Keep protected data in proper locations
/fs/ess/PDEXXXX and /fs/scratch/PDEXXXX directories.(Only with prior approval from OSC may a protected data service project not have a project prefix of PDE).
There are other storage locations at OSC, but none of the follwing locations can be used to store protected data because they do not have the proper controls and requirements to safely store it:
/users/<project-code>/fs/ess/<non-PDS-project>/fs/scratch/<non-PDS-project>
Project space access controls and permissions should not be altered
The directory permissions where protected data are stored are setup to prevent changing the permissions or access control entries on the top-level directories by regular users. Only members of the project are authorized to access the data; users are not permitted to attempt to share data with unauthroized users.
The protected data environment will be monitored for unauthorized changes to permissions and access control.
Grant and remove user access to protected data
Protected data directoires will be set with permissions to restrict access to only project users. Project users are determined by group membership. For example, project PDE1234 has a protected data location at /fs/ess/PDE1234 and only users in the group PDE1234 may access data in that directory.
Adding a user to a project in OSC client portal adds the group to their user account, likewise removing the user from the project, removes their group. See our page for invite, add, remove users.
Keep accounts secure
Do not share accounts/passwords, ever.
A user that logs in with another person's account is able to perform actions on behalf of that person, including unauthorized actions mentioned above.
