The omero user and omero group commands provide functionalities to add and manage users and groups on your database.
New users can be added to the database using the omero user add command:
$ bin/omero user add -h
During the addition of the new user, you will need to specify the first and last name of the new user and their username as well as the groups the user belongs to. To add John Smith as a member of group 2 identified as jsmith, enter:
$ bin/omero user add jsmith John Smith 2
Additional parameters such as the email address, institution, middle name etc can be passed as optional arguments to the omero user add command.
For managing the permissions of restricted administrators OMERO.cli does provide means but that functionality is not yet offered in a friendly manner by the omero user command. The OMERO.web Admin interface is recommended for this task instead.
If you are using ldap as an authentication backend, you can create an OMERO user account for jsmith using the omero ldap create command, which allows the administrator to add jsmith to an OMERO group, before they have ever logged in to OMERO:
$ bin/omero ldap create jsmith
If you want to take an existing (non-LDAP) user and ‘upgrade’ them to using LDAP you can do so using the omero ldap setdn command:
$ bin/omero ldap setdn -h
The process is also reversible so that the OMERO password for a user rather than the LDAP password will be used. See the caveat in the setdn help output below:
usage: bin/omero ldap setdn [-h] [--user-id USER_ID] [--user-name USER_NAME]
[--group-id GROUP_ID] [--group-name GROUP_NAME]
[-C] [-s SERVER] [-p PORT] [-g GROUP] [-u USER]
[-w PASSWORD] [-k KEY] [--sudo ADMINUSER] [-q]
choice
Enable LDAP login for user (admins only)
Once LDAP login is enabled for a user, the password set via OMERO is
ignored, and any attempt to change it will result in an error. When
you disable LDAP login, the previous password will be in effect, but if the
user never had a password, one will need to be set!
Positional Arguments:
choice Enable/disable LDAP login (true/false)
Optional Arguments:
In addition to any higher level options
-h, --help show this help message and exit
--user-id USER_ID ID of the user.
--user-name USER_NAME Name of the user.
--group-id GROUP_ID ID of the group.
--group-name GROUP_NAME Name of the group.
Login arguments:
Environment variables:
OMERO_USERDIR Set the base directory containing the user's files.
Default: $HOME/omero
OMERO_SESSIONDIR Set the base directory containing local sessions.
Default: $OMERO_USERDIR/sessions
OMERO_TMPDIR Set the base directory containing temporary files.
Default: $OMERO_USERDIR/tmp
Optional session arguments:
-C, --create Create a new session regardless of existing ones
-s SERVER, --server SERVER OMERO server hostname
-p PORT, --port PORT OMERO server port
-g GROUP, --group GROUP OMERO server default group
-u USER, --user USER OMERO username
-w PASSWORD, --password PASSWORD OMERO password
-k KEY, --key KEY OMERO session key (UUID of an active session)
--sudo ADMINUSER Create session as this admin. Changes meaning of password!
-q, --quiet Quiet mode. Causes most warning and diagnostic messages to be suppressed.
New groups can be added to the database using the omero group add command:
$ bin/omero group add -h
During the addition of the new group, you need to specify the name of the new group:
$ bin/omero group add newgroup
The permissions of the group are set to private by default. Alternatively you can specify the permissions using --perms or --type optional arguments:
$ bin/omero group add read-only-1 --perms='rwr---'
$ bin/omero group add read-annotate-1 --type=read-annotate
See also
Lists of users/groups on the OMERO server can be queried using the omero user list and omero group list commands:
$ bin/omero user list
$ bin/omero group list
Users can be added to existing groups using the omero user joingroup or omero group adduser commands. Similarly, users can be removed from existing groups using the omero user leavegroup or omero group removeuser commands:
# Add jsmith to group read-annotate-1
$ bin/omero group adduser jsmith --name=read-annotate-1
# Remove jsmith from group read-annotate-1
$ bin/omero group removeuser jsmith --name=read-annotate-1
# Add jsmith to group read-only-1
$ bin/omero user joingroup read-only-1 --name=jsmith
# Remove jsmith from group read-only-1
$ bin/omero user leavegroup read-only-1 --name=jsmith
By passing the --as-owner option, these commands can also be used to manage group owners
# Add jsmith to the owner list of group read-annotate-1
$ bin/omero group adduser jsmith --name=read-annotate-1 --as-owner
# Remove jsmith from the owner list of group read-annotate-1
$ bin/omero user leavegroup read-annotate-1 --name=jsmith --as-owner
To create a copy of a group, you must first create a new group using the omero group add command:
$ bin/omero group add read-only-2 --perms='rwr---'
Then you can use the omero group copyusers command to copy all group members from one group to another:
$ bin/omero group copyusers read-only-1 read-only-2
To copy the group owners, use the same command with the --as-owner optional argument:
$ bin/omero group copyusers read-only-1 read-only-2 --as-owner