Workspace Restrictions
Restrictions are statements or documents that a user of a workspace must agree to prior to being granted access to the workspace. They can be applied by the Tenant Administrator (TA), Workspace Owner or Workspace Administrator at any time, and can be used to record the acceptance of Data Use Agreements or Data Use Conditions that restrict the researcher in some way. For example, the data can only be used for non-commercial purposes, or a particular citation is required for any publications created as a result of working with the data.
A user with the permissions to do so, can apply restrictions to a workspace upon creation or any time after. Restrictions cannot be applied to pending or hibernated workspaces.
Applying Restrictions
As a user with permission to create restrictions, on the Edit workspace page (or when first creating a workspace), expand the Workspace restrictions section. You will be presented with the option to add restrictions and a table view of existing restrictions. Click + Add Restriction.
You will be prompted to select the type of restrictions. Aridhia has the intention to add further restrictions that align with the GA4GH Data Use Ontology standard. More information on this standard can be found here. There are currently two types of restrictions that can be added: User-defined and Non-commercial project.
User-defined is the default restriction type. It allows the administrator to enter free form text using the text editor to specify the restrictions that the user will need to agree to before access to a workspace is granted.
Data Use Agreements (DUA)
The user can either detail all of the details in this space, or provide a short description for an attached or linked data use agreement (DUA).
A tool to help standardise DUAs is the Health Data Research (HDR) Data Access Agreement (DAA) template. This is a document that provides guidance and best practice for drafting DUAs for health data research in the UK. The template covers topics such as the purpose and scope of data use, the roles and responsibilities of data providers and users, the data security and governance arrangements, the reporting and publication requirements, and the dispute resolution mechanisms.
Type the description of the restriction into the text field. You can use the icon controls for formatting or enter text using the Markdown format. When using Markdown, the Preview button can be used to show how that entry will be presented.
Below: Entering a restriction using Markdown
Below: Viewing the Markdown as it will be presented using ‘Preview’
After you have added the description, you can attach a file or link to your DUA (if you have selected to do so).
The Non-commercial project restrictions will configure the workspace as ‘non-commercial’, indicating that users agree that the data within the workspace will be used for non-commercial purposes only. As this capability is developed further, this meta-data will be available as part of the data access request process to allow for more rigorous data use condition enforcement.
When a restriction is created, it can be edited or deleted. To apply the restriction to the workspace, select Update workspace.
When restrictions have been added to a workspace, a padlock icon is shown. A locked padlock indicates that the user cannot enter the workspace until restrictions have been accepted. An open padlock indicates that the user has accepted the restrictions and can access the workspace.
Viewing restrictions
Administrators and workspace members view the applied restrictions using the View Restrictions menu item on the workspace card.
Accepting restrictions as a member of the workspace
A workspace user will be prevented from re-entering a workspace while there are outstanding restrictions that require acceptance. The workspace card will have a padlock icon to indicate that the workspace is currently inaccessible. A tool tip will inform the user that pending restrictions require agreement before they can access the workspace.
A Review Restrictions button will be available.
Restrictions will be presented in a list, along with links to any downloadable DUAs. The user can accept all restrictions by clicking Accept.
Upon doing so, the padlock icon will change and the user can access the workspace as normal.
All restriction events are audited: creation, deletion, and acceptance. Restriction acceptance is audited at the time of acceptance against the workspace audit log. The following shows audit entries for the creation of a restriction and the acceptance of the same restriction by a workspace user.
Removing a restriction
N.B.: At present, TAs are the only role capable of removing workspace restrictions.
To delete a restriction, open the Edit workspace page and select the Remove icon.
You will have the option to Undo the remove before committing to the change.
To commit to the removal, select the Terms & Conditions check box and Update Workspace. The restriction will be removed, the removal audited within the workspace, and the padlock icon will no longer be shown on the workspace card.