Other people's data

What to do when access to another user's data is required. Not a policy but a preliminarily information.

FAQ

What can and cannot IT do when it comes to granting permissions?

The IT department receives several requests a week for access rights for a user B to data belonging to another user A. We can't grant access without being sure that's what the data owner wants. Details:

Forwarding an email in which the owner has agreed is not enough! It takes a skilled person about half a minute to forge such an email.
We are not even allowed to tell B file names in some private folder of A.
We will not change B's permissions from "read-only" to "write" for A's folder without A's permission.
Even the police will not be granted access unless they have a court order.
IT will never give a user's password to anyone, including the user. IT does not store passwords anyway.

This is what we can do without a data owner's explicit consent:

If data is purely research related, person A's supervisor will be granted the same access.
- Data in a user's home directory is not considered research related - the home directory is considered private. Please keep this in mind when storing data!
- Data in /data folders starting with pt_ or p_ are considered to be purely research related since there are associated with a registered research study of the institute.
- The status of data in /NOBACKUP is unknown to IT, which means there might be private data in it. We need the owner's consent here.
To access another user's account on the institute's mail server, a strict procedure has to be followed: Email-Override.pdf.

Please keep in mind that those rules apply to all accounts and will keep your data safe as well.

Back to FAQ start

How to correctly request permissions

Just ask the data's owner to either grant permissions by themselves or to contact IT and request permissions for you. We are happy to fulfill such a request.
Make sure to specify, which path permissions should be granted for.
- Good Example: /data/pt_nps154 , /afs/cbs.mpg.de/share/gr_social , /afs/cbs.mpg.de/projects/nps135 , /nobackup/schweiz1/somedata
- Bad Examples: AFS , "My data directory", "Data of our group's study XY"
- Rule of Thumb: If it starts with a /, it's usually fine.
- Hint: /data, /afs/cbs.mpg.de/share and /afs/cbs.mpg.de/projects are base folders for separately managed directories. Just /data or /afs/cbs.mpg.de/projects is not enough.
Make sure to explicitly ask for write permissions if you need them. A request like "Please grant access to X to person B" will be interpreted as "B will be allowed to read X".
If the owner is abroad, an OK from the owner's supervisor is sufficient for data which is not considered private by IT. However, IT has to make sure the alleged supervisor is the actual one. For this IT trusts any of these sources:
- the internal user management system. The phone command in a Linux shell shows a person's supervisor
- The owner's department's secretary
- A director's word

Back to FAQ start

How to store data so that it's accessible in urgent cases?

Put your research related data where it is not considered private. this page will help you. The best place for non-intermediate data is the StorageUnified service of the institute (commonly known as /data ).

permissions can be set per study/project
permissions are role based (study supervisors, researchers with write access, ...)
all data blocks below /data starting with a p are considered non-private and will be made available to your supervisor if it's necessary.

Back to FAQ start

This topic: EDV/FuerUser > WebHome > OtherPeoplesData
Topic revision: 05 Aug 2024, wherbst

Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback