API Access and User Impersonation

classic Classic list List threaded Threaded
1 message Options
| Threaded
Open this post in threaded view
|

API Access and User Impersonation

jletaw667

Hi all,

 

We have a system in place that sends jobs to a compute cluster based on the real user name, as opposed to something like ‘galaxyuser’.  Galaxy workflows are created and invoked using bioblend code, so the users don’t have to go in and manually set workflow inputs.  However, this means each user needs admin access in order to create these workflows via API.

 

Additionally, we have one or two actual admin users that are charged with fixing the occasional workflow problem that pops up.  The ability to impersonate users is super helpful in this situation, as you might imagine.  So, I’m stuck in this situation where I’d rather not have MOST users with impersonate access.  I don’t know of any way to do this, do you?  With our setup, can anyone recommend an alternate configuration that would close this security hole?  How hard is it to feed a list on email address to the user impersonation config variable?

 

Thanks,

John


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/