Top


Introduction

This section brings together descriptions of common workflows for Facility Managers and links to useful sections of User Help and technical documentation.

Installation and configuration

Documentation covering the installation and configuration of the OMERO server is in the System Administrator documentation on the main OME website.

Specifications for hardware

This is a frequently asked question, and the simplistic (if slightly unhelpful) answer is the best you can manage.

Apart from basic CPU number, speed and physical disk size, there are a number of other issues to be taken into account, including the nature of the storage being used for the data, the connection type, and the speed of the network used to access the server.

Examples of system specifications and set-ups for production OMERO servers have kindly been provided by a number of institutes to serve as illustrations of working systems. These are shown in the Example production server set-ups page on the OME website.


Using OMERO

Details on downloading the OMERO clients and accessing the OMERO server are in Getting Started with OMERO.insight in User Help.

Details on accessing OMERO with the OMERO.web client are in the Using the OMERO.web Client section of User Help.

Details of the command line interface OMERO.cli are in the OME documentation.


Permissions on OMERO

Users in OMERO can be assigned to four roles that offer different permission levels: Administrator, Restricted Administrator, Group Owner and Member. Each role allows different actions to be performed on a user's own, or other user's data, and certain administrative tasks.

In brief, and practically speaking, Administrators can do anything they like to any user's data, in any group (except annotate in Private groups) and Group Owners can do anything to any user'’s data in the groups they own. Restricted Administrators were introduced in OMERO 5.4.0 and can be granted a subset of Administrator privileges.

Administrators with restricted privileges can have varying levels of specific permissions, see system administrator documentation section Administrators with restricted privileges. Their additional (above Member) specific permissions, such as the ability to import for others or organize other users' data, are independent of their group ownership or membership.

Full details of the permissions for each level of user are shown in the User Roles table in the Sharing data section of User Help.


Access control, authentication, user accounts

The recommended way to control access to the OMERO server is to configure integration with your institute’'s authentication system (most commonly LDAP).

See the documentation for LDAP configuration for details. Instructions for using Active Directory included on this page.

Using LDAP authentication means new user accounts are created, and the user placed in the default group, the first time a user logs in, substantially reducing the administration load. Any change in the LDAP password by the user will then be reflected in the OMERO login.

With LDAP authentication configured, an administrator can still create new accounts for non-LDAP users. In general, OMERO.web offers the best interface for administrative tasks.


Users from other institutions

It is recommended to adopt a policy where users who do not have LDAP logins, such as external collaborators, must apply for guest accounts at the host institute if they wish to access the OMERO server.

This ensures that the identities of such users are correctly verified, they sign up to the standard terms and conditions of use agreements of the host institute, and the burden of authentication security such as reminders of regular password changes does not fall on the OMERO server administrator.


Managing Groups

Group structures and permissions are completely flexible in OMERO, so it is worthwhile taking some time to draw up a policy for the structure and naming of groups on your OMERO server that will meet the requirements of your facility.

In Life Sciences institutes, groups generally reflect the laboratory structure of the institute, with groups for each lab, groups containing members from different labs for cross-lab collaborative projects, and groups for cross-facility and inter-institution collaboration.

PIs or laboratory leaders are usually made Group Owners of their lab groups, which enables them to add new members to their groups and import and manage data for users who are members of their groups. Groups may have more than one owner. The permissions for these groups are most commonly set as Read-Annotate, although Read-Write might be more appropriate in some cases.

Administrators and Group Owners can change group permissions between Private, Read-Only and Read-Annotate. Only Administrators can change a group to Read-Write. Full details of permissions can be seen in the System Administrator documentation.

Note

If permissions are reduced to Private when one member has created output from another member's image in the group using a script, e.g. made a projection, the permissions change will fail.


Default groups

Most facilities use a default group that a new user is automatically allocated to when they first log on and create an account using the LDAP or similar authentication system, or when an account is created for them by the Admin. Typically this group would be Private.

If the user is also made a member of their lab or other groups, they can set any group as their default group. This group will be then shown in the data tree each time they log in.

For details on how users can change their default group see Changing your default group in the Sharing Data section of User Help.

Administrators can set or change the default group for a user through the Admin tab in OMERO.web or the Administration tab in OMERO.insight.

Note

Although the Administration functions are shown for both OMERO.web and OMERO.insight, the OMERO.web Admin tools are recommended for ease of use over the OMERO.insight Administration tools.


OMERO.web

  1. Click on Admin in the top toolbar.

    In the Users tab, find user by filtering.

    Click on the Edit button.

    Select the new default group from the drop-down list.

    Click Save.


    ../images/facilityManagerDefaultWeb.jpg


OMERO.insight

  1. Select the Administrator tab in the left hand pane.

    Select a group of which the user is already a member.

    Select the user from the group members.

    In the right-hand pane, select the new default group from the drop-down list.

    Click Save.


    ../images/facilityManagerDefaultInsight.jpg


Creating groups and users


OMERO.web

  1. Click on Admin in the top toolbar.

    Click on the Groups tab.

    Click on the Add new Group button.

    Fill in the details.

    Add group owners and members.

    Click to select the permissions level.

    Click Save.


    ../images/facilityManagerGroupWeb.jpg


  2. Click on the Users tab.

    Click on the Add new User button.

    Fill in the details.

    Add a group to make the user a member of it.

    Select the user’s default group in the drop-down list.

    Click Save.


    ../images/facilityManagerUserWeb.jpg

OMERO.insight

  1. Select the Administrator tab in the left hand pane.

    Select New Group from the button drop-down menu.

    Enter the group name.

    Click to select the Permissions level.

    Add the group owner's details.

    Click Create to save the new group.


  2. ../images/facilityManagerGroupInsight.jpg

  3. Right-click on the Group tab.

    Select the New User entry.

    Fill in the details.

    Click to select if group owner or administrator.

    Add groups to make the user a member of them.

    Click Create to save the new user.


    ../images/facilityManagerUserInsight.jpg



Creating Administrators with restricted privileges

This requires using the OMERO.web Admin tool.

Both Administrators with restricted privileges (Restricted Administrators) and Administrators with full privileges can create Restricted Administrators. The privileges of the new Restricted Administrators cannot exceed the privileges of the creating user. Privileges (checkboxes) which the creator does not possess themselves will be disabled in the OMERO.web Admin tool.

This workflow is not implemented in OMERO.insight.


OMERO.web

  1. Click on Admin in the top toolbar.

    Click on the Users tab.

    Click on the Add new User button.

    Fill in the details.

    Click on the radio button Administrator with restricted privileges in line Role.

    Hover with mouse over the checkboxes to see short descriptions of the privileges.

    Fill in the table Choose user privileges by checking the checkboxes.

    Click Save.


    ../images/facilityManagerLightAdminWeb.jpg

Removing a user from a group

Do not remove users from a group where they own data - make sure the data is moved or assigned to a new owner first.

This action requires using the OMERO.web Admin tool and there are two ways to do it:


OMERO.web

  1. Click on Admin in the top toolbar.

    Click on the Groups tab.

    Click on the Edit Group button.

    Click on the x to the right of the user's name in the members or owners list.

    Click Save to complete the change.


    ../images/facilityManagerRemoveGroup.jpg


  2. or
  3. Click on the Users tab.

    Click on the Edit User button.

    Click on the x to the right of the group's name in the Groups list.

    Click Save to complete the change.


    ../images/facilityManagerRemoveUser.jpg


Moving Data

Data can be moved to another group by the data owner (provided they are a member of both groups) or by an administrator (including a restricted administrator with the correct privileges) at any time. A group owner will need to use OMERO.cli to change ownership of the data to themselves before they can move it and must be a member of the target group.


OMERO.web

  1. Right-click on the data to be moved and select Move to Group ... .

    Select the destination from the pop-up window.


    ../images/sharingDataMoveWeb.jpg

OMERO.insight

  1. Right-click on the data to be moved and select Move to Group ... .

    Select the destination group from options.


    ../images/facilityManagerMoveInsight.jpg

Note

Guides for using the Command Line Interface (CLI) are available:

  • Moving data between groups (chgrp) - possible for administrators (either full or restricted admins with the correct privileges), and data owners if they are a member of the target group.
  • Changing ownership of data (chown) - possible for administrators (either full or restricted admins with the correct privileges), and group owners provided the target user is a member of their group.


Importing


Import for another user

Any data imported by a user will be owned by them and will be in a group of which they are a member. For details on importing see Importing Data.

Administrators can import data for any user i.e. the data will belong to that user (in OMERO.insight and OMERO.importer, they will need to be members of the target group but in OMERO.cli they can import for users to any group)

Similarly a Group Owner can import for other members of their group.


  1. Select image data to be imported.

    Click the right Add arrow.

    In the Import Location window select from the Group drop-down box.

    Select the user to import for from the Import For drop-down box.

    The Project and Dataset drop-down boxes will list the projects and datasets available for the selected user.


    ../images/facilityManagerImportFor.jpg


OMERO.dropbox

OMERO.dropbox monitors designated folders on a storage system, detects newly uploaded files and runs a fully automatic import of those files to the OMERO server if possible. User Help for OMERO.dropbox is in the Using OMERO.dropbox page.

OMERO.dropbox runs on the same machine as the OMERO server and is started automatically when the OMERO.server starts and it will run subject to prerequisites being met. Full details on configuring and using OMERO.dropbox are in the sysadmin documentation OMERO.dropbox page.


Data structure

OMERO supports a Project - Dataset - Image structure for conventional image data and a Screen - Plate - Run - Well - Field structure for High Content Screening data.

New containers can be created at the time of import or from the data tree in the left-hand pane.

OMERO.insight

  1. Click on New Container icon or Right-click in the data tree to create a new Project or Dataset.


    ../images/facilityManagerNewInsight.jpg

  2. Click on Screens tab and on New Container icon or Right-click in the data tree to create a new Screen.


    ../images/facilityManagerScreenInsight.jpg


OMERO.web

  1. Select the data of the user you want to create new objects for ("Polly Stack" is selected in the screenshot). All newly created objects will belong to the selected user. Click on New Project, New Dataset or New Screen icon or Right-click in the data tree to create a new Project, Dataset or Screen. Right-clicking on Project and creating Dataset will create a Dataset linked to the Project. Link between the Project and Dataset will belong to the selected user too. Only Administrators or Restricted Administrators can create objects for other users. Restricted Administrators need to have "Write Data" permission to create objects for others.


    ../images/facilityManagerNewWeb.jpg


Measurement and analysis

OMERO.insight has a Measurement Tool that enables Regions of Interest (ROIs) to be drawn on images, and then basic intensity analysis to be performed. Details on how to use it are in the ROIs and Measuring Tool section of the Help.

There are a number of standard scripts shipped with OMERO, and the Administrator can add additional scripts to the repository so they run on the OMERO server and are available in the scripts menu of both clients.


../images/facilityManagerScripts.jpg

More complex analysis can be done using the OMERO API that allows scripts written in Python, Matlab and other languages to use data from the OMERO server and save results back to the server.

Further details of using MATLAB and Python in conjunction with OMERO are in the Matlab and Python section of the developer documentation.

Details on Using the OMERO API are in the OME developer documentation.

OMERO.mtools is a suite of MATLAB-based tools which allow you to perform common image analysis tasks on images stored in an OMERO server. OMERO.mtools has its own GUI and only requires an installation of MCR (MATLAB Compiler Runtime) to run.


ImageJ and Fiji

Using the OMERO.insight plugin, ImageJ and Fiji can be used to open and view images on the OMERO server, draw ROIs and save the ROIs back to the OMERO server. Results of analysis performed in ImageJ or Fiji can be saved back to the OMERO server, attached as a file to the associated image. Full details of how to install the OMERO.insight plugin, and the workflows for using ImageJ and Fiji with OMERO are in the Using ImageJ with OMERO section of the User Help.


Disk usage

System administrators can view disk usage using the OMERO.web Admin tab. The disk usage reported reflects only the image data owned by the users or groups. Files that are uploaded, or created in situ, and attached to Projects, Datasets or Images, are not included in the disk usage statistics.

  1. Click on the Statistics tab to see the disk usage for all users and groups on the OMERO server.


    ../images/facilityManagerStats.jpg


Emailing users

The OMERO server can be configured so that administrators can use the OMERO.web Admin screen to email users through the OMERO system. Details on the configuration properties for mail are on Configuration properties glossary in the sysadmin documentation.

Recipients can be selected from all users, specific users or specific groups.

  1. Click on the Email tab to send emails to OMERO users or groups.


    ../images/sharingDataEmail.jpg


Upgrading

OMERO and Bio-Formats are developed and released independently, so new releases of Bio-Formats that address bugs or enable new data type handling are not held up by OMERO development and vice versa.

OMERO point releases, i.e. 5.2.x, occur regularly, and clients and servers are backwardly compatible for these. This is not the case for breaking releases, i.e. 5.x.0.

Given the number of server operating systems, clients and components involved in OMERO, the matrix of versions and compatibility is large. If you are in any doubt about the suitability for upgrade of your particular installation, draw on the wide experience of the OMERO community via the forums or mailing lists page, giving as much detail as you can.


Using OMERO for publication

Public groups can be used to make data accessible without the need for authentication. The permissions on the public group are usually set to Read-Only. In order for a user to be able to place data in the public group, they must ask the Administrator to make them a member of the group. Details on how to configure public groups and make them publicly accessible on the OMERO server are in the Public user section of the system administrator documentation.

As data in a public group is accessible without login credentials, this enables image thumbnails, from the OMERO server, and links to open images in the full OMERO.web viewer, to be embedded in any HTML-based page. Details of how to embed thumbnails and links in web pages or Wikis are in the User Help Publishing with OMERO section.

The full OMERO.web viewer can be embedded in pages as a customisable OMERO viewport. The level of interactivity can be set by adding buttons, links or scalebars etc. as desired. Details on the viewport can be seen in Customizing the content of the embedded OMERO.web viewport.

OMERO is widely used as the basis for public data repositories. OMERO.gallery provides a basic gallery front end based on the Group-Project-Dataset-Image, and is a good starting point to develop a bespoke front end. Full documentation on how to set up OMERO as a public repository and details of customisation options can be found in the OMERO Repository documentation.


Getting users started

Experience indicates that including a short introduction to OMERO when users have their induction to the microscopy facility is a very effective way of getting them started. This helps avoid confusion when the users are establishing their data workflows and setting up file storage systems. It also ensures that the OMERO server names are correctly entered, login works, and users are members of the appropriate groups and can import data into these from the start.

There are a number of training resources available on the User Help website, including printable “Getting Started” sections, which can be customised with URLs and server names. Details are on the Training Course Material page.

For more extensive group training sessions, the individual chapters of the training material can be customised and the OME team can be contacted via the Support page, for help with organising and running training sessions either on-site, depending on location, or online.



All Tutorial Material is available on line at: help.openmicroscopy.org

The Main OME website is at: www.openmicroscopy.org