To access Controlled Access data in FireCloud, you must:
1. Have an eRA Commons or NIH account with dbGaP authorization. Go here for instructions to set up an eRA Commons or NIH account with dbGaP authorization.
2. Establish a link between your FireCloud and eRA Commons / NIH accounts. Go here for instructions to link your eRA Commons or NIH account to your FireCloud account.
You can also check out this FireCloud Webinar for more information.
If you meet the above Requirements to Access Controlled Access Data Workspaces, you will be granted READER access to all pre-populated TCGA Controlled Access Data workspaces.
The National Cancer Institute (NCI) and dbGaP consider any data derived from TCGA Controlled Access data to also be TCGA Controlled Access data.
FireCloud users can derive data from Controlled Access data by:
Cloning a Controlled Access Data workspace and running analyses in the cloned workspace.
Rather than track specific data objects as "controlled access", FireCloud identifies workspaces as TCGA Controlled Access and restricts access to those workspaces to users who meet the requirements stated above.
When you create a new workspace, you can add the "TCGA-dbGap-Authorized" group to the Authorization Domain to protect any TCGA Controlled Access Data in your workspace. Once a workspace has this Authorization domain set up, it remains a Controlled Access Data workspace.
When you clone a Controlled Access Data workspace, the cloned workspace will automatically have "TCGA-dbGap-Authorized" group in the Authorization domain.
If you are granted access (READER, WRITER, or OWNER) to a TCGA Controlled Access Data Workspace but do not meet the requirements listed above, you can view the workspace in the workspaces list, but will be unable to enter it. This may occur, for example, if another user shared a TCGA Controlled Access Data workspace with you and your dbGaP authorization has not yet been approved or the linkage of your FireCloud and eRA Commons accounts has expired.
If you can not enter a TCGA Controlled Access Data workspace, but believe you have dbGaP authorization for Controlled Access data, you may need to re-link your eRA Commons / NIH account. You can go to your User Profile to check your dbGaP authorization status and click Log-In to NIH to re-link your account if your linkage has expired.
If you are the OWNER of a Controlled Access Data workspace, FireCloud will not prevent you from sharing the workspace with a user who does not meet the requirements to access Controlled Access Data Workspaces. However, these users will not be able to enter the workspace you shared unless they met the Requirements to access Controlled Access Data Workspaces.
Google buckets associated with Controlled Access Data workspaces will be accessible to FireCloud users who meet the requirements to access Controlled Access Data Workspaces and who have the appropriate permission of READER, WRITER, or OWNER for that workspace. Users who meet these requirements can access the buckets through the workspace Summary tab or gsutil.
In order to copy entities from a Controlled Access Data workspace, the destination workspace must also have the Authorization domain with the "TCGA-dbGap-Authorized" group set up. If you attempt to copy entities to an Open Access Data workspace, FireCloud will not allow you to choose a Controlled Access Data workspace from which to copy entities.
FireCloud does not identify Controlled Access data within TSV load files. Therefore, FireCloud cannot prevent users from uploading TSV Load Files containing Controlled Access data to an Open Access Data workspace.