diff --git a/changelog/seqera-cloud/v25.1.0_cycle5.mdx b/changelog/seqera-cloud/v25.1.0_cycle5.mdx new file mode 100644 index 000000000..d455e27dc --- /dev/null +++ b/changelog/seqera-cloud/v25.1.0_cycle5.mdx @@ -0,0 +1,47 @@ +--- +title: Seqera Cloud v25.1.0_cycle5 +date: 2025-03-19 +tags: [seqera cloud] +--- + +:::note +From Wednesday, February 26, 2025, Seqera endpoints no longer support Windows XP and Safari versions 8 and below (including OSx 10.10 or older). This change is necessary to ensure the security and performance of our services. We recommend updating your operating system and browser version to ensure uninterrupted access to our services. + +Affected endpoints: +- cr.seqera.io +- *.connect.cloud.seqera.io +- intern.seqera.io +- ai.seqera.io +- hub.seqera.io +- cloud.seqera.io +- api.cloud.seqera.io +- user-data.cloud.seqera.io +- tower.nf +- api.tower.nf +- public.cr.seqera.io +- auth.cr.seqera.io +- wave.seqera.io +- licenses.seqera.io +- licman.seqera.io +- api.multiqc.info +::: + +### Feature updates and improvements + +- **Studios** + - Private sessions: When adding a new session, the number of concurrent connections can now be defined in **General Config > Collaboration**. + - Dynamic Studio templates: Labels have been added to indicate the status of support (e.g., *Recommended*, *Deprecated*) for a Studio template version. Users can now also switch the Studio's base template image when starting a session as new. +- **Nextflow** + - Update `WfManifest` class to include the new `icon` property introduced in Nextflow. + - Add a new migration file to add the new icon column into all the tables of entities that use the `WfManifest` class as @Embedded property. +- Audit log update: Pipeline edit events are now logged. +- Added `totalProcesses` count to workflow progress responses. +- Switch AWS Batch compute environment dependencies to AWS SDK v2. +- New workflow job monitoring collects and publishes Platform metrics. +- Support image upload in the pipeline import and pipeline update forms, to be used as pipeline logos. + +### Bug fixes + +- Fixed a bug where resource labels were erroneously editable for the maintain role when starting an existing Studio. +- Fixed a potential `NullPointerException` on code related to Google Batch, where the method is expected to return `null`. +- Fixed an issue where users were not able to remove the organization logo. diff --git a/changelog/seqera-cloud/v25.1.0_cycle7.mdx b/changelog/seqera-cloud/v25.1.0_cycle7.mdx new file mode 100644 index 000000000..cf4eb9b58 --- /dev/null +++ b/changelog/seqera-cloud/v25.1.0_cycle7.mdx @@ -0,0 +1,27 @@ +--- +title: Seqera Cloud v25.1.0_cycle7 +date: 2025-04-23 +tags: [seqera cloud] +--- + +### Feature updates and improvements + +**Data Explorer** + - You can now drag and drop multiple folders or files to upload them to your cloud bucket, or you can select **Upload**, then select multiple files to upload. +**Fusion**: + - The Seqera-optimized AMI is now the default for the single VM compute environment. If no AMI is specified when adding a compute environment, it defaults to the Seqera-optimized AMI. +- Add a more detailed warning for workflow cleanup issues that are related to access restrictions to the AWS Batch compute environment. +- Add support for `array` type parameters in the Launch form. +- Implement support for multiple extension dataset parameters in the input form. +- Delete pipeline secrets in the user context from the provider. +- Switch logs, secrets-manager, marketplace-meter, and simple-email dependencies to AWS SDK v2. +- Show Nextflow config parameters that are binary expressions in the Launch form. +- Add `azure_entra` to the provider list of credentials in the OpenAPI spec. +- Switch AWS S3 to SDK v2. +- Add task status badges with icons to the workflow run tasks table. + +### Bug fixes + +- Modify cache expiration policy to resolve "Connection pool shut down" error with new AWS SDK v2 clients. +- Fix an issue where the workflow details page displays the **Edit Labels** button even when there are no labels, but resource labels are attached to the workflow. +- Fix an issue where the Quick Launch form did not select the primary compute environment by default. \ No newline at end of file diff --git a/changelog/seqera-enterprise/v22.3.mdx b/changelog/seqera-enterprise/v22.3.mdx index 52056e741..97885b055 100644 --- a/changelog/seqera-enterprise/v22.3.mdx +++ b/changelog/seqera-enterprise/v22.3.mdx @@ -98,7 +98,7 @@ This feature is currently only available on Tower Cloud (tower.nf). For more inf - Use of the resource labels feature with AWS Batch requires an update of the IAM policy used by the account running Tower. The required changes can be found [here](https://github.com/seqeralabs/nf-tower-aws/commit/65b4659d93c0639ea95cc96369865b328a17bb15). -- In previous versions, if Tower was configured to [authenticate to AWS via instance role](https://install.tower.nf/22.3/advanced-topics/use-iam-role/), Batch Forge would assign this same IAM Role as the [Head Job role and Compute Job role](https://docs.seqera.io/platform/23.3.0/compute-envs/aws-batch/#advanced-options) of the AWS Batch compute environment it created. As of version 22.3.1, you must explicitly assign these job roles during the AWs Batch compute environment creation process. +- In previous versions, if Tower was configured to [authenticate to AWS via instance role](https://install.tower.nf/22.3/advanced-topics/use-iam-role/), Batch Forge would assign this same IAM Role as the [Head Job role and Compute Job role](https://docs.seqera.io/platform-cloud/compute-envs/aws-batch#advanced-options) of the AWS Batch compute environment it created. As of version 22.3.1, you must explicitly assign these job roles during the AWs Batch compute environment creation process. ### Warnings diff --git a/changelog/seqera-enterprise/v22.4.mdx b/changelog/seqera-enterprise/v22.4.mdx index 54ad38a9d..3075dcf8f 100644 --- a/changelog/seqera-enterprise/v22.4.mdx +++ b/changelog/seqera-enterprise/v22.4.mdx @@ -35,7 +35,7 @@ The **All runs** view is accessible via the user menu. All Tower instances with internet access can now connect to the Seqera Labs Wave container service to leverage its container augmentation and Fusion v2 file system capabilities. See the [Wave containers documentation](https://www.nextflow.io/docs/latest/wave.html) for more information about Wave containers. -The Wave integration also allows for the secure transfer of credentials required to access private registries between services. See the [Tower documentation](https://docs.seqera.io/platform/23.3) to learn how to use the feature in your enterprise installation. +The Wave integration also allows for the secure transfer of credentials required to access private registries between services. See the [Tower documentation](https://docs.seqera.io/platform-cloud) to learn how to use the feature in your enterprise installation. ### Fusion file system support diff --git a/changelog/seqera-enterprise/v23.1.mdx b/changelog/seqera-enterprise/v23.1.mdx index fd93d94b1..8151df5dc 100644 --- a/changelog/seqera-enterprise/v23.1.mdx +++ b/changelog/seqera-enterprise/v23.1.mdx @@ -52,9 +52,9 @@ Several new Tower features over the last few releases require updated AWS IAM pe The Wave containers service uses container registry [credentials](https://docs.seqera.io/platform-enterprise/23.1/credentials/overview) in your Seqera instance to authenticate to your (public or private) container registries. This is separate from your existing cloud provider credentials stored in your Seqera instance. -This means that, for example, AWS ECR (Elastic Container Registry) authentication requires an [ECR container registry credential](https://docs.seqera.io/platform-cloud/23.1/credentials/aws_registry_credentials) if you are running a compute environment with Wave enabled, even if your existing AWS credential in Tower has IAM access to your ECR. +This means that, for example, AWS ECR (Elastic Container Registry) authentication requires an [ECR container registry credential](https://docs.seqera.io/platform-enterprise/23.1/credentials/aws_registry_credentials) if you are running a compute environment with Wave enabled, even if your existing AWS credential in Tower has IAM access to your ECR. -See the relevant [container registry credentials](https://docs.seqera.io/platform-cloud/23.1/credentials/overview) page for provider-specific instructions. +See the relevant [container registry credentials](https://docs.seqera.io/platform-enterprise/23.1/credentials/overview) page for provider-specific instructions. ## Upgrade steps diff --git a/changelog/seqera-enterprise/v23.2.mdx b/changelog/seqera-enterprise/v23.2.mdx index cbf6b7a71..6b45029e8 100644 --- a/changelog/seqera-enterprise/v23.2.mdx +++ b/changelog/seqera-enterprise/v23.2.mdx @@ -54,11 +54,11 @@ Several new Tower features over the last few releases require updated AWS IAM pe ### Wave requires container registry credentials -The Wave containers service uses container registry [credentials](https://docs.seqera.io/platform-cloud/23.2/credentials/overview) in Tower to authenticate to your (public or private) container registries. This is separate from your existing cloud provider credentials stored in Tower. +The Wave containers service uses container registry [credentials](https://docs.seqera.io/platform-enterprise/23.2/credentials/overview) in Tower to authenticate to your (public or private) container registries. This is separate from your existing cloud provider credentials stored in Tower. -This means that, for example, AWS ECR (Elastic Container Registry) authentication requires an [ECR container registry credential](https://docs.seqera.io/platform-cloud/23.2/credentials/aws_registry_credentials) if you are running a compute environment with Wave enabled, even if your existing AWS credential in Tower has IAM access to your ECR. +This means that, for example, AWS ECR (Elastic Container Registry) authentication requires an [ECR container registry credential](https://docs.seqera.io/platform-enterprise/23.2/credentials/aws_registry_credentials) if you are running a compute environment with Wave enabled, even if your existing AWS credential in Tower has IAM access to your ECR. -See the relevant [container registry credentials](https://docs.seqera.io/platform-cloud/23.2/credentials/overview) page for provider-specific instructions. +See the relevant [container registry credentials](https://docs.seqera.io/platform-enterprise/23.2/credentials/overview) page for provider-specific instructions. ## Upgrade steps diff --git a/changelog/seqera-enterprise/v23.4.0.mdx b/changelog/seqera-enterprise/v23.4.0.mdx index 5faa40c2d..305b760a1 100644 --- a/changelog/seqera-enterprise/v23.4.0.mdx +++ b/changelog/seqera-enterprise/v23.4.0.mdx @@ -7,7 +7,7 @@ tags: [seqera enterprise] ### Breaking changes - **Breaking change:** Update `docker-compose` in deployment files to `docker compose`. -- **Breaking change:** SQL migration enhancements for MySQL 5.7 and above (see [Upgrade steps](https://docs.seqera.io/changelog/seqera-enterprise/23.4). +- **Breaking change:** SQL migration enhancements for MySQL 5.7 and above (see [Upgrade steps](https://docs.seqera.io/changelog/seqera-enterprise/v23.4). ### Feature updates and improvements diff --git a/changelog/seqera-enterprise/v23.4.mdx b/changelog/seqera-enterprise/v23.4.mdx index b5e57a5c5..32512db98 100644 --- a/changelog/seqera-enterprise/v23.4.mdx +++ b/changelog/seqera-enterprise/v23.4.mdx @@ -83,8 +83,8 @@ To upgrade your database schema: 1. Make a backup of the Seqera Platform database. If you use the pipeline optimization service and your `groundswell` database resides in a database instance separate from your Seqera database, make a backup of your `groundswell` database as well. 2. Download the 23.4 versions of your deployment templates and update your Seqera container versions: - - [docker-compose.yml](https://docs.seqera.io/assets/files/docker-compose-d00e0de8ffaf5450e7181a8f097da3f9.yml) for Docker Compose deployments - - [tower-cron.yml](https://docs.seqera.io/assets/files/tower-cron-a67d359af51fc5f00f0ae35e630aa27f.yml) and [tower-svc.yml](https://docs.seqera.io/assets/files/tower-svc-69dd889ab195b2eef349f2e14a97af99.yml) for Kubernetes deployments + - [docker-compose.yml](https://docs.seqera.io/platform-enterprise/25.1/enterprise/docker-compose) for Docker Compose deployments + - [tower-cron.yml](https://docs.seqera.io/platform-enterprise/25.1/enterprise/kubernetes) and [tower-svc.yml](https://docs.seqera.io/platform-enterprise/25.1/enterprise/kubernetes) for Kubernetes deployments 3. Restart the application. 4. If you're using a containerized database as part of your implementation: 1. Stop the application. diff --git a/changelog/seqera-enterprise/v24.1.mdx b/changelog/seqera-enterprise/v24.1.mdx index 2b2d32190..60dce62b4 100644 --- a/changelog/seqera-enterprise/v24.1.mdx +++ b/changelog/seqera-enterprise/v24.1.mdx @@ -8,7 +8,7 @@ Seqera Platform Enterprise version 24.1 introduces three new features: Data Stud ## Data Studios -[Data Studios](https://docs.seqera.io/platform-cloud/data_studios) closes the loop from development to deployment and insights, allowing you to create, manage, and share notebook environments in Seqera with the click of a button. Data Studios makes it seamless to work across teams with multi-user support, built-in authentication, and automatic snapshots as you work. +[Data Studios](https://docs.seqera.io/platform-cloud/studios) closes the loop from development to deployment and insights, allowing you to create, manage, and share notebook environments in Seqera with the click of a button. Data Studios makes it seamless to work across teams with multi-user support, built-in authentication, and automatic snapshots as you work. - Host a combination of container images and compute environments for interactive analysis using your preferred tools, like Jupyter notebooks, RStudio, and Visual Studio Code IDEs. - Checkpoints provide a stable point-in-time snapshot. diff --git a/changelog/seqera-enterprise/v24.2.mdx b/changelog/seqera-enterprise/v24.2.mdx index 970bb98de..b4d826e0e 100644 --- a/changelog/seqera-enterprise/v24.2.mdx +++ b/changelog/seqera-enterprise/v24.2.mdx @@ -10,19 +10,19 @@ Seqera Enterprise version 24.2 introduces new Data Studios features, global Next ### Data Studios - - Data Studios now supports [custom environments](https://docs.seqera.io/platform-cloud/24.2/data_studios/custom-envs): + - Data Studios now supports [custom environments](https://docs.seqera.io/platform-enterprise/24.2/data_studios/custom-envs): - Create custom analysis environments, or link to public or private ECR containers. - Custom environment build events are now added to the audit log. The events `data_studio_session_build_started` and `data_studio_session_build_failed` are added to the audit log events table. - Data Studios dashboard: - - A new [dashboard](https://docs.seqera.io/platform-cloud/24.2/monitoring/dashboard#data-studios) provides information about Data Studios usage to help you manage your resources. -- In a GPU instance type [compute environment](https://docs.seqera.io/platform-cloud/24.2/compute-envs/overview), both CPU and GPU resources are supported and can be added to your Data Studio sessions. + - A new [dashboard](https://docs.seqera.io/platform-enterprise/24.2/monitoring/dashboard#data-studios) provides information about Data Studios usage to help you manage your resources. +- In a GPU instance type [compute environment](https://docs.seqera.io/platform-enterprise/24.2/compute-envs/overview), both CPU and GPU resources are supported and can be added to your Data Studio sessions. - NVMe support added. -- EFS volume mounting [is now supported](https://docs.seqera.io/platform-cloud/24.2/data_studios#limitations). +- EFS volume mounting [is now supported](https://docs.seqera.io/platform-enterprise/24.2/data_studios#limitations). - Browse a studio session's mounted data directly from the studio details page using Data Explorer. ### Nextflow configuration updates -- Added a [Global Nextflow config](https://docs.seqera.io/platform-cloud/24.2/launch/advanced#nextflow-config-file) field to all compute environments. This field allows you to define Nextflow configuration values in the compute environment that are then pre-filled in the pipeline Nextflow config file field during launch. +- Added a [Global Nextflow config](https://docs.seqera.io/platform-enterprise/24.2/launch/advanced#nextflow-config-file) field to all compute environments. This field allows you to define Nextflow configuration values in the compute environment that are then pre-filled in the pipeline Nextflow config file field during launch. - Implemented custom launch container logic in the `workflow/launch` API endpoint. This allows you to specify a custom container using the `launchContainer` key in your request body when submitting a workflow execution. For example: ```json { @@ -48,7 +48,7 @@ Seqera Enterprise version 24.2 introduces new Data Studios features, global Next ### Compute environments -- AWS Batch Forge compute environments now support Amazon Linux 2023. Previously, Batch Forge only created compute environments with Amazon Linux2. Seqera now supports [specifying Amazon Linux 2023 ECS-optimized AMIs](https://docs.seqera.io/platform-cloud/24.2/compute-envs/aws-batch#advanced-options) when you create AWS Batch compute environments. AWS-recommended Amazon Linux 2023 AMI names start with `al2023-`. +- AWS Batch Forge compute environments now support Amazon Linux 2023. Previously, Batch Forge only created compute environments with Amazon Linux2. Seqera now supports [specifying Amazon Linux 2023 ECS-optimized AMIs](https://docs.seqera.io/platform-enterprise/24.2/compute-envs/aws-batch#advanced-options) when you create AWS Batch compute environments. AWS-recommended Amazon Linux 2023 AMI names start with `al2023-`. - The Google Life Sciences API will be deprecated in June 2025. A Google Life Sciences API deprecation notice has been added to the Seqera Platform UI. - Tag propagation has been added to the AWS Batch launch templates created by Batch Forge, which propagates resource labels to storage volumes (as well as instances which are the default). @@ -105,7 +105,7 @@ Seqera Enterprise version 24.2 introduces new Data Studios features, global Next Customers will no longer be able to pull Seqera Enterprise container images from the legacy Seqera AWS ECR repository after June 1, 2025. All Seqera Enterprise images must be retrieved via the `cr.seqera.io` container registry after this cutoff date. The installation and configuration templates provided for both [Docker Compose](https://docs.seqera.io/platform-enterprise/24.2/enterprise/docker-compose) and [Kubernetes](https://docs.seqera.io/platform-enterprise/24.2/enterprise/kubernetes) installations already reference the `cr.seqera.io` container image URLs. If you have not yet transitioned to this registry, [contact Support](https://support.seqera.io) to request credentials and for any further assistance. -See [Legacy Seqera container image registries](https://docs.seqera.io/platform-enterprise/24.2/enterprise/advanced-topics/seqera-container-images) for more information on the AWS ECR and other deprecated Seqera container registries. +See [Legacy Seqera container image registries](https://docs.seqera.io/platform-enterprise/25.1/enterprise/advanced-topics/seqera-container-images) for more information on the AWS ECR and other deprecated Seqera container registries. ### Redis version change diff --git a/changelog/seqera-enterprise/v25.1.mdx b/changelog/seqera-enterprise/v25.1.mdx index 5afbcf50d..67c4fbc4c 100644 --- a/changelog/seqera-enterprise/v25.1.mdx +++ b/changelog/seqera-enterprise/v25.1.mdx @@ -73,7 +73,7 @@ The `auth-oidc-secrets` Micronaut environment has been replaced with `oidc-token Customers will no longer be able to pull Seqera Enterprise container images from the legacy Seqera AWS ECR repository after June 1, 2025. All Seqera Enterprise images must be retrieved via the `cr.seqera.io` container registry after this cutoff date. The installation and configuration templates provided for both [Docker Compose](https://docs.seqera.io/platform-enterprise/25.1/enterprise/docker-compose) and [Kubernetes](https://docs.seqera.io/platform-enterprise/25.1/enterprise/kubernetes) installations already reference the `cr.seqera.io` container image URLs. If you have not yet transitioned to this registry, [contact Support](https://support.seqera.io) to request credentials and for any further assistance. -See [Legacy Seqera container image registries](https://docs.seqera.io/platform/25.1/platform-enterprise/advanced-topics/seqera-container-images) for more information on the AWS ECR and other deprecated Seqera container registries. +See [Legacy Seqera container image registries](https://docs.seqera.io/platform-enterprise/25.1/enterprise/advanced-topics/seqera-container-images) for more information on the AWS ECR and other deprecated Seqera container registries. ### Redis version change diff --git a/changelog/wave/v1.5.1.mdx b/changelog/wave/v1.5.1.mdx index 0dd10ca0a..920f951b3 100644 --- a/changelog/wave/v1.5.1.mdx +++ b/changelog/wave/v1.5.1.mdx @@ -9,4 +9,4 @@ tags: [wave] - Fix trace slow endpoint duration by @pditommaso in [fb1eea9](https://github.com/seqeralabs/wave/commit/fb1eea964af5b6f2b0de052bde77e02561ec87e2) - Fix thread pool selection on container controller by @pditommaso in [d882bd4](https://github.com/seqeralabs/wave/commit/d882bd4d1fe156c8123301e36a383a99fc584517) -**Full Changelog**: https://github.com/seqeralabs/wave/compare/v1.5.0...v1.5.1 +**Full changelog**: https://github.com/seqeralabs/wave/compare/v1.5.0...v1.5.1 diff --git a/changelog/wave/v1.5.2.mdx b/changelog/wave/v1.5.2.mdx index 414f91909..0890aef6b 100644 --- a/changelog/wave/v1.5.2.mdx +++ b/changelog/wave/v1.5.2.mdx @@ -8,4 +8,4 @@ tags: [wave] - Fix `No such property: ioExecutor` by @pditommaso in [f603868](https://github.com/seqeralabs/wave/commit/f603868b5fa096ff6532070996ed127b94bdb8a6) -**Full Changelog**: https://github.com/seqeralabs/wave/compare/v1.5.1...v1.5.2 +**Full changelog**: https://github.com/seqeralabs/wave/compare/v1.5.1...v1.5.2 diff --git a/platform-enterprise_versioned_docs/version-25.1/studios/index.mdx b/platform-enterprise_versioned_docs/version-25.1/studios/index.mdx index dab4a6e34..850355f65 100644 --- a/platform-enterprise_versioned_docs/version-25.1/studios/index.mdx +++ b/platform-enterprise_versioned_docs/version-25.1/studios/index.mdx @@ -10,7 +10,7 @@ Studios is a unified platform where you can host a combination of container imag On Seqera Cloud, the free tier permits only one running Studio session at a time. To run simultaneous sessions, [contact Seqera][contact] for a Seqera Cloud Pro license. :::note -Studios in Enterprise is not enabled by default. You can enable Studios in the [environment variables configuration](../../version-25.1/enterprise/studios.mdx). +Studios in Enterprise is not enabled by default. You can enable Studios in the [environment variables configuration](../enterprise/studios.mdx). ::: ## Requirements diff --git a/platform_versioned_docs/platform-cloud/version-25.1/orgs-and-teams/roles.mdx b/platform_versioned_docs/platform-cloud/version-25.1/orgs-and-teams/roles.mdx deleted file mode 100644 index f30196bf8..000000000 --- a/platform_versioned_docs/platform-cloud/version-25.1/orgs-and-teams/roles.mdx +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: "User roles" -description: "Understand the various roles in Seqera Platform." -date: "10 Jun 2024" -tags: [roles, user-roles] ---- - -Organization owners can assign role-based access levels to individual **participants** and **teams** in an organization workspace. - -:::tip -You can group **members** and **collaborators** into **teams** and apply a role to that team. Members and collaborators inherit the access role of the team. -::: - -### Organization user roles - -- **Owner**: After an organization is created, the user who created the organization is the default owner of that organization. Aditional users can be assigned as organization owners. Owners have full read/write access to modify members, teams, collaborators, and settings within an organization. -- **Member**: A member is a user who is internal to the organization. Members have an organization role and can operate in one or more organization workspaces. In each workspace, members have a participant role that defines the permissions granted to them within that workspace. - -### Workspace participant roles - -| Permission / Role | Owner | Admin | Maintain | Launch | Connect | View | -|--------------------------------------------|-------|-------|----------|--------|---------|------| -| **Organization: Settings:** Add, edit, delete | ✔ | ✖ | ✖ | ✖ | ✖ | ✖ | -| **Organization: Workspaces:** Add, delete | ✔ | ✖ | ✖ | ✖ | ✖ | ✖ | -| **Organization: Workspaces:** Edit, change visibility | ✔ | ✔ | ✖ | ✖ | ✖ | ✖ | -| **Organization: Members:** Add, delete, change role | ✔ | ✖ | ✖ | ✖ | ✖ | ✖ | -| **Organization: Teams:** Add, edit, delete | ✔ | ✖ | ✖ | ✖ | ✖ | ✖ | -| **Organization: Teams: Members:** Add, remove | ✔ | ✖ | ✖ | ✖ | ✖ | ✖ | -| **Organization: Teams: Workspaces:** Add, remove, change role | ✔ | ✖ | ✖ | ✖ | ✖ | ✖ | -| **Organization: Collaborators:** Add, edit, delete | ✔ | ✔ | ✖ | ✖ | ✖ | ✖ | -| **Organization: Managed identities:** Add, delete | ✔ | ✖ | ✖ | ✖ | ✖ | ✖ | -| **Organization: Managed identities:** Edit | ✔ | ✔ | ✖ | ✖ | ✖ | ✖ | -| **Organization: Managed identities: Users:** Manage credentials | ✔ | ✖ | ✖ | ✖ | ✖ | ✖ | -| **Workspace: Settings: Studios:** Edit session lifespan | ✔ | ✔ | ✖ | ✖ | ✖ | ✖ | -| **Workspace: Settings: Labels & Resource Labels:** Add, edit, delete | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Compute environments:** Add, rename, make primary, duplicate, delete | ✔ | ✔ | ✖ | ✖ | ✖ | ✖ | -| **Workspace: Actions:** Add, edit, delete | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Credentials:** Add, edit, delete | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Secrets:** Add, edit, delete | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Participants:** Add, remove, change role | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Pipelines:** Launch | ✔ | ✔ | ✔ | ✔ | ✖ | ✖ | -| **Workspace: Pipelines:** View | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | -| **Workspace: Pipelines:** Define input/output parameters | ✔ | ✔ | ✔ | ✔ | ✖ | ✖ | -| **Workspace: Pipelines:** Modify execution configurations | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Pipelines:** Add, edit, duplicate, delete | ✔ | ✔ | ✔ | ✔ | ✖ | ✖ | -| **Workspace: Pipelines:** Modify resource labels | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Pipelines:** Create, modify, delete | ✔ | ✔ | ✖ | ✖ | ✖ | ✖ | -| **Workspace: Pipelines: Run:** Apply labels, relaunch, save as new pipeline | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Pipelines: Run:** Resume, delete, star (favourite) | ✔ | ✔ | ✔ | ✔ | ✖ | ✖ | -| **Workspace: Pipelines:** Modify resource labels | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Datasets:** Add, edit | ✔ | ✔ | ✔ | ✔ | ✖ | ✖ | -| **Workspace: Datasets:** Delete | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Data Explorer:** Upload, download, preview data | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Data Explorer:** Attach, edit, remove buckets | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Data Explorer:** Hide/unhide buckets | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Data Explorer:** Edit bucket metadata | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Studios:** Add, edit, delete a studio | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Studios:** List/search/view studios | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | -| **Workspace: Studios:** Connect to a running session | ✔ | ✔ | ✔ | ✔ | ✔ | ✖ | -| **Workspace: Studios:** Add, edit, delete studio | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Studios:** Edit studio resource labels | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Studios:** Start, stop studio session | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Studios:** Add as new (duplicate studio) | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace: Studios: Checkpoints:** Edit studio checkpoint name | ✔ | ✔ | ✔ | ✖ | ✖ | ✖ | -| **Workspace:** View (read-only) resources | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | - -### Role inheritance - -If a user is concurrently assigned to a workspace as both a named **participant** and member of a **team**, Seqera assigns the higher of the two privilege sets. - -Example: - -- If the participant role is Launch and the team role is Admin, the user will have Admin rights. -- If the participant role is Admin and the team role is Launch, the user will have Admin rights. -- If the participant role is Launch and the team role is Launch, the user will have Launch rights. - -As a best practice, use teams as the primary vehicle for assigning rights within a workspace and only add named participants when one-off privilege escalations are deemed necessary.