...
...
Introduction
OpenSpecimen allows controlling data access by assigning roles to users. The privileges can be controlled at a very granular level for each resource in the system.
OpenSpecimen provides default roles that administrators can assign to different users. To view details about default user roles, follow the below steps:
Navigate to the 'Roles' card.
Click on any of the roles to view more information.
Info |
---|
Only Super Admins can create custom roles or edit existing roles. |
Default Roles
OpenSpecimen is installed with some default roles. Below mentioned are the default roles with descriptions.
Expand |
---|
title | Click here to view default roles... |
---|
|
Name | Description |
---|
Administrator | Users can perform all operations within the assigned sites. | Coordinator | Users can perform all operations within the assigned protocols. | Principal Investigator | The user has read access to all data within the assigned protocols. | Researcher | The user has read access to non-PHI data within the assigned protocols and its catalog request. | Technician | Users can perform specimen operations without access to PHI data within the assigned protocols. | Tissue Banker | Users can perform all operations within the assigned protocols. | Clinician (v6.2) | Users can register participants and collect and ship primary specimens within assigned protocols. (The user cannot access child specimens, containers, and other workflows.) | Consent Collector (v7.0) | Users can perform all the operations on the participant(PHI), Consent, and Query module. |
|
Privileges of Users
Expand |
---|
title | Click here to view details... |
---|
|
Resource | Access To |
---|
Collection Protocols | Collection | Protocols Protocols based on the configuration in the user's role tab. | Consent Response | Consents response within a Collection Protocol or Distribution Protocol. Note: Only super admins can add/edit the Consents at the global. | Distribution Protocols | Distribution Protocols based on users' sites. | Gels | Gels based on users' sites. | Jobs | Users can only see jobs created or shared with them. | Orders | Orders for the DPs they have access to. | Primary Specimens | Primary specimens for the CPs they have access to. Note: This is typically given to Clinical Coordinator staff, who are responsible for collecting the primary specimens. | Participant (PHI) | All participant data (PHI and de-identified). | Participant (DeId) | Only de-identified fields. NOTE: Users with 'Participant (DeId)' read, create, update, delete permissions will not be able to register a new participant within the CP. They can only see the existing participants, collect new visits, and add specimens. | Path Report | Can upload and access pathology reports. It also contains additional controls for lock/unlock path reports. This can be used if path reports will be locked after manual review or de-identification. | Query | Query module. | Specimens | All specimens (primary, derivative, and aliquots) for their CPs | Storage Containers | Containers within their site. Note: Container types can be added only by super admins and institute admins. | Shipping and Tracking | Shipments within their site. | Supplies | Supplies based on their CP and site access. | Users | Users within their institute. | Visits | Visits for their CPs. | Catalogs | Users can access catalogs and their requests. |
|
PHI Fields
The below fields marked as PHI in OpenSpecimen won't be visible to the roles .with 'Participant (DeId)' privileges:
First Name
Middle Name
Last Name
Birth Date
Social Security Number
Death Date
Master Patient Index
Medical Record Number (MRN)
Surgical Pathology Number
Any custom fields marked as PHI.
Edit Default Roles
The default role listed below should not be renamed or edited. They get auto-assigned to specific users, as stated below:
Role | Auto-assigned to |
---|
Administrator | Institute Administrator, Site Coordinators |
2. The rest of the default roles can be edited.
...
5. Editing means you can assign or unassign permissions to a user or altogether remove a resource.
Add Coordinator or PI at CP Level
CP level PI and coordinators are not assigned any role by default.
After creating the CP, the admin has to manually assign specific roles to all the users who need to access the CP.
Provide Researcher access to edit request
Researchers can edit their request(if it's pending) if they have 'Read' access to the 'Catalog' resource.
Ensure the researcher also has access to non-PHI data displayed in the catalog.
Create Custom Role
You can create new roles to suit your local needs.
Expand |
---|
title | Click here to view the steps... |
---|
|
Log in as a super admin user. Click the 'Roles' card from the home page. Click the 'Create' button, and enter valid details. Click the 'Resources' dropdown and select the desired resources. Check the checkboxes of the privileges assigned to selected resources and click 'Create.' Repeat steps 4 & 5 to add new resources. Image RemovedImage Added |
Import / Export
If you have the 'Exp/Imp' privilege along with 'Create' or 'Update' on any resources, you can perform bulk import and export operations of those resources.
...
Query Resource (v6.3)
The 'query' resource allows you to access the query module.
CRUD + IE rights on the 'Query' resource is added to all the system shipped roles but the 'Researcher.' By default, the 'Researcher' role acquires only the Read and IE rights.
Users who do not have Read privilege on the 'Query' resource will not be able to view the query module in OpenSpecimen.
More details on operations associated with every privilege on query resource: Query Resource Privilege.