Version | Date | Comment |
---|---|---|
V.3 | 2021/12/15 | Current version. Added version tracking table. |
V.2 | 2021/05/21 | Updated |
V.1 | 2021/05/21 | Created |
Purpose: This documentation provides recommendations for ACT to disseminate to independent Synapse data contributors attempting to self-manage data access.
Table of Contents
Introduction
For projects containing sensitive information, the Synapse Access & Compliance Team (ACT) recommends controlling who is able to access the data. Sensitive information can include data from human individuals that are at risk of re-identification or that have certain data use limitations/conditions for data access. One method of controlling data access in Synapse is to create and manage teams. This method is preferred for data contributors who would like to self-manage data access.
Data Governance Overview
When using the “teams” method of data access control, the Synapse ACT recommends setting up projects so that registered Synapse users have "view" access to the project, and only approved users have "download" access to the project. This means that your project will be searchable on Synapse, and registered users will be able to view the main project wiki page and any data previews you’ve set up, but they won’t actually be able to click into and download the sensitive datasets.
You can approve users for data access by creating a Synapse Team. Users will need to request that you add them onto the specific team before they can download the data. There will be an option for you to add a team description, where you can request that users explain their research purpose or Intended Data Use upon requesting to join the team. This will give you further visibility into why people require data access before you approve or deny their request.
Note that there will also be a team option for users to join the team automatically without needing to be approved by the team administrator.
Setting up your Team and Data Governance
Creating your team
Go to your profile icon on the top right corner of your account, and click "Teams" within the dropdown menu.
Click the "Create a new team" button on the top right of the teams page. We recommend making the team name intuitive to Synapse Users (e.i. include the name of the project in the team name)
Click the 3 dots at the top right corner of your new team, and select "Edit Team" (see screenshot below).
In the edit team area, you can add a team description indicating that users must explain their intended data use before they will be accepted to the team. We recommend leaving all other default team settings as is.
When users go to request that they be added to the team, they will be able to submit their intended data use in a comments box. This will trigger an email to the team admin, who can either accept or deny the team request based on the submitted intended data use statement. You can either send invitations to people directly, or users can search the team on Synapse. We recommend adding instructions and a link to your team page to your Synapse project wiki letting users know that they should request team membership if they want access to the data.
Sharing your project with your team
Go to "Project Sharing Settings" in the top right corner of your project page. Note that you can set up sharing settings at the project level or folder level. If you set up sharing settings at the project level, all folders in the project will automatically adopt the sharing settings of the project.
Click the "Make Public" button at the bottom of the page. Give "view" access to registered users/anyone on the web, and give download access to the team you created. Here's an example below:
When people are added to the team, they will have download access to the data. All other Synapse users will be able to view the project, but not access the data (they will only be able to see the data preview and not be able to download the data).