...

• The instructions/verbiage for the AR.

• The data requestor must be a certified user (Y/N)

• The data requestor must have a validated profile (Y/N)

• A data use certificate (DUC) must be included in the request. (The ACT crafts a template to be used.) (Y/N)

• Approval by the data requestor’s institutional review board (IRB) is required. (Y/N)

• An intended data use statement (IDU) is required (Y/N) and, if so, whether it will be publicly visible.

• The expiration window for access approval (entered in days).

...

The ACT decides which file or files in Synapse are to be controlled by the AR. If the access requirement is applied to a folder then all files beneath that folder, or within nested subfolders, are so restricted. Further, the ACT may apply multiple ARs to a file or folder in which case the data requestor must meet the requirements of all the ARs that apply.

...

Once submitted the request goes to the ACT. After approval the data is unlocked and this status is indicated in the Synapse UI. TODO: Are email notifications sent?The systems also sends an email notification to the requestor.

Updating, renewing and Revoking Access

TODO: Explain how the requirement for renewal is defined and what the process for revocation isThe ACT can reject a data access request. An email notification is sent to the requestor explaining the reason for the rejection. The requestor can update their application and resubmit.

A data accessor can update an approved access request, e.g., to add additional end users or to remove users who are no longer part of their group.On update (to renew or revoke)

Data access approval can expire, requiring resubmission of the data access request. Email reminders are sent out 2 months and 1 month prior to expiration of data access.

When updating a request, there's some additional information requested by the ACT :

...