Leave a comment at the end of this page or email contact@krishagni.com
Roles and Privileges
Introduction
OpenSpecimen allows controlling data access by assigning roles to users. The privileges can be controlled at a very granular level for each resource in the system.
OpenSpecimen provides default roles that administrators can assign to different users. To view details about default user roles, follow the below steps:
Navigate to the 'Roles' card.
Click on any of the roles to view more information.
Only Super Admins can create custom roles or edit existing roles.
Privileges specific to Super Administrators
Privileges | Description |
---|---|
Institute | To create one or more institute in the OpenSpecimen |
User accounts | Only super admin can create other super admins |
Extras>>Audit log | Generation of the audit logs |
Extras>>Database Console | Access to database console |
Extras>>API call logs | History of API call logs |
Extras>>Backups | For setting up database and data file backups |
Extras>>Dropdown manager | To manage values to be displayed in the dropdowns |
Extras>>Identity providers | To create and manage user authentication providers |
Extras>>Import records | To upload the data from multiple files at the same time |
Extras>>Print rules | To create and manage specimen label print rules |
Extras>>Specimen units | To add, edit, delete the specimen units |
Extras>>Upgrade history | To view OpenSpecimen upgrade logs |
System Settings | This allows super admin to update system settings. For more information, refer to https://openspecimen.atlassian.net/wiki/x/EQCtAg |
Attach Form | Super admin can attach form at different level. For more information refer to Attach Forms at Different Levels - OpenSpecimen - Confluence (atlassian.net) |
Default Roles
OpenSpecimen is installed with some default roles. Below mentioned are the default roles with descriptions.
Do not edit the default roles shipped with OpenSpecimen as it will causes issues with access across the system. It is suggested to create new roles as per requirement
Resources
The resources define the module and data entry access given to the user.
Privileges of Users
PHI Fields
The below fields marked as PHI in OpenSpecimen won't be visible to the roles with 'Participant (DeId)' privileges:
First Name
Middle Name
Last Name
Birth Date
Social Security Number
Death Date
Master Patient Index
Medical Record Number (MRN)
Surgical Pathology Number
Any custom fields marked as PHI.
Edit Default Roles
The default role listed below should not be renamed or edited. They get auto-assigned to specific users, as stated below:
Role | Auto-assigned to |
---|---|
Administrator | Institute Administrator, Site Coordinators |
2. The rest of the default roles can be edited.
3. No role can be deleted via UI.
4. While editing a role, keeping at least one resource privilege is mandatory.
5. Editing means you can assign or unassign permissions to a user or altogether remove a resource.