Project based access
Compound Registration system can be configured in a way to use project based access when registering or when retrieving registered compounds. By default, this functionality is turned off, and accordingly, the project field can be used to store data, but no data filtering or data access will be controlled based on the user and the project info.
In the Administration menu Configuration tab, SecurityConfig of the application Project based access can be enabled. Once enabled, the access of the registered compounds can be controlled based on the project info and the relation between user and project.
User(s) can have different permission(s) within projects. Currently five types of permissions are available:
-
Read / write all submissions (1)
-
Read all, write own submissions (2)
-
Read all submissions (3)
-
Read / write own submissions (4)
-
Read own submissions (5)
If project based access control is set, registration, amendment and search actions can be performed based on projects considering the user permission(s).
E.g project A16 is created having two users as members:
-
reg1 user having read/write to all permission (1) and
-
chemist4 having read own permission (5).
Logged in as chemist4, the user cannot register lots within project A16. As for user reg1 registrations are allowed within project A16: a lot having "reg1" as submitter and another lot having "chemist4" as submitter are registered under the same PCN. Then, as chemist4 on the Details page and Search pages only one lot of the tree should be visible where previously two lots were registered. The reason for this is that user "chemist4" has only "read own permission" within the project and only the second registered lot has "chemist4" as the submitter.
As for chemist4 (who belongs to "Registrar no restriction change" group) on the Browse page, the amendment of the owned lot should not be possible since the chemist4 is having only read own permission. As for reg1 (who belongs to "Registrar" group) it is possible to amend both lots since the user is having all the roles (register, amend etc.) and is having also the permission (write) to do it within the project.