Permission Model

Project Configuration

XNAT permission model uses a number of methods. The first thing is the project accessibility. A project can be private, protected or public. A private project is visible only by its users, a protected project is only accessible by its users and a public project is accessible by everyone.

>>> central.select('/project/PROJ').set_accessibility('public')
>>> central.select('/project/PROJ').accessibility()
'public'

The second thing is user roles within a project. Users can be owners, members or collaborators to give read or write access to projects:

>>> central.select('/project/PROJ').add_user('my_friend', 'member')
>>> central.select('/project/PROJ').add_user('my_other_friend', 'owner')

Resource Sharing

The last thing is the ability to share subjects, experiments and assessors accross projects. Subjects shared to a private project enables a user to add experiments, or processing results to the subject which would not have been possible if the user didn’t have write access to the original project. This functionality is also used to share a subject which is scanned across multiple studies, but restrain access of its data to the relevant investigators.

>>> subject = interface.select('/project/project1/subject/subject1')
>>> subject.share('project2')
>>> subject.unshare('project2')
>>> # to know to in which projects a subject is available
>>> subject.shares()

Almost the same interface is available for collection objects:

>>> subjects = interface.select('/project/project1/subjects')
>>> subjects.share('project2')
>>> subjects.unshare('project2')
>>> # to retrieve the subjects sharing a list of projects
>>> subjects.sharing(['project1', 'project2'])

Note

Of course the permissions policies (user level and project accessibility) still apply.

Warning

The shares and sharing methods are not implemented in an efficient way at the moment. There is another more concerning issue: subjects for example are accessible through their ID or label. But labels stop working when trying to access a subject through a project that is not its orginial one.