LabKey uses a role-based permissions model. This topic covers the permission roles available in Sample Manager and the process for assigning them to the appropriate users and groups.
Once users and groups have been defined, an administrator can assign them one (or more) of the available permission roles:
- Editors: May add, edit, and delete data related to samples, assays, and jobs, but not storage information.
- Editor without Delete: May add and edit, but not delete, data related to samples, assays, and jobs. May not edit storage information. Learn about limited exceptions here.
- Readers: Have a read-only view of the application.
- Administrators: Have full control over the application including user management, permission assignments, storage editor and designer tasks, creating and editing sample types, assays, and job templates.
- When Sample Manager is used with a Premium Edition of LabKey Server, there are two levels: Project Administrators and Folder Administrators. Learn more in the core LabKey Server documentation.
- Storage Editors: Storage Editors may read, add, edit, and delete data related to items in storage, picklists, and jobs.
- Storage Designers: Storage Designers may read, add, edit, and delete data related to storage locations.
- Workflow Editor: This role allows users to be able to add, update, and delete picklists and workflow jobs.
- It does not include general "Reader" access, or the ability to add or edit job templates or any sample, source, or assay data.
- Note that this role does allow a user to delete tasks from a workflow job, as part of having the ability to edit the job.
Assign Roles to Users and Groups
Open user management by selecting Administration
from the user avatar menu. Click the Permissions
To add a user or group to any role:
- First click the role section. You'll see the current members of that role.
- Click the Add member or group dropdown and start typing a user's email address or the name of a user group.
- Click the user email or group name to add to the role.
- Selected users and groups will be shown in the panel for the role as you go.
- Each time you select a user, the details for that user will be shown on the right to assist you.
- In the image below, the Editor role is being granted to users named "team lead" and "lab technician"; the Reader role is being granted to the "reviewer".
Assign Administrator Role
Administrators have full control over the application, including the abilities of the two storage-specific roles. Admins can perform user management, permission assignments, and create and edit sample types, assays, and job templates.
Note that administrator permissions work differently when Sample Manager is used with a premium edition of LabKey Server. They are assigned on the same Permissions
tab as other roles. Learn more in this topic:
The first user login created on the Sample Manager application is always an administrator. To assign the administrator role to other users or groups, any administrator can choose Administration
from the user menu, then click the Settings
Click the Application Administrators
role panel and use the Add member or group...
dropdown to select to whom to assign the administrator role. Type ahead to narrow the dropdown menu list.
Remove Users and Groups from Roles
To remove a level of access for a given user or group, reopen the interface for granting that role and click the X for the user or group you want to delete from the role. Removing a user from a role does not deactivate or remove the user account itself.
A note about role-based permissions: Users can be assigned multiple roles in the system, either independently or via groups, and each is independent. If a user is both Editor and Reader, removing them from the Reader role will not in fact remove that user's ability to read information in the system, because they will still have that access via the Editor role.