SOP05-RM05: Managing Data Access Using Teams
Revision Date: 2024.07.10
Table of Contents
I. Description
This RM describes the processes to set up a Team in Synapse, manage the Team, use the Team to provide access to projects and folders using Sharing Settings, and related details regarding Teams.
II. Objectives
This procedure is an overview for ACT members and other Sage employees to use Teams to share projects and folders in Synapse using Teams.
III. Scope
This RM applies to members of ACT, employees of Sage who use Synapse, and any other Registered Synapse users.
IV. Definitions & Acronyms
Access and Compliance Team (ACT) - A Sage Governance sub-team that has Synapse administration privileges enabling members to process access requests, create and manage ARs, validate user profiles, and take other administrative actions for governance purposes.
Access Requirement (AR) - A data restriction, or lock, placed on a Synapse entity (a folder, file, project, or team) and set according to the data contributor’s established Conditions for Use defining the requirements that must be met by a user in order to be allowed access to the entity.
Certified User - A Synapse user who has created a Synapse ID, has logged into Synapse using their email and password, and has successfully completed the Certification Quiz. Certified Users have access to full Synapse functionality, including the ability to upload files and tables as well as create folders.
Managed AR - An Access Requirement that requires data access to be granted via the Synapse Access and Compliance Team (ACT) and/or Data Access Committee (DAC).
Synapse Team - A formal group of Synapse users created for easy administration of project access controls and to enable members to communicate and participate in Challenges on Synapse.
Team Manager - A role assigned to one or more Synapse Team member(s) with permission to edit Team settings and add, remove, and change the status of team members. The creator of the Team defaults as a Team Manager.
V. Authorities/Responsibilities
All Registered Synapse users are able to create Teams and self-manage user access to their projects, or projects they administer, using Teams.
Members of the Access and Compliance Team (ACT) are able to administer Access Requirements on Teams.
VI. Procedures
A. Creating a Team
From the Dashboard view, use the Teams selection from the left navigation bar.
On the top right corner of the “Your Teams” page, click on the Create a New Team button.
Create a Team Name using an intuitive and searchable title.
Once the Team is created, adjust the Team settings using the “Team Actions” menu.
i. Inviting users. A Team Manager uses this option to invite users to join the Team. An optional invitation message may be included in the invitation.
When an invitation is sent by a Team Manager, the invited Synapse user will receive an invitation email with a Synapse link to join the Team. Any pending invitations will display in a list on the main Team page and will remain listed until the user accepts the invite or a Team Manager clicks “Cancel Invitation”. If a user has not responded to the invitation or needs the invitation resent to them, a Team Manager can prompt the invited user again by clicking “Resend Invitation”.
IMPORTANT: If a user does not accept the invitation and later is no longer authorized to access this Team, the Team Manager must cancel the invitation to prevent future unauthorized user access.
ii. Edit Team. A Team Manager can customize the Team by updating the Name, adding a Team description, and uploading a Team icon. A Team Manager can also change user access settings (see screenshot below) and set whether Synapse users can send messages to the Team. To send messages to a Team, a Synapse user addresses an email message using the email: [team name]@synapse.org email address.
iii. Delete Team. Note: A Team cannot be deleted if it is referenced by an Access Request submission or if an entity is shared with it.
iv. Leave Team. Team members and Managers can choose to leave the Team and revoke access associated with Team membership. Note: Due to the Admin role associated with being a Team Manager, if you are the sole Team Manager you will need to assign a new Team Manager prior to leaving the Team. IT is able to assign a new team manager if needed.
v. (ACT) Manage Access Requirements. This “Team Action” option is only available and displayed for members of the Sage Access and Compliance Team (ACT) and allows Team members to createTeam-specific ARs. A Team AR may be used to require Team members to agree to specific conditions associated with membership through application of a Click-wrap.
Once Team Members have accepted the invitation to join the Team, the Team Manager can assign additional Team Managers by clicking the 3-dot menu on the right side of the Team Member’s profile and selecting “Make Team Manager.”
Team Members can also be removed from the Team using the 3-dot menu on the right side of the Team Member’s profile.
B. Sharing a Project with the Team
From a Project, Folder, or Synapse Entity, use the “Project Tools” button to display the tools menu and select “Project Sharing Settings”.
i. If changing Sharing Settings on a Folder, click the “Create Local Sharing Settings” button. This means that the Folder will have different sharing settings than the overall Project.
Add the Team by typing the Team Name into the “Name” field under “Add More People”.
Once the Team is added, adjust the “Access” settings as needed.
C. User Requests to Join a Team
The process for joining a Synapse Team depends on the Team settings.
If the Team setting is “users can join this Team without Team Manager authorization”, then users are able to automatically join the team without Team Manager authorization.
If the Team setting is “users must be authorized by a Team Manager to join this Team,” then users require Team Manager authorization. When a Team membership request is submitted by the Synapse user the Team Manager will receive a notification to add the user to the Team and can either accept or deny access.
If the Team setting is “Team is locked, users may not join or request access. New users must be invited by a Team Manager”, then users may only be added via invitation from the Team Manager and will not have the option to independently submit a Team membership request.
If the Team has a Click-wrap, the user will need to accept the Click-wrap before either asking for access or accepting an invitation.
D. Access Requirements on Teams
Click-wraps and Managed ARs are set on Teams by ACT. Use the general processes described in SOP05: Governance Functions in Synapse to set up a Click-wrap or Managed AR for the Team as needed.
VII. Associated Documents and Resources
SOP05: Governance Functions in Synapse
Synapse Docs: Teams
Synapse Docs: Managing Data Access With Teams
VIII. Revision History
Version #, Date | Description |
V1, 2024.07.10 | New Document |