Every Data, Execution, Sample and Collection has a single owner - typically the user responsible for creating them. Owners have full access to the object, and have the ability to remove them entirely.

In addition, each of these objects can have other users associated, with the ability to access the object, access and edit the object, or access and edit and share the object with others. These can be controlled by going to the object's page and clicking 'Edit' (which will only appear if you have the relevant permissions).

All these objects can also be either private (the default) or public. Public objects can always be viewed by anyone, regarless of whether they have been given access or even if they are signed in or not.

In general, permissions cascade downwards - permissions given to an Execution will apply to its produced Data, permissions given to Samples will apply to any Executions and Data run within them, etc. There are some important exceptions though:

• If the Execution owner does not own some of the produced Data, that Data will not automatically inhertit permissions from the Execution.

• If an Execution is part of a Sample and the owner of the Execution is not the owner of the Sample, then by default it will not inherit permissions from the Execution (though this can easily be enabled). This is to avoid situations where a user may use data from a private Sample that they have been given access to, possibly without realising that everything they in turn produce is part of the Sample, and then get surprised when the original Sample is made public.