LabKey uses a role-based permissions model. This topic covers the permission roles available in Sample Manager and the process for assigning them to the appropriate users and groups.

Available Roles

Once users and groups have been defined, an administrator can assign them one (or more) of the available permission roles:

  • Administrators: Have full control over the application including user management, permission assignments, storage editor and designer tasks, creating and editing sample types, assays, and job templates.
    • Application Administrator is the name of this role when Sample Manager is used as a standalone application.
    • When Sample Manager is used with a Premium Edition of LabKey Server, there are two levels: Project Administrators and Folder Administrators. Learn more in the core LabKey Server documentation.
  • Editors: May add, edit, and delete data related to samples, assays, and jobs, but not storage information.
  • Editor without Delete: May add and edit, but not delete, data related to samples, assays, and jobs. May not edit storage information. Learn about limited exceptions here.
  • Readers: Have a read-only view of the application.
  • Storage Editors: Have read permission for sample data. They may also add, edit, and discard samples in storage. They can create, update, and delete their own picklists, and participate in workflow jobs.
  • Storage Designers: May read, add, edit, and delete data related to storage locations.
  • Workflow Editor: This role allows users to be able to add, update, and delete picklists and workflow jobs.
    • It does not include general "Reader" access, or the ability to add or edit job templates or any sample, source, or assay data.
    • Note that this role does allow a user to delete tasks from a workflow job, as part of having the ability to edit the job.

Assign Roles to Users and Groups

Open permissions management by selecting > Permissions.

To add a user or group to any role:

  • First click the role section. You'll see the current members of that role.
  • Click the Add member or group dropdown and start typing a user's email address or the name of a user group.
    • Click the user email or group name to add to the role.
    • Selected users and groups will be shown in the panel for the role as you go.
    • Each time you select a user, the details for that user will be shown on the right to assist you.
  • In the image below, the Editor role is being granted to users named "team lead" and "lab technician"; the Reader role is being granted to the "reviewer".

Click Save.

Remove Users and Groups from Roles

To remove a level of access for a given user or group, reopen the interface for granting that role and click the X for the user or group you want to delete from the role. Removing a user from a role does not deactivate or remove the user account itself.

A note about role-based permissions: Users can be assigned multiple roles in the system, either independently or via groups, and each is independent. If a user is both Editor and Reader, removing them from the Reader role will not in fact remove that user's ability to read information in the system, because they will still have that access via the Editor role.

Related Topics

Was this content helpful?

Log in or register an account to provide feedback

expand allcollapse all