWAS data can be accessed through the following Synapse project:https://www.synapse.org/#!Synapse:syn3219045

Please note that the first time you download a datafile you will also be asked to agree to acknowledge the AMP-AD Partnership in publications derived from any of the AMP-AD data. This approval must be performed through the website.

For a review of the AMP-AD Data Terms of Use, please see here: https://www.synapse.org/#!Synapse:syn2580853/wiki/78604.

Please note, this email is sent from an unmonitored account. Send any questions to act@sagebase.org.

Sincerely,
The Synapse Access and Compliance Team

____________________________________________________________________________________________________________________________________

...

____________________________________________________________________________________________________________________________________

Hi:

The Synapse Access and Compliance Team has rejected your application for use of the MayoGWAS data distributed through Synapse, because you did not sign the DUC.

To submit another request, please visit the MayoGWAS dataset at: https://www.synapse.org/#!Synapse:syn2910256.

Please note, this email is sent from an unmonitored account. Send any questions to act@sagebase.org.

Sincerely,
The Synapse Access and Compliance Team

____________________________________________________________________________________________________________________________________

...