Changes made to Workbench for Security 

  • Updated

Good Afternoon,


The latest release for the Workbench had some upgrades that were necessary for security approval of the Workbench. The following are important updates that impact users:


  1. Migration of workspaces to new security perimeter: All workspaces created after 08/19/2019 are within a security perimeter controlled to prevent data exfiltration. Older workspaces will now have to be migrated to this security perimeter. 
    1. This migration process will be from 7 PM Eastern on Monday, 09/16 to 9 AM Eastern on Tuesday, 09/17. We request that users do not plan important work or demos during this window as there may be interruptions to workspaces that are being actively used.
    2. Once the migration is complete, all workspaces will be pointing to a new CDR location - “fc-aou-cdr-prod.R2019Q2R1”. Any hard-coded references in Notebooks pointed at the old CDR locations “aou-res-curation-output-prod.R2018Q4R1” or “aou-res-curation-output-prod.R2019Q2R1” will have to be replaced with “fc-aou-cdr-prod.R2019Q2R1”. Hard-coded references to workspace bucket names will also have to change.
    3. We are working on providing environment variables for users to reference their CDR and GCS bucket in their workspace.
    4. URLs for workspaces will change. Users may need to update bookmarks to specific workspaces and notebooks.
  • Big Query console access is disabled: As a data exfiltration prevention measure, direct access to Big Query console is disabled. Users can continue to query the CDR from the Notebooks application in the Workbench.
  • Logout due to inactivity: Another security requirement is that users who are inactive for a period of over 30 minutes are automatically logged out of the system. There are a couple of effects of this implementation that can be disruptive to users:
    1. To enforce password entry upon user logout, we need to log users out of all active Google accounts. This means when users logout of the Workbench, they will also be logged out of active Google products such as Gmail, Hangouts etc including Google accounts that are different from the Workbench. We are actively working on a solution that will only log users out of the All of Us Workbench without disrupting user experience from other Google services. In the interim, we recommend users create a “Chrome profile” with their All of Us Workbench account and use that when accessing Workbench. 
    2. There is also a known bug where users are incorrectly timed out when they have multiple tabs open. Our team is investigating this bug and will provide updates accordingly.

We will keep you informed as we continue to take measures to improve user experience while implementing security requirements. We appreciate your patience and support in this process. If you have further questions, please contact our support team using the Help Desk widget in the Workbench or by emailing the support team at



The All of Us Research Support team

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request