Sharing Settings, Permissions, and Conditions for Use
As laid out in Data Access Types, sharing settings and conditions for use are extra layers of protection that you can add to your data to determine who has access to it, and what they can do with it.
Sharing Settings
Sharing settings determine who can access content in Synapse and what permissions those users have with respect to a dataset. For example, sharing settings on a file can be used to control who can view, edit, download, or delete content. You are responsible for determining the appropriate sharing settings for any content that you upload into Synapse.
Edit Sharing Settings on a Project
When it comes to a project, there are two main options for sharing settings: public or private. The private sharing setting limits access to only specified users and teams. By default, all new Synapse projects are set to private, and you can manually add collaborators and/or allowed users as needed. You can then specify individual permissions for any of these private users. If you set your project to public, you can also specify permissions for any registered Synapse user, as well as to allow anyone on the web to view an item (more on permissions below).
To view and modify sharing settings on a project, go to that project and click Project Settings in the top right corner, and select Project Sharing Settings from the resulting dropdown menu.
In the Project Sharing Settings window, you can add individuals or groups by entering a username and then selecting the appropriate level of permissions from the dropdown menu. You can manage permissions for a group of users at once by first adding these users to a team. If certain individuals require unique permissions, consider creating multiple teams or sharing the item directly with the individuals that require unique permissions.
Learn more about this: Managing Data Access With Teams
At the bottom of the sharing settings pop-up window, you have the option to make the project public using the Make Public button.
Clicking on Make Public adds two additional groups to your sharing settings window: 1) all registered Synapse users and 2) anyone on the web. You can edit the level of access for either group and then click Save to make your changes. Note that you can only grant view permissions to “anyone on the web”. To remove the settings for these two groups, click Make Private.
Edit Sharing Settings on Files, Folders, and Tables
You can adjust the sharing settings for individual folders, files, tables, and views separately from their parent project or folder. For example, you may wish to keep a particular folder private while you make the project public. Or you may want to share drafts of individual files with collaborators first prior to sharing them publicly.
By default, all of the content residing within a parent project inherits the same sharing settings. If you move an item, then it carries those settings to another project. You can override this inheritance by defining a local sharing setting for that specific item. To do so, navigate to the file, folder, table, or view, then click on the Tools menu. Select the Sharing Settings option from the dropdown menu. You’ll see the current (inherited) sharing settings in the resulting pop-up window. You will also see the option to Create Local Sharing Settings, which allows you to specify different sharing settings than the parent folder or project.
Permissions
In addition to applying global sharing settings on a project, file, folder, or table, you can also grant different levels of access, or permissions, to individuals or teams. The permission categories are: view, download, edit, edit and delete, and administrator.
View Permissions
View permissions give you the ability to see that something in Synapse exists (like the name of a project, file, folder, or table). You can discover the item using Synapse search, and it will be visible to you if included in a table or a file view. If there are annotations associated with it, you can see these as well, however you cannot see the table or file contents. For example, if you have view permissions on a file, you will be able to see the file name and associated annotations, but you will not be able to see a preview of the file or download it.
Download Permissions
Download permissions give you the ability to see the contents of a project, file, folder, or table and download the contents to your own computer. Having download permissions includes also having view permissions.
Edit Permissions
Edit permissions allow a Synapse user to make changes to something in Synapse. This permission level also allows you to upload data to a folder or project where you are not an administrator (although you must be a certified user to do so). A user with edit permissions can:
Change the name of a project, folder, file, or table
Change the annotations associated with an entity, including removing existing annotations
Change the storage location settings of a project or folder
Someone with edit permissions cannot delete something that is shared with them. Edit permissions are cumulative with view and download permissions.
Edit and Delete Permissions
Edit and delete permissions allow you to delete something that is shared with you, in addition to the edit permissions previously described.
Administrator Permissions
Administrator permissions allow you to change the sharing settings and metadata related to an entity. You can also change the friendly URL of a project. You can add, remove, or modify the sharing settings, including removing yourself. Administrator permissions are cumulative with edit and delete permissions.
Conditions for Use
Conditions for use are put in place to define/restrict how users who have permission to download data may use it. These conditions are placed on controlled access data. Conditions for use may include IRB approval or other restrictions that you define as the data contributor.
Conditions for use typically are structured to comply with the terms under which the data were collected or with other human subjects regulations. For example, human ‘-omic’ data may have conditions for use imposed by informed consent requirements, legal contracts, or other privacy requirements. It is also appropriate to add conditions for use to data collected from “vulnerable” populations and to data that could potentially harm individuals or groups if misused. If you have any questions about whether conditions for use should be applied to your data, please contact our Access and Compliance Team (ACT).
You are responsible for determining if the data you would like to contribute is controlled data and therefore requires conditions for use. Carefully consider the specific risks and appropriate protections required before sharing your data on Synapse. If there are no ethical, legal or regulatory reasons to impose conditions for use, the data can be used for any lawful research purpose. We ask that data submitted to Synapse be de-identified or pseudonymized according to local law and regulations (for example, HIPAA or GDPR). Guidance on de-identification according to HIPAA rules can be found here.
Conditions for use can be set at the project, folder, file and table level. We recommend grouping files that require the same conditions for use in a dedicated folder within your project. It is important to note that conditions for use cannot be set for Synapse wikis or discussion forums: they are not designed to house data and therefore do not have conditions for use as a feature.
Examples of Conditions for Use
Conditions for use vary broadly. Some examples include:
Specification of what type of research or analysis can be conducted on the data, for example, a data set may only be able to be used for breast cancer research
Specification of who can conduct research with the data set, for example, only researchers at non-profit institutions can use the data for research
Requirement that the data user submit an Intended Data Use statement, Data Use Certificate, or IRB Approval Letter prior to accessing the data.
How to Add Conditions for Use
To upload any data to Synapse, you must become a certified user first. Once you complete the steps to becoming certified, you can upload your data and add conditions for use to limit how your data will be used by others. If you would like to set conditions for use for an entire project, please contact the Synapse Access and Compliance Team (ACT) at act@sagebase.org for assistance.
By default, content within a folder or project inherits the conditions for use of the parent folder or project. As with sharing settings, you can set local conditions for use for individual folders, files and tables, but unlike sharing settings, you can only add to the existing parent project/folder’s conditions for use. In other words, all content within a folder or project has, at a minimum, the conditions for use of its parent folder or project, and may have additional local conditions for use as needed. You cannot create a folder, file, or table that has fewer conditions for use than its parent or that has conditions for use that conflict with that of the parent.
To set conditions for use for folders, files, and tables in Synapse, navigate to the item and click the Add Conditions for Use button.
The resulting pop-up window will ask you if the data is sensitive human data that must be protected. If you answer yes, the ACT will reach out to you to assist in setting the appropriate conditions for use. If you answer no, but still feel that your data requires conditions for use, contact the ACT to discuss your needs (act@synapse.org). Note that once you click the Add Conditions for Use button, your data will no longer be accessible to others until conditions for use have been established with the ACT.
How to Access Data with Conditions for Use
To access data with conditions for use (controlled access data), you must be a registered or certified user, and you must fulfill the conditions for use set by the data contributor. Navigate to the file, folder, or table, then look for the yellow access symbol. Click Request Access to open a dialog box with directions to meet the conditions for use. In many cases, you must read and electronically agree to data-specific terms. Occasionally, access to controlled data requires additional steps, like having your analysis plan approved by an ethics board or IRB.
Sharing a Synapse account or sharing controlled access data with other collaborators violates the Synapse Terms of Use. Each user wishing to access controlled data must individually agree to the Conditions for Use. Even if your collaborators have access to the same controlled data, be mindful when sharing information. Do not send data or metadata via email.
Warning: Controlled access data may not be redistributed or shared. All users must individually agree to the conditions for use before accessing this type of data. Do not send controlled access data or metadata via email.
Flagging Inappropriate Data Use
If you believe data in Synapse is being shared inconsistently with the associated conditions for use, use the Report Violation flag in the header of the relevant file, folder, or table.
Flagging the data will alert the Privacy, Security, & Compliance Office (PSCO), and we will contact you for more information. You may also visit the PSCO Help Center directly to report possible incidents.