/
Roles and Privileges
Got feedback or spotted a mistake?

Leave a comment at the end of this page or email contact@krishagni.com

Roles and Privileges

Owned by pooja kulkarni (Deactivated)
Last updated: Feb 19, 2025 by Ashish Vishwakarma

Introduction

OpenSpecimen allows controlling data access by assigning roles to users. The privileges can be controlled at a very granular level for each resource in the system.

OpenSpecimen provides default roles that administrators can assign to different users. To view details about default user roles, follow the below steps:

  1. Navigate to the 'Roles' card. 

  2. Click on any of the roles to view more information. 

Only Super Admins can create custom roles or edit existing roles.

Privileges specific to Super Administrators

Privileges

Description

Privileges

Description

Institute

To create one or more institute in the OpenSpecimen

User accounts

Only super admin can create other super admins

Extras>>Audit log

Generation of the audit logs

Extras>>Database Console

Access to database console

Extras>>API call logs

History of API call logs

Extras>>Backups

For setting up database and data file backups

Extras>>Dropdown manager

To manage values to be displayed in the dropdowns

Extras>>Identity providers

To create and manage user authentication providers

Extras>>Import records

To upload the data from multiple files at the same time

Extras>>Print rules

To create and manage specimen label print rules

Extras>>Specimen units

To add, edit, delete the specimen units

Extras>>Upgrade history

To view OpenSpecimen upgrade logs

System Settings

This allows super admin to update system settings. For more information, refer to https://openspecimen.atlassian.net/wiki/x/EQCtAg

Attach Form

Super admin can attach form at different level. For more information refer to Attach Forms at Different Levels - OpenSpecimen - Confluence (atlassian.net)

Default Roles

OpenSpecimen is installed with some default roles. Below mentioned are the default roles with descriptions.

Do not edit the default roles shipped with OpenSpecimen as it will causes issues with access across the system. It is suggested to create new roles as per requirement

Resources

The resources define the module and data entry access given to the user.

Privileges of Users

PHI Fields

The below fields marked as PHI in OpenSpecimen won't be visible to the roles with 'Participant (DeId)' privileges:

  1. First Name

  2. Middle Name

  3. Last Name

  4. Birth Date

  5. Social Security Number

  6. Death Date

  7. Master Patient Index

  8. Medical Record Number (MRN)

  9. Surgical Pathology Number

  10. Any custom fields marked as PHI.

Edit Default Roles

  1. The default role listed below should not be renamed or edited. They get auto-assigned to specific users, as stated below:

Role

Auto-assigned to

Role

Auto-assigned to

Administrator

Institute Administrator, Site Coordinators

2. The rest of the default roles can be edited.

3. No role can be deleted via UI.

4. While editing a role, keeping at least one resource privilege is mandatory.

5. Editing means you can assign or unassign permissions to a user or altogether remove a resource.

Add Coordinator or PI at CP Level

  1. CP level PI and coordinators are not assigned any role by default.

  2. After creating the CP, the admin has to manually assign specific roles to all the users who need to access the CP.

Provide Researcher access to edit request

  1. Researchers can edit their request(if it's pending) if they have 'Read' access to the 'Catalog' resource. 

  2. Ensure the researcher also has access to non-PHI data displayed in the catalog.

Create Custom Role

You can create new roles to suit your local needs.

Import / Export

If you have the 'Exp/Imp' privilege along with 'Create' or 'Update' on any resources, you can perform bulk import and export operations of those resources.

Query Resource (v6.3)

  1. The 'query' resource is a way to access the query module.

  2. Most roles in the system can Create, Read, Update, and Delete (CRUD) queries, as well as Import and Export data. However, the 'Researcher' role can only Read and Import/Export data.

  3. The import button will be visible if the user has “Create” rights to queries. To export query results, users need to have import/export rights for the 'Query' resource.

  4. Users without Read access to the 'Query' resource cannot use the query module in OpenSpecimen.

  5. For more details about what each privilege means for the query resource, check this link: Query Resource Privilege.

Got feedback or spotted a mistake?

Leave a comment at the end of this page or email contact@krishagni.com