Overview of openBIS roles
Observer
This role can be assigned to the whole openBIS instance (Instance Observer) or to specific Spaces or Projects (Space or Project Observer). Users with this role have read-only access to the whole openBIS (Instance Observer), or to a specified Space or Project (Space or Project Observer).
Observer can:
- list
- persons
- spaces
- projects
- sample types
- experiment types
- data types
- file format types
- material types
- data set types
- samples
- experiments
- data sets
- materials
- property types
- vocabularies
- vocabulary terms
- attachments
- data store services
- get details of
- project
- sample
- experiment
- data set
- material
- download
- attachment
- sample registration template
- create report for data sets
- search for
- samples
- experiments
- materials
- data sets
Space/Project User
Extends Observer permissions with some creating and editing functionality. Permissions are limited to specified Space(s) or Project(s).
Can do everything that Observer and additionally:
- create
- sample
- experiment
- edit
- sample
- experiment
- project
Space/Project Power User
Extends Space/Project User permissions with some deleting, editing and processing functionality. Permissions are limited to specified Space(s) or Project(s).
Can do everything that Space/Project User and additionally:
- create project
- delete
- project
- data sets
- samples
- experiments
- attachments
- edit attachments
- process data sets
- add, update and delete vocabulary terms
Space/Project Admin
Extends Space/Project Power User permissions allowing to manage roles and projects inside given Space(s) or Project(s).
Can do everything that Space/Project Power User and additionally:
- list roles
- create and delete space role
- edit data set
Instance Admin
Has the full access to given OpenBIS instance.
Can do everything that Space/Project Admin and additionally:
- create
- space
- material
- person
- property type
- vocabulary
- material type
- sample type
- experiment type
- data set type
- file format type
- create/delete instance admin role
- edit
- material
- property type
- property type assignment
- vocabulary
- material type
- sample type
- experiment type
- data set type
- file format type
- assign/unassign property type
- delete
- space
- vocabulary terms
- material type
- sample type
- experiment type
- data set type
New admin UI
Documentation on how to register users and assign rights in the new admin UI is available here: https://openbis.ch/index.php/docs/admin-documentation/user-registration/
Core UI
Assign roles to users or groups of users
User rights are controlled by going to Admin → Authorization.
Register users
- Go to Admin→ Authorization → Users
- Click on Entity:Add Person at the bottom of the page
- Enter the username of the user you want to register in the Code field. This user has to be known to the authentication system used in openBIS:
- LDAP: the user has to be registered in LDAP
- File authentication: the user needs to be added via the command line on the server as described in Installation and Administrator Guide of the openBIS Server. For users of the ELN, it is possible to register users and create passwords from the ELN interface: User registration in openBIS ELN-LIMS.
Create a user group
- Go to Admin → Authorization → User Groups
- Click on Entity:Add Group at the bottom of the page
- Enter the name you want to give to the user group in the Code field. A Code can only have alphanumeric characters and no spaces. E.g. LAB_ADMINS, LAB_USERS.
- Provide a description for the group in the Description field (this is not mandatory).
Assign Roles to users or user group
- Go to Admin → Authorization → Roles
- Click on Entity:Assign Role at the bottom of the page
- Select the Role from the list
- If the role is limited to a Space or Project, select from the list
- Select the grantee type:
- User group: enter the Code of an existing User group
- Person: enter the username of a registered user
- Save