Privileged security roles grant the highest level of access and control over the system. They include:

Site Administrator

The person who installs LabKey Server at their site becomes the first member of the "Administrators" site group and has administrative privileges across the entire site. Members of this group can view any project, make administrative changes, and grant permissions to other users and groups. For more information on built in groups, see Global Groups.

Only Site Administrators can manage privileged roles, including these actions:

  • Assign/unassign privileged roles
  • Delete/deactivate a user that is assigned one of these roles (directly or indirectly)
  • Update a group that's assigned a privileged role (directly or indirectly)
  • Clone to/from a user that's assigned any of these roles
  • Impersonate privileged roles
Impersonating Troubleshooters can impersonate a Site Administrator and perform the above actions; an Application Administrator cannot.

Common LabKey Server Site Administration Tasks

Add Other Site Admins

When you add new users to the Site Administrators group, they will have full access to your LabKey site. You can also grant existing users the "Site Administrator" role to give them the same access.

Most users do not require such broad administrative access to LabKey, and should be added to other roles. Users who require admin access for a particular project or folder, for example, can be granted Project or Folder Administrator in the appropriate location.

If you want to add new users as Site Administrators:
  • Go to (Admin) > Site > Site Admins. You'll see the current membership of the group.
  • In the Add New Members text box, enter the email addresses for your new site administrators.
  • Choose whether to send an email and if so, how to customize it.
  • Click Done.

Application Administrator

Similar to Site Administrator on LabKey Server, the Application Administrator grants site-wide administrative access for Sample Manager and Biologics LIMS. Some 'operational' activities are excluded for this role, to ensure the application can run, but settings are shown as read-only. Learn more in this topic: Administrator Permissions Matrix

Impersonating Troubleshooter

This role includes the access granted to the Troubleshooter role, plus the ability to impersonate any site-level roles, including Site Administrator. This is a powerful privileged role, designed to give a temporary ability to perform site administration actions, without permanently including that user on dropdown lists that include site administrators.

An Impersonating Troubleshooter defaults to having the reduced set of Admin Console actions of a Troubleshooter, but can elevate their access if needed. Learn about the actions available to privileged roles, whether by assignment or impersonation, in this topic: Administrator Permissions Matrix.

To impersonate one of the site roles, the Impersonating Troubleshooter must first navigate to the > Site > Admin Console. Then the user will see Impersonate > on the user menu.

The impersonation of site roles, like any impersonation, ends upon logout. All impersonation events are logged under "User events".

Related Topics

Was this content helpful?

Log in or register an account to provide feedback

expand allcollapse all