Skip to main content

EDITO group projects

Learn how to collaborate with multiple users on an EDITO project.

Updated this week

Context

EDITO incorporates a feature that allows multiple users to share access to the same resources within a project. While this can be extremely beneficial for collaboration, be aware that it might be exploited by a malicious user within the group to leverage the privileges of another project member.

⚠️ Always monitor shared resources and maintain proper user access control to prevent security breaches.

Set-up your group project

If you are part of one or more projects on EDITO, you can navigate between the different spaces using the drop-down menu (1) at the top-left part of the Datalab.
There, you can now change the current context from your personal project to a shared group project you have been added to.

Then you can go to the File Explorer (2) and navigate inside your project.

Below are the fundamental changes between personal projects and group projects.

Secrets

⚠️ WARNING ⚠️

All members of a group project can access the group project secrets from self-services launched in their personal project or from the group project. The access is associated to their personal vault token. The group project does not have a vault token.

WE DO NOT RECOMMEND ASSOCIATING A VAULT TOKEN WITH SHARED SERVICES, otherwise other members of the group project could access your personal project secrets. We recommend configuring the service to accept secrets in a dedicated configuration tab (at launch time), instead.

Files

⚠️ WARNING ⚠️

All members of a group project can access the group project storage from self-services launched in their personal project or from the group project. The access is associated to their personal minio token. The group project does not have a minio token.

WE DO NOT RECOMMEND ASSOCIATING A MINIO TOKEN WITH SHARED SERVICES, otherwise other members of the group project could access your personal project storage. We recommend configuring the service with a dedicated minio token with appropriate restrictions, instead.

Project settings

The project settings are shared with all the group project members. If, for example, you add an S3 configuration, it will be available to all members.

Launch services and processes in a group project

Any members of the group projects can launch a service or a process. The launched service or process will be launched in the name of the user but will run in the project namespace, with the resource configuration of the project.

Non-shared services or processes

By default, the launched service (or process) will be visible in “My services” (or “My processes”) only by the user that launched it.

Shared self-services

If at launch time, option “Share the service” (or “Share the process”) is enabled, the service (or process) will be visible in “My services” (or “My processes”) by all the group project members.

⚠️ Be careful with the vault token specified in configuration: as mentionned above, we do not recommend associating a vault token with shared services.

Project service and process catalogues

It is possible to setup service and/or process catalogues with access restricted to the group members. All members of a group project can access these catalogues in new categories in the “Service catalogue” and “Process catalogue” pages.

Please contact the support using the widget (bottom right corner) if you need group-restricted catalogues.

Administration

It is possible at any time and by any member of a group project to get an overview of “who launched what” in the group project namespace. To do so, you need a terminal on EDITO with the “edit” or “admin” Kubernetes roles; for example, you can launch a Jupyter-python with “edit” role. Then, in the terminal, run:

/opt/showRunningServicesAndProcesses.sh

It will output a summary of all the running services and processes with their owner usernames, and indicates if they are shared or not.

Group project administration

For now, group projects are only administrated by EDITO administrators.

Create a group project

Please contact the support using the widget (bottom right corner) and indicate the name for your group project as well as the people you want in it.

Add a new group project member

Please contact the support using the widget (bottom right corner) if you need to add a member to an existing group project.

Work with an external bucket

Some group projects have an external bucket configured to allow for huge storage capacity.

From the Datalab, in the project namespace, go to Project settings and then edit the configuration that has Data source: s3.waw3-1.cloudferro.... You will need the following values:

  • URL

  • Working directory path

  • Access key ID

  • Secret access key

Now in a terminal, using the Minio Client, you can set an alias for the configuration:

mc alias set ALIAS URL ACCESSKEY SECRETKEY

Where:

  • ALIAS: whatever you want, s3 for example

  • URL, ACCESSKEY, SECRETKEY: the ones from above

Now you can run:

mc cp myfile.txt <ALIAS>/<Working directory path>/myfile.txt

What's next?

If you have any questions, problems, or suggestions, please feel free to contact us via chat using the widget available at the bottom right of the page.

Related Articles
How to understand EDITO resources?
EDITO Glossary
Interact with the Data API
Interact with the Service API
Start contributing to EDITO
Did this answer your question?