Access Control
Overview
Using this menu the access of the users on the Registration system can be controlled. Only privileged users (e.g. system administrators) can have access to this menu. Users belong to group(s). Predefined groups can be used or new ones can be created by adding or removing different roles. When projects are created, user(s) with permission(s) should be added to it.
In the Access control menu three tabs: Users, Groups and Projects are available, where users, groups and projects can be added, removed or updated.
Role based access of functionalities
Groups, regardless if they are present in a predefined list or they were just created, can have different roles. Example of roles: autoregister; view, list, modify submissions in the staging area; ability to register from the staging area; ability to read the amendment page, to amend etc.
E.g. a user who belongs to the Read only group, by default, will have the role to list and view submissions in the staging area, assign and unassign submissions in staging, read the amendment page, search for salts and solvates, view the audit, search for structures, export search results and self administration. The user who belongs to the Read only group will not be able to modify already registered compounds. For a more detailed role description check the Groups section.
Project based access of data
Project based access can be configured. In the Administration menu Configuration tab SecurityConfig of the application Project based access can be enabled.
User(s) can have different permission(s) within projects. Currently four types of permissions are available: write, write own, read and read own. The write permission includes the write own (which contains the read own) and the read permission. Therefore a user having write permission within a project is automatically having all the permissions, so there is no need to set the other permissions too. A user having read / write own permission is automatically having also the read own permission.
If project based access control is set, registration, amendment and search actions can be performed based on projects considering the user permission(s). E.g project A16 is created having two users as members: reg1 user having write permission and chemist4 having read own permission. Logged in as chemist4 cannot register lots within project A16. As reg1 user registrations are allowed within project A16: a lot having reg1 as submitter and another lot having chemist4 as submitter are registered under the same PCN. Then, as chemist4 on the Details page and Search pages only one lot of the tree should be visible where previously two lots were registered. As chemist4 (who belongs to "Registrar no restriction change" group) on the Details page the amendment of the owned lot should not be possible, since the chemist4 is having only read own permission. As reg1 (who belongs to "Registrar" group), it should be possible to amend both lots (Access denied), since this user is having all the roles.
Users
List of the Existing Users
The Users tab contains a list of the existing users. The list of users is displayed along with the groups where they belong to. The associated roles are also listed. E.g. "admin" user is part of a group called "super" and has all the available roles. The different roles for each group are listed below. You can filter the Users list by selecting a group or a role in the Filter drop-down list.
Add a new user
It is also possible to add new users by clicking on the [Add new user] button. In this case you need to provide a username and password and need to select at least one group where the new user should belong to, then first click on the Add user to group then [Create user] buttons.
Groups
A set of predefined groups are available immediately after the deployment, but certainly new groups can also be defined. The default groups with the default roles are:
Autoregister Only
This group has the role to perform autoregistration and self administration.
Import-Export
This group has the role to perform bulkload, to register with a specific ID, allocate specific PCNs, to search structures and export the search results, to export the regsys DB content to a downstream DB and self administration.
Read Only
This group has the role to list and view submissions in the staging area, assign and unassign his own submissions in staging, read the amendment page with the audit, search for structures and salts/solvates, view the audit, export search results and self administration.
Registrar
This group has the role to autoregister, list, view and modify submissions in staging, register from the staging, bulk register (register all) from the staging, assign and unassign submissions in staging, read the amendment page, amending a structure, lot, version and parent level amendment, view the audit, manual version correction, amending the molecular weight, delete and undelete ID's, rename and swap LnbRef, move lot, amend restriction level, update the layout of the structure, bulk restriction change, search for structures and salts/solvates, export search results, modify the dictionaries, modify the switchers and self administration.
OVERRIDE_SWITCHERS
Registrar - No Amendment
This group has the role to autoregister, list, view and modify submissions in staging, register from the staging, bulk register (register all) from the staging, assign and unassign submissions in staging, read the amendment page, view the audit, manual version correction, search for structures and salts/solvates, export search results and self administration.
Registrar - No Restriction Change
This group has the role to autoregister, list, view and modify submissions in staging, register from the staging, bulk register (register all) from the staging, assign and unassign submissions in staging, read the amendment page, amending a structure, lot, version and parent level amendment, manual version correction, amending the molecular weight, delete and undelete ID's, rename and swap LnbRef, move lot, update the layout of the structure, view the audit, search for structures and salts/ solvates, export search results and self administration.
Registry Administrator
This group has the role to list, view and delete submissions from the staging, assign and unassign submissions in staging, add salts and solvates to the DB, view the audit, bulkload, bulk restriction change, clear the DB, modify the dictionaries, export the regsys DB content to a downstream DB and self administration.
Super
This group has all the available roles.
User administrator
This group has user and self administration role and is able to modify the dictionary roles, furthermore, he has the ability to set the project based access control (read projects, if he has permission, and to modify projects with the user permissions).
Projects
Projects can be specified either during autoregistration or when registering the submission from the staging area. Projects can be also created also from the Administration page, Access control menu, Projects tab. Here, while creating the project, the users who can have access to it (with different permissions), can be added. The user's permissions are: read, write, read_own and write_own. For more details about the permissions please consult the Project based access of data section.
Projects can be filtered and searched or all projects can be displayed.