Developers can write and deploy code on LabKey Server. This topic describes the roles that can be granted to developers.

Platform Developer

The Platform Developer role allows admins to grant developer access to trusted individuals who can then write and deploy code outside the LabKey security framework. By default, the Developer group is granted this role on a site-wide basis. When that code is executed by others, it may run with different permissions than the original developer user had been granted.

The Platform Developer role is very powerful because:
  • Any Platform Developer can write code that changes data and server behavior.
  • This code can be executed by users with very high permissions, such as Site Administators and Full PHI Readers. This means that Platform Developers have lasting and amplified powers that go beyond their limited tenure as composers of code.
Administrators should (1) carefully consider which developers are given the Platform Developer role and (2) have an ongoing testing plan for the code they write. Consider the Trusted Analyst and Analyst roles as an alternative on Premium Editions of LabKey Server.

Grant the Platform Developer Role

To grant the platform developer role, an administrator selects (Admin) > Site > Site Permissions. They can either add the user or group directly to the Platform Developer role, or if the Developers site group is already granted this role (as shown below) they can add the user to that group by clicking the "Developers" box, then adding the user or group there.

Platform Developer Capabilities

The capabilities granted to users with the Platform Developer role include the following. They must also have the Editor role in the folder to use many of these:

  • APIs:
    • View session logs
    • Turn logging on and off
  • Reports:
    • Create script reports, including JavaScript reports
    • Share private reports
    • Create R reports on data grids
  • Views:
    • Customize participant views
    • Access the Developer tab in the plot editor for including custom scripts in visualizations
    • Export chart scripts
  • Schemas and Queries:
    • Create/edit/delete custom queries in folders where they also have the Editor role
    • View raw JDBC metadata
  • Transform Scripts:
    • Create transformation scripts and associate them with assay designs.
  • JavaScript:
    • Create and edit announcements with JavaScript
    • Create and copy text/HTML documents with JavaScript
    • Create and edit wikis with JavaScript using tags such as <script>, <style>, and <iframe>
    • Upload HTML files that include JavaScript with tags such as <script>, <style>, and <iframe>
    • Create tours
  • Developer Tools:
    • More verbose display and logging
    • Developer Links options on the (Admin) menu
    • Use of the mini-profiler
    • etc.

Developer Site Group

One of the built in site groups is "Developer". This is not a role, but membership in this group was used to grant access to developers prior to the introduction of the Platform Developer role. By default, the Developers site group is granted the Platform Developer role.

Developer Links Menu

Developers have a access to additional resources on the (Admin) menu.

Select Developer Links for the following options:

Depending on the modules installed, there may also be additional options included on this menu, such as:

Premium Feature — The Trusted Analyst and Analyst roles are available in all Premium Editions of LabKey Server. Learn more or contact LabKey.

Trusted Analyst

The role Trusted Analyst grants the ability to write code that runs on the server in a sandbox.

Sandboxing is a software management strategy that isolates applications from critical system resources. It provides an extra layer of security to prevent harm from malware or other applications. Note that LabKey does not verify security of a configuration an administrator marks as "sandboxed".

Code written by trusted analysts may be shared with other users and is presumed to be trusted. Admins should assign users to this role with caution as they will have the ability to write scripts that will be run by other users under their own userIds.

To set up the Trusted Analyst role:

  • Set up a sandboxed script engine in a folder.
  • In the same folder, give the Editor role to the desired script/code writers.
  • Go to (Admin) > Site > Site Permissions and give the Trusted Analyst role to the desired script/code writers.

Trusted Analysts also have the ability to create/edit/delete custom queries in folders where they also have the Editor role.

If Trusted Analyst is assigned to a user who does not also have Platform Developer, they will gain many of the same abilities since the 'code authoring' permission is similar. For instance, Trusted Analysts will be able to work with files and wikis that include JavaScript containing <script> <style> or <iframe> tags.


The role Analyst grants the ability to write code that runs on the server, but not the ability to share that code for use by other users. For example, an analyst can use RStudio if it is configured, but may not write R scripts that will be run by other users under their own userIDs.

A user with only the Analyst role cannot write new SQL queries.

Related Topics

Was this content helpful?

Log in or register an account to provide feedback

expand allcollapse all