Site Groups allow administrators to define and edit groups of users on a site-wide basis. In particular, grouping users by the permissions they require and then assigning permissions to the group as a whole can greatly simplify access management. A key advantage is that if membership in the organization changes (new users enter or leave a given group of users) only the group membership needs updating; the permissions stay with the group and do not need to be reassigned in every container.

Site groups are visible to every project and may also be assigned project-level permissions as a group. Using site groups has the advantage of letting administrators identify the affiliations of users while viewing the site users table where project group membership is not shown.

• Built-in Site Groups
• Site Users
• Guests
• Legacy Groups: Site Administrators and Developers
• Create a Site Group
• Manage Site Groups
• Grant Project-Level Permissions to a Site Group

Built-in Site Groups

• All Site Users: Anyone logged into the site.
• Guests: Anyone not logged in; anonymous visitors.

Site Users

The site-level "Users" group, aka "All Site Users", consists of all users logged onto the LabKey system. You don't need to do anything special to add users to the Site Users group; any users with accounts on your LabKey Server will be part of the Site Users group when they log in. This group is available site wide and useful for granting broad access to a specific shared resource. Any sensitive data resources are typically controlled by specific assigned subgroups of users, defined at the site or project level.

Guests

Anonymous users, or anyone who is not logged in to your site are represented by the "Guests" group. This is an even more broad category than the site users group, allowing actual public access to anyone not logged in. Permissions for guests can range from no permissions at all, to read permissions for viewing information, to write permissions for both viewing and contributing data. The "Guest" group can never have administrative privileges. By default, guests have read access to the /home project as well as folders created beneath it. If you want to disable guest access entirely, you can do so.

As an example, our LabKey support site offers documentation and demos to anyone visiting the site, without logging in. Once a user does log in, they have somewhat more broad access granted to the "Site Users" group. Only select groups of premium subscribers have access to resources like custom support portals and premium documentation.

Legacy Groups: Site Administrators and Developers Groups

LabKey no longer creates the Site Administrators or Developers groups by default. Instead, the "Site Administrator" and "Platform Developer" roles are used to manage these functions. If you want to create your own site level groups for these functions, you can.

Older servers will still include these groups, and if they were assigned permissions, those permissions are still granted to the groups. Administrators may want to migrate all members of the "Site Administrators" group to being directly assigned the "Site Administrator" role instead, to make it clear which users have this access. In particular, confirm that the person who installed and configured the server, i.e. the first site administrator, is specifically granted the permission role.

The Site Administrators group is no longer implicit in all security settings. Note that previously, this group would have had implicit access to read data, including when a custom study security policy was in effect. If users can no longer read expected data, they may need to have it granted via another group within the study security policy.

Create a Site Group

View current site groups by selecting > Site > Site Groups:

To create a new group, enter the name then click Create New Group. You may add users or groups and define permissions now, or manage the group later. Click Done to create your group.

Manage Site Groups

Membership in site groups is managed in the same way as membership in project groups. Learn more in this topic: Manage Group Membership.

Click the group name to view the group information box.

• Add a single user or group using the pulldown menu.
• Remove a user from the group by clicking Remove.
• View an individual's permissions via the Permissions button next to his/her email address.
• Manage permissions for the group as a whole by clicking the Permissions link at the top of the dialog box.
• Click Manage Group to add or remove users in bulk as well as send a customized notification message to newly added users.

Grant Project-Level Permissions to a Site Group

To grant project-level permissions to Site Groups, select > Folder > Permissions from the project or folder. Site groups will be listed among those eligible for assignment to each role.

Related Topics

• Configure Permissions
• Manage Group Membership