A role is a named set of permissions that defines what a user (or group of users) can do. This topic provides details about site and project/folder scoped roles.

Site Scoped Roles

These roles apply across the entire site. Learn about setting them here.

Site Administrator: The site administrator role is the most powerful role in LabKey Server. They control the user accounts, configure security settings, assign roles to users and groups, create and delete folders, etc. Site administrators are automatically granted nearly every permission in every project or folder on the server. There are some specialized permissions not automatically granted to site admins, such as adjudicator permissions and permission to view PHI data. See Site Administrator.

Application Administrator: This role is used for administrators who should have permissions above Project Administrators but below Site Administrators. It conveys permissions that are similar to Site Administrator, but excludes activities that are "operational" in nature. For example, they can manage the site, but can't change file/pipeline roots or configure the database connections. For details, see Administrator Role / Permissions Matrix

Troubleshooter: Troubleshooters may view administration settings but may not change them. Troubleshooters see an abbreviated admin menu that allows them to access the Admin Console. Most of the diagnostic links on the Admin Console, including the Audit Log, are available to Troubleshooters.

See User and Group Details: Allows non-administrators to see email addresses and contact information of other users as well as information about security groups.

See Email Addresses: Allows selected non-administrators to see email addresses.

See Audit Log Events: Only admins and selected non-administrators granted this role may view audit log events and queries.

Email Non-Users: Allows sending email to addresses that are not associated with a LabKey Server user account.

See Absolute File Paths: Allows users to see absolute file paths.

Use SendMessage API: Allows users to use the send message API. This API can be used to author code which sends emails to users (and potentially non-users) of the system.

Platform Developer: The platform developer role allows admins to grant developer access to trusted individuals who can then write and deploy code outside the LabKey security framework. By default, the Developer group is granted this role on a site-wide basis. For more information, see this topic: Platform Developer Role

Trusted Analyst: (Premium Feature) This role grants the ability to write code that runs on the server in a sandbox as well as the ability to share that code for use by other users under their own userIDs. For set up details, see Developer Roles.

Analyst: (Premium Feature) This role grants the ability to write code that runs on the server, but not the ability to share that code for use by other users.

Launch and use RStudio Server: (Premium Feature) Allows the user to use a configured RStudio Server.

Project and Folder Scoped Roles

Users and groups can be assigned the following roles at the project or folder level. Learn about setting them here.

Project and Folder Administrator: Similar to site admins, project and folder administrators also have broad permissions, but only within a given project or folder. Within their project or folder scope, these admins create and delete subfolders, add web parts, create and edit sample types and assay designs, configure security settings, and manage other project and study resources.

When a new subfolder is created within a project, existing project admin users and groups will be granted the folder admin role in the new folder. The admin creating the folder can adjust that access as needed. Once a folder is created and permissions configured, any subsequent new project admin users or groups will not be automatically be granted folder admin to the existing folder.

Editor: The editor role lets the user add new information and modify some existing information. For example, an editor can add and modify wiki pages, post new messages to a message board and edit existing messages, post new issues to an issue tracker, view and manage MS2 runs, and so on.

Author: The author role lets you create new data and in some cases edit or delete your own data. An author may read the work of others but may not modify it. For example, a user assigned the author role can edit or delete their own message board posts, but not anyone else's posts. The ability for authors to edit and delete their own data is supported for a limited set of data types, including Wikis and Message Boards. It is not supported for other data types such as Datasets, Lists, etc.

Reader: The reader role lets you read text and data, but generally you can't modify it.

Message Board Contributor: This role lets you participate as an "Author" in message board conversations and Object-Level Discussions. You cannot start new discussions, but can post comments on existing discussions. You can also edit or delete your own comments on message boards.

Shared View Editor: This role lets the user create and edit shared views without having broader Editor access. Shared View Editor includes Reader access, and applies to all available queries or datasets.

QC Analyst: (Premium Feature) - Perform QC related tasks, such as assigning QC states in datasets and assays. This role does not allow the user to manage QC configurations, which is available only to administrators. For set up details, see Assay QC States - Admin Guide.

Submitter: The submitter role lets you insert new records, but not view or change other records.

Assay Designer: Assay designers may perform several actions related to creating assay designs.

Specimen Coordinator: Specimen Coordinators may perform a number of management tasks related to specimens. A Specimen Coordinator must also be given the Reader role. This role is available only in a project or folder containing a study or with a study in a descendant folder.

Specimen Requester: Specimen Requesters may request specimen vials. This role is available only in a project or folder containing a study or with a study in a descendant folder.

Developer: Developer is not a role, but a site-level group that users can be assigned to. Developers can create executable code on the server, for example, adding <script> tags to wiki pages and adding R reports and JavaScript reports to data grids. They cannot define new SQL queries using the schema browser. For details see Global Groups.

PHI-related Roles: (Premium Feature) - For details see Compliance: Security Roles. Note that these roles are not automatically granted to administrators.

Related Topics


Was this content helpful?

Log in or register an account to provide feedback

expand all collapse all