 User, Group and Quota Management How does Galaxy manage users and groups? How can I assign quotas to specific users slash groups? Learn the Galaxy user slash group management and assign quotas. Understand the role-based access control, RBAC, of Galaxy. Users, Groups and Quotas There are a large number of topics related to users, groups and quotas, as an admin you have lots of control over this. Most of the configuration lives in the galaxy.yaml file. Some of the configuration must be done in the UI. These options let you control user login. For example, are anonymous users permitted? Are users able to register themselves? Are users able to purge datasets themselves? All of these are questions you will need to consider. Whenever a user registers, user activation settings control how this process happens. If you want to require activation they cannot run tools until they receive the confirmation email. If you want to prevent users registering from specific domains. Some options are related to IT security policies. Check with your local IT authority for best practices for your organization. In the Ansible Galaxy training, you set the admin underscore users variable to define an admin email. User impersonation is a very commonly used feature. It allows admins to debug issues in their users histories. A master API key cannot be used for every task an admin API key can be used for. This is because it is not tied to an individual user. These options control if the username or email are shown as a drop-down in the sharing menus. The option new user data set access role default private is important by default. When users share by link, all datasets are public. When you set this option, data sets are private. Even though the history is shared via link, users will complain when it doesn't work and have to be educated to click the appropriate buttons. Galaxy users back for permissions in many places. Roles can be created and assigned permissions. Roles and groups behave similarly, grouping users together and granting permissions. The manage permission controls which accounts can manage permissions of datasets. Access permission is those who can see and work with the data. These can be controlled in the permissions menu of datasets or more generally at the history level. Users must have every role listed in order to access that dataset. This leads to the odd case where users wish to share with multiple groups, but by adding more roles, it becomes unavailable to everyone. Access library permits users with any of the listed roles to access the library. No roles means a public library. Generally the last three are set to the same values, unless you have complicated requirements. In the library management, someone with any subset of the roles listed may make changes. This is very different from dataset permission management, where users must have every role. You can enable quotas in your galaxy.yaml file. When the user has more data than their quota permits, they are prevented from starting new jobs. Many sites set up a quote increase request form to let users request increases for specific temporary projects. Quotas can be set for users or groups, but it is applied individually, as users may receive multiple quota changes. For example a user working for two groups, might receive two different quota increases. Quotas can be managed through the API. Some people want to automate this process, but it needs more work. Galaxy has a powerful user and group management system that can be utilized for quota management. Thank you for watching.