Article on data access authorization and responsibility

docs/data_management/res/cheaha_individual_account.csv

@@ -0,0 +1,8 @@
+Responsibilities,User,Supervisor,Research Computing
+Sponsor external collaborator,Yes ✔️,Yes ✔️,Yes ✔️
+Create personal Cheaha account,Yes ✔️,,
+Move unused data to LTS or archive,Yes ✔️,,
+Manage backup plans,Yes ✔️,,
+"Data Security Control <br> Administrative (authorization and access)",Yes ✔️,[With Security Exception](#security-exceptions-for-accessing-former-uab-personnel-data),
+"Data Security Controls: <br> Technical (encryption, firewall, etc.)" ,,,Yes ✔️
+"Data Security Controls: <br> Physical (locks, cameras, sign-ins, etc.)" ,,,Yes ✔️

docs/data_management/res/cheaha_project_directory.csv

@@ -0,0 +1,17 @@
+Responsibilities,PI,Manager,Members,Research Computing
+Move unused shared data to LTS/archive,Yes ✔️,Yes ✔️,Yes ✔️,
+Manage backup and recovery,Yes ✔️,Yes ✔️,Yes ✔️,
+Ensure proper usage of shared storage,Yes ✔️,Yes ✔️,Yes ✔️,
+Add/remove member to/from the project space,Yes ✔️,Yes ✔️,,Must be approved by PI/Manager
+Hardware capital expenses,beyond default quota,,,up to default quota
+"Data center hosting expenses <br> (until end of vendor service contract)",,,,Yes ✔️
+Periodically check group membership,Yes ✔️,Yes ✔️,,
+Grant access to users to a specific folder,Yes ✔️,Yes ✔️,,
+Oversee and update access controls,Yes ✔️,Yes ✔️,,
+"Data Security Controls: <br> Administrative (authorization and access)",Yes ✔️,,,
+"Data Security Controls: <br> Technical (encryption, firewall, etc.)" ,,,,Yes ✔️
+"Data Security Controls: <br> Physical (locks, cameras, sign-ins, etc.)" ,,,,Yes ✔️
+Request a project directory,Yes ✔️,,,
+Obtaining security exceptions when required,Yes ✔️,,,
+Creating and maintaining metadata,Yes ✔️,,,
+Creating a project directory,,,,Upon PI's request

docs/data_management/research_data_responsibilities.md

@@ -0,0 +1,43 @@
+# Research Data Responsibilities
+
+Data access responsibilities are a critical part of managing and securing research data and resources. These responsibilities ensure only authorized individuals have access to specified data, and maintain security, compliance, and operational efficiency.
+
+Data access responsibilities come from applicable laws and regulations, grant funding agency requirements, and UAB institutional policies. If you have questions, concerns, or wish to discuss, please [Contact Us](../help/support.md).
+
+## Shared Allocation
+
+A shared allocation is owned by a PI of a Lab or director of Core facility. It is designed for sharing research data among staff, and collaborators where permissions and access control are typically managed by the PI/director or designated administrators/manager.
+
+Shared storage owners, staff and students are responsible for overseeing and managing the allocations, including granting access to specific folders. However, Research Computing may provide support in certain cases. For example, if a folder becomes "locked" (i.e., no group members can change its permissions or access it), the owner of the allocation or the folder should submit a request for us to fix the issue. In addition, if you need assistance configuring or reconfiguring permissions, we can provide support as a convenience. Simply send us a request via <[email protected]>.
+
+{{ read_csv('data_management/res/cheaha_project_directory.csv', keep_default_na=False) }}
+
+## Individual Allocation
+
+Individual allocations are intended for personal or individual use and are available to all UAB affiliated individuals or UAB employee's sponsored Collaborator. It is tied to the individual’s email and provide 5 TB of home/user directory on Cheaha and additional 5 TB of LTS allocation.
+
+{{ read_csv('data_management/res/cheaha_individual_account.csv', keep_default_na=False) }}
+
+## Data Archival and Backup Procedures
+
+Researchers and users of Cheaha are responsible to organize data, archive inactive files, and back up critical data. For backup and archival solutions, please review our [Data Responsibilities and Procedures](./index.md#data-responsibilities-and-procedures) page. If you need backup and Archival assistance, we can discuss options based on your use cases. Please send us a support ticket via <[email protected]>.
+
+## Security Exceptions for Accessing Former UAB Personnel Data
+
+UAB IT has a process for granting access to data of former researchers or collaborators who are no longer with the institution. This process ensures compliance with regulatory protocols.
+
+To request access to data of former UAB user, the first step is to fill out the [Third-Party Data Access form](https://uabprod.service-now.com/service_portal?id=sc_cat_item&sys_id=bd3721e2374c27c0daa253b543990e5d). In the “justification/description” field specify that you are requesting access to data for `<BlazerId>` on GPFS at the Research Computing System. Once submitted this form, a ticket is created and routed to the appropriate reviewers for authorization.
+
+If the owner of the data was your student or staff in your lab, then the first choice is probably best (two-levels up supervisor). If the data owner was in a different department or special approval is required (for example a professor in the dept of medicine wanting access to data from a student in the school of engineering), select "Dean, C-level, or Trusted Designee" for the "Approval Type" field. If written approval can be provided directly by the former personnel, you can bypassed completing the form for request.
+
+To simplify data access and management, it is recommended to store critical research data in shared storage areas that are accessible to or owned by the responsible PI, with ownership transfer initiated as needed. If you need help with data management processes, please send us a support ticket via <[email protected]>, and we will guide you through these steps.
+
+## User responsibilities with UAB-IT policies
+
+All PIs, Core directors, researchers, students, users of UAB-owned computer systems, including Research Computing system, are responsible for adhering to the data and computing infrastructure policies set by UAB-IT.
+
+- [Overall IT policy page](https://www.uab.edu/it/home/policies).
+- [Acceptable Use Policy](https://secure4.compliancebridge.com/uab/portal/getdoc.php?file=300).
+- [Data Protection and Security Policy](https://secure4.compliancebridge.com/uab/portal/getdoc.php?file=302).
+- [Data Access Policy](https://secure4.compliancebridge.com/uab/portal/getdoc.php?file=301).
+- [Data Classification](https://www.uab.edu/it/home/policies/data-classification/classification-overview).

mkdocs.yml

@@ -128,6 +128,7 @@ nav:
           - RClone: data_management/transfer/rclone.md
           - FileZilla: data_management/transfer/filezilla.md
       - Code Storage: data_management/code_storage.md
+      - Research Data Responsibilities: data_management/research_data_responsibilities.md
   - Workflow Solutions:
       - Using the Shell: workflow_solutions/shell.md
       - Using Anaconda: workflow_solutions/using_anaconda.md