Overview of openBIS roles

Observer

This role can be assigned to the whole openBIS instance (Instance Observer) or to specific Spaces or Projects (Space or Project Observer). Users with this role have read-only access to the whole openBIS (Instance Observer), or to a specified Space or Project (Space or Project Observer).

Observer can:

  • list
    • persons
    • spaces
    • projects
    • sample types
    • experiment types
    • data types
    • file format types
    • material types
    • data set types
    • samples
    • experiments
    • data sets
    • materials
    • property types
    • vocabularies
    • vocabulary terms
    • attachments
    • data store services
  • get details of
    • project
    • sample
    • experiment
    • data set
    • material
  • download
    • attachment
    • sample registration template
  • create report for data sets
  • search for
    • samples
    • experiments
    • materials
    • data sets

Space/Project User

Extends Observer permissions with some creating and editing functionality. Permissions are limited to specified Space(s) or Project(s).

Can do everything that Observer and additionally:

  • create
    • sample
    • experiment
  • edit
    • sample
    • experiment
    • project

Space/Project Power User

Extends Space/Project User permissions with some deleting, editing and processing functionality. Permissions are limited to specified Space(s) or Project(s).

Can do everything that Space/Project User and additionally:

  • create project
  • delete
    • project
    • data sets
    • samples
    • experiments
    • attachments
  • edit attachments
  • process data sets
  • add, update and delete vocabulary terms

Space/Project Admin

Extends Space/Project Power User permissions allowing to manage roles and projects inside given Space(s) or Project(s).

Can do everything that Space/Project Power User and additionally:

  • list roles
  • create and delete space role
  • edit data set

Instance Admin

Has the full access to given OpenBIS instance.

Can do everything that Space/Project Admin and additionally:

  • create
    • space
    • material
    • person
    • property type
    • vocabulary
    • material type
    • sample type
    • experiment type
    • data set type
    • file format type
  • create/delete instance admin role
  • edit
    • material
    • property type
    • property type assignment
    • vocabulary
    • material type
    • sample type
    • experiment type
    • data set type
    • file format type
  • assign/unassign property type
  • delete
    • space
    • vocabulary terms
    • material type
    • sample type
    • experiment type
    • data set type



New admin UI


Documentation on how to register users and assign rights in the new admin UI is available here: https://openbis.ch/index.php/docs/admin-documentation/user-registration/ 


Core UI


Assign roles to users or groups of users


User rights are controlled by going to Admin → Authorization.




Register users


  1. Go to Admin→ Authorization → Users
  2. Click on Entity:Add Person at the bottom of the page
  3. Enter the username of the user you want to register in the Code field. This user has to be known to the authentication system used in openBIS:
    1. LDAP: the user has to be registered in LDAP
    2. File authentication: the user needs to be added via the command line on the server as described in Installation and Administrator Guide of the openBIS Server. For users of the ELN, it is possible to register users and create passwords from the ELN interface: User registration in openBIS ELN-LIMS.


Create a user group

  1. Go to Admin → Authorization → User Groups
  2. Click on Entity:Add Group at the bottom of the page
  3. Enter the name you want to give to the user group in the Code field. A Code can only have alphanumeric characters and no spaces. E.g. LAB_ADMINS, LAB_USERS.
  4. Provide a description for the group in the Description field (this is not mandatory).



Assign Roles to users or user group

  1. Go to Admin → Authorization → Roles
  2. Click on Entity:Assign Role at the bottom of the page



  3. Select the Role from the list


  4. If the role is limited to a Space or Project, select from the list
  5. Select the grantee type:
    1. User group: enter the Code of an existing User group
    2. Person: enter the username of a registered user
  6. Save






  • No labels