In the Rhino Federated Computing Platform (FCP), a Project forms the core organizational unit that encapsulates a distinct data analysis or research initiative. To create a project, you'll need to ensure that you are logged into Rhino FCP, then enter the details of the project, including permissions.
Prerequisites
Before you begin, complete the following.
- Ensure that you have a login for Rhino FCP.
- Optionally, review the site level and project level permission information (see the information later in this article) so that you'll know what to select when you create your project.
Logging into Rhino FCP
To log into Rhino FCP, complete the following steps.
To log into the Rhino FCP, navigate to https://dashboard.rhinohealth.com/login in your web browser. There are three ways to login to the FCP.
- Username and Password
- If this is your first time logging into the platform, you will be required to change your password from the temporary one sent to you during onboarding
- Note: If you have not received your credentials or are not prompted to change your password, please contact support@rhinohealth.com.
- Google Single Sign-on (SSO)
- Click the button and follow the prompts to log in with your Google credentials
- Azure Single Sign-on (SSO)
- Click the button and follow the prompts to log in with your Azure credentials
If you encounter any issues while attempting to log in, please contact support@rhinohealth.com.
Creating a New Project (Step-by-Step Instruction)
To create a new project, complete the following:
- Select Projects on the left side of the screen to open the Projects screen.
- Select the Add New Project button in the upper right corner of the screen to open the Create a New Project screen.
- Add a name and a description.
- Select Permissions Policy to expand the screen.
- Project leads configure permissions during project creation. There are two levels of project permissions:
- Project-level permissions: These are privacy settings and permissions configured at the project level for all participants. Rhino configures default project-level permissions, but the project lead can modify them.
- Site-level permissions: These permissions are configured at the site level and can be reviewed and adjusted by each collaborator. Site-level permissions require approval before a collaborator can join the project. Project leads and other authorized personnel can create templates for site-level permissions.
- Templates streamline the process of customizing site-level permissions. For example, a site might want to enforce k-anonymization with a k-parameter of 100. Including this setting in a template ensures consistency across new projects. You will know if you have templates available if an option for templates appears on the screen:
-
- If the expanded Create a New Project screen does not display template options, the default template is available, and you can modify project-level and site-level permission policies as needed.
- If the expanded Create a New Project screen does display template options, select the desired permission policy template. The default template is displayed.
- Configure the permissions using the following information.
Personas
User Personas define a set of predefined privileges and access rights that are assigned to a particular category of users within the Rhino FCP. These roles streamline permission management by grouping users based on their responsibilities, ensuring that each user has appropriate access levels to perform their tasks while maintaining security and data integrity.
| Persona | Description |
| PLA - Project Lead, Admin | The workgroup admin for the workgroup that created the project |
| PLM - Project Lead, Member | Every non-admin member of the workgroup that created the project |
| MA - My site, Admin | The workgroup admin for your workgroup (relevant only to site-level permissions) |
| MM - My site, Member | Every non-admin member from your workgroup (relevant only to site-level permissions) |
| CA - Collaborator, Admin | The workgroup admin for a workgroup that has been invited to collaborate on a project |
| CM - Collaborator, Member | Every non-admin member of a workgroup that has been invited to collaborate on a project |
Project-Level Permission Policies
Project-Level permissions policies define who has the ability to perform certain actions within the Project. It also allows you to define certain project-level parameters. The Project Lead can enable and limit access to certain functions for specific personas in the Project. Actions included under the Project-level Permissions Policy are:
| Action | Description | Default Policy |
| Differential Privacy Setting |
(Privacy filter) - Control the level of noise (if any) is
added
to data when calculating metrics: - None: Noise is never added. - Low: Noise is only added when calculating percentiles. - Medium: Noise is added for percentiles and other standard metrics when the number of unique values is small. - High: Noise is always added when calculating metrics. |
Medium |
| K-Anonymization Parameter | (Privacy filter) - Subgroups smaller than K will be excluded from summary statistics | 5 |
| Download Model Parameters | Download model parameters for models trained as part of the project. | PLA, PLM |
| Hide Collaborators | Indicates whether to allow collaborators in this project to view information (e.g. names, activities) about other collaborators. Selecting No allows the collaborators to see each other's information. Selecting Yes, hides collaborator information from other collaborators, including what would be shown in the recent activities list, notifications, and the list of collaborators in the project. Note that if you hide collaborators, and you set other permissions to include CA and/or CM, you will see a message indicating that CA/CM cannot be used in permissions when the project is set to use hidden collaborators. | No |
| Manage Code Objects | Create, modify, and remove Code Objects. | PLA, PLM |
| Manage Code Runs | Modify and remove Code Runs associated with this site. | PLA, PLM |
| Manage Data Schemas | Create, modify, and remove Data Schemas in the project. | CA, CM, PLA, PLM |
| Require Confidential Computing | Setting this permission to Yes allows your code to run on a Rhino Client within a Trusted Execution Environment(s) (TEEs). For the list of supported confidential computing VMs, see Confidential Computing Supported Environments and Permission Settings. | No |
| Run Code | Run code in the project. | PLA, PLM |
Site-Level Permission Policies
Site-Level permissions policies define what project participants may do with your site's resources. It also allows you to define certain site-level parameters. When the Project Lead creates the project, they also set the Site-Level permissions policies for their site. Each invited Collaborator will be presented with the Site-level Permissions Policy suggested by the Project Lead, but they may also change their Site-level permissions policy before accepting the invitation. Actions included under the Project-level Permissions Policy are:
| Actions | Description | Default Policy |
| Manage This Site's Datasets | Import, export, modify, and remove Datasets associated with this site | MA, MM |
| Manage Data Mappings | Create, modify, and remove data mappings and vocabularies from this site. | PLA, PLM, MA, MM |
| Manage Secure Access Lists | Create, modify, and remove Secure Access Lists for Datasets from this site | MA, MM |
| Manage This Site's Code Runs | Modify and remove Code Runs associated with this site | MA, MM |
| Pre-approved Code Only |
Only allow pre-approved code to be run on your site's data. You will be able to specify/update the pre-approved code on this page |
No |
| Run Code On This Site | Run code on Datasets from this site | MA, MM, PLA, PLM |
| Share Secure Access Lists | Share Secure Access Lists for Datasets from this site | MA, MM |
| View Client-Side Logs | View logs from code run on Datasets from this site | MA, MM, PLA, PLM |
| View Code Objects and Code Runs | Determines who can view workgroup code objects and code runs. Users without this permission only see code objects and code runs published to all project participants. See note below this table for more details. | CA, CM, MA, MM, PLA, PLM |
| View Datasets and Data Schemas | Allows you to view all workgroup Datasets and Data Schemas. Anyone without these permissions will only be able to view Datasets and Data Schemas that have been published to all project participants. | CA, CM, MA, MM, PLA, PLM |
| View Dataset Analytics | View aggregated analytics and metrics for Datasets from this site | MA, MM, PLA, PLM |
| View Datasets via Secure Access | Access data from this site via zero-footprint viewers (e.g. tabular data viewer, and interactive containers, OHIF) | MA, MM |
| View Client Side Logs with Sensitive Data | View logs from code runs on sensitive datasets from this site. This is included because code runs could write sensitive data to logs. | MA, MM |
| View Sensitive Datasets via Secure Access | Access sensitive data from this site via zero-footprint viewers such as a tabular data viewer and OHIF or interactive containers. This also includes fields marked as 'local only'. | MA, MM |
NOTE: If the personas for the View Code Objects and Code Runs setting are the default (PLA, PLM, MA, MM, CA, CM), then all members of the workgroup can see code objects and code runs. If you initially remove personas from the list, all code object and run versions will start as unpublished and are only visible to the included personas. Code runs are only visible to users who can see the code object. You can change personas as you would for any other permissions setting. The personas in the permission list must include an MA or MM persona so site members can view and publish their own objects and runs.
The workgroup of the code object is the primary workgroup of the person who created the code object. The workgroup of the code run is the primary workgroup of the person who triggered the code run. Note: Code Runs are only visible to users for whom the Code Object is also visible. One edge case in which this might not automatically happen, is when there is an unpublished Code Object created by Collaborator A, with “View Code Object/Run” permissions set to PLA, PLM, MA, MM (so without CA/CM). And then a user in the Project Lead workgroup (who can view the Code Object) runs the Code Object. If the Project Lead’s “View Code Object/Run” settings are set to full visibility, then the Code Run would be visible to everyone in the project. However, users from another collaborator won’t be able to see the Code Object since it’s unpublished, and thus aren’t allowed to see the Code Run.
- When complete, click the Create Project button to create your project. The project appears on the Projects screen.
Getting Help
If you have received an error or run into any issues throughout the process, please reach out to support@rhinohealth.com for more assistance.