OMERO Wiki »

Group Management

Introduction

Groups are used in OMERO to enable sharing of data between users. Groups are created by the OMERO system administrator and usually have one or more group owners. Group owners and admins can add or remove members.

There are four levels of group permissions allowing members different degrees of interaction with the data owned by other members in the group. In all groups, you retain ownership of your own data, and there are no limitations on the operations and actions you can perform on your own data. You can be in many groups, each with different permissions.

As group permissions are set at a server level, they apply to OMERO.insight, OMERO.web or any other application or script being used to access the data. Data can only be in one group, but can be moved between groups.

IT IS VERY IMPORTANT TO UNDERSTAND THE FOLLOWING TO ADMINISTER GROUPS IN OMERO

User roles

There are three levels of role in any group:

Member - the level most users will be at:

  • can always see and interact fully their own data in any type of group
  • how much they can see and interact with data belonging to other group members depends on the type of the group.

Owner - typically used by laboratory or research group leaders:

  • groups can have more than one owner
  • can manage group membership
  • can increase the permissions level on a group
  • can view, annotate, edit and delete data belonging to other members in the group (except annotate in Private groups)
  • other interactions with data belonging to other group members depends on group type.

Admin - this role is typically reserved for the OMERO server administrator:

  • practically speaking, Administrators can do anything they like to any user’s data, in any group (except annotate in Private groups).

Group types

There are four types of group in OMERO: Private, Read-Only, Read-Annotate and Read-Write.

The main points can be summarised as:

  • you can be in many groups, each with different permissions
  • you always retain ownership of your data
  • your rendering settings cannot be overwritten by any other user
  • only administrators can move your data between groups
  • only you, a group owner or an Administrator can delete your data except in a Read-Write group.

The following sections summarise how other members in each of the group types can interact with your data.

Private Group - your data is only shared with the Group Owner(s) and Administrators.

Read-Only Group - group members can view but not alter your data.

Read-Annotate Group - group members can add to your data but not remove anything.

Read-Write Group - group members are effectively co-owners of all the data except for moving data between groups.

Managing groups as an OMERO system Administrator

Administrators can:

  • create new users and groups
  • manage the membership of all groups
  • view disk usage statistics for all groups and users
  • email users or groups

Create a new group in the web client

  1. Click on the Admin button on the left in the top toolbar.
  2. Click on the Group tab to create a new group.
  3. Click on the Add New Group button.
  4. Enter the details of the group. Name the group according to the standard 'PI-surname lab'
  5. Click into the Owners box and start typing the name of the user to add to the group. A filtered list of users matching the letters typed will appear.
  6. Add any users to be owners to the Owners box.
  7. Select the user to make them an owner of the group.
  8. To remove a user from a group, click the x after their name.
  9. Add any users to be members to the Members box as described above.

Add users to an existing group

  1. To add a user to an existing group, click on the Edit icon and add users as above.
  2. Individual members can also be added to an existing group via their user details page.