Roles and Privileges

Introduction

OpenSpecimen allows controlling data access by assigning roles to users. The privileges can be controlled at a very granular level for each resource in the system.

OpenSpecimen provides default roles which administrators can assign to different users. To view details about default user roles, follow the below steps:

  1. Navigate to the 'Roles' card. 

  2. Click on any of the roles to view more information. 

Only Super Admins can create custom roles or edit existing roles.

Default Roles

OpenSpecimen is installed with some default roles.

 Click here to view default roles...

Below mentioned are the default roles and the description of the roles.

NameDescription
AdministratorUser can perform all operations within the assigned sites.
CoordinatorUser can perform all operations within the assigned protocols.
Principal InvestigatorUser has read access to all data within the assigned protocols.
Researcher
User has read access to non-PHI data within the assigned protocols.
TechnicianUser can perform specimen operations without access to PHI data within the assigned protocols.
Tissue BankerUser can perform all operations within the assigned protocols.
Clinician (v6.2)

The user can register participants, collect and ship primary specimens within assigned protocols.

(The user does not have access to child specimens, containers, and other workflows.)

Consent Collector (v7.0)User can perform all the operations on the participant(PHI), Consents, and Query module.

Privileges of Users

 Click here to expand...
ResourceAccess To
Collection ProtocolsCollection Protocols based on the configuration in the user's role tab.
Consent ResponseConsents response within a Collection Protocol or Distribution Protocol.
Note: Only super admins can add/edit the Consents at the global.
Distribution ProtocolsDistribution Protocols based on users' sites.
GelsGels based on users' sites.
JobsCan only see jobs created by self or shared with them.
OrdersOrders for the DPs they have access to.
Primary SpecimensPrimary specimens for the CPs they have access to.
Note: This is typically given to Clinical Coordinator staff where they are in charge of collecting the primary specimens.
Participant (PHI)All participant data (PHI and de-identified).
Participant (DeId)Only de-identified fields.
Path ReportCan upload and access pathology reports. Also contains additional controls for lock/unlock path reports. This can be used if path reports will be locked after manual review or de-identification.
QueryQuery module.
SpecimensAll specimens (primary, derivative, and aliquots) for their CPs
Storage ContainersContainers within their site.
Note: Container types can be added only by super admins and institute admins.
Shipping and TrackingShipments within their site.
SuppliesSupplies based on their CP and site access.
UsersUsers within their institute.
VisitsVisits for their CPs.

PHI Fields

The below fields that are marked as PHI in OpenSpecimen won't be visible to the roles with 'Participant (DeId)' privileges:

  1. First Name
  2. Middle Name
  3. Last Name
  4. Birth Date
  5. Social Security Number
  6. Death Date
  7. Master Patient Index
  8. Medical Record Number (MRN)
  9. Surgical Pathology Number
  10. Any custom fields marked as PHI.

Edit Default Roles

  1. The default role listed below should not be renamed or edited. They get auto-assigned to specific users, as stated below:
RoleAuto-assigned to
AdministratorInstitute Administrator, Site Coordinators

2. The rest of the default roles can be edited.

3. No role can be deleted via UI.

4. While editing a role, it is mandatory to keep at least one resource privilege.

Add Coordinator or PI at CP Level

  1. CP level PI and coordinators are not assigned any role by default.
  2. After creating the CP, the admin has to manually assign specific roles to all the users who need to access the CP.

Create Custom Role

You can create new roles to suit your local needs.

 Click here to view the steps...
  1. Log in as a super admin user.
  2. Click the 'Roles' card from the home page.
  3. Click the 'Create' button, enter valid details.
  4. Click the 'Resources' dropdown and select the desired resources.
  5. Check the check-boxes of the privileges to be assigned on selected resources and click 'Create.' 
  6. Repeat steps 4 & 5 to add new resources.



Import / Export

If you have 'Exp/Imp' privilege along with 'Create' or 'Update' on any resources, you will be able to perform bulk import and export operations of those resources.

Query Resource (v6.3)

  1. The 'query' resource allows you to access the query module.
  2. CRUD + IE rights on the 'Query' resource is added to all the system shipped roles but the 'Researcher.' The 'Researcher' role, by default, acquires only the Read and IE rights.
  3. Users who do not have Read privilege on the 'Query' resource will not be able to view the query module in OpenSpecimen.
  4. More details on operations associated with every privilege on query resource: Query Resource Privilege.