Configured Role-Based Permissions
Manage the permissions of the System Administrator, Facility Administrator, Researcher, and Collaborator user roles to restrict or allow the following actions:
Sign in to Clarity LIMS.
Sign in to the API.
View and interact with certain features of the interface.
Perform certain actions in the interface.
View and restrict any actions in the interface. [Clarity LIMS v6.1 and above]
Command-line Permissions Tool
Role-based permissions are controlled through the permissions-tool.jar tool, at /opt/gls/clarity/tools/permissions/.
For assistance with running the command-line permissions tool, contact the Illumina Support team.
Functionality includes the following commands:
listRoles—List all roles in the system.
describeRole—List names and descriptions of all permissions in the system.
createRole—Create a role.
showSummary—List permissions assigned to each role in the system.
listPermissions—List permissions assigned to a specific role.
assignPermission—Assign a permission to a role.
removePermission—Remove a permission from a role.
NOTE: The permissions-tool.jar tool function names and property names are case-sensitive. If you type the incorrect case, your command or property cannot be understood.
There can be a delay (up to 20 minutes) before changes to some API-related permissions take effect.
Supported Commands
listRoles
List all user roles in the system:
describeRole
Show permissions for a specific role:
createRole
Create a role:
showSummary
Show assigned permissions for all roles:
listPermissions
List names and descriptions of all permissions:
assignPermission
Assign a permission to a role (the example assigns permission to create controls):
[Clarity LIMS v6.1 and above] Assign a permission to a role (the example assigns read-only permission to a role):
Refer to Supported Permissions.
removePermission
Remove a permission from a role (the example removes permission to create controls):
Refer to Supported Permissions.
Usage
Options
-a | --apiUri | REST API base URI (ends with "/api/<version>/") Must be completed as: http://<servername>/api/v2/ |
-p | --password | LIMS password (required) |
-u | --username | LIMS sign-in username (required) |
Supported Permissions
The sections below list LIMS permissions and actions, and the user roles to which each permission/action is assigned by default.
By default, System Administrators and Facility Administrators have all permissions listed.
Permission: AdministerLabLink
The default role with AdministerLabLink permission is Administrator. This permission is added to the existing System Administrator & Facility Administrator roles.
The Collaborator role is based on the existing Collaborator role in LabLink v1.0.
Note: The existing Researcher role does not have the new permission and behaves similarly to the LabLink Collaborator role.
Action | Permission Required | System Administrator and Facility Administrator | Collaborator |
Sign in to LabLink | CollaborationsLogin action | Yes | Yes |
Manage Project | Projects create, read, update. | Yes | Yes |
Manage Sample | Samples create, read, update. | Yes | Yes |
Manage User | Users create, read, update. | Yes | No |
Manage Configuration | Configuration update | Yes | No |
View the Configuration page | AdministerLabLink | Yes | No |
View the User Management page | AdministerLabLink | Yes | No |
Permission: ClarityLogin
Default roles with this permission: Administrator, Researcher
Allows: | Result of denied permission |
---|---|
| Sign In screen
|
Permission: APILogin
Allows: | Result of denied permission |
---|---|
| Sign In screen
|
Permission: Project
Action: | Allows: | Result of denied permission |
---|---|---|
|
| Projects and Samples
Note: No permission is needed to upload files to a project |
|
| Projects and Samples
|
|
| Projects and Samples
|
Permission: Sample
Action: | Allows: | Result of denied permission |
---|---|---|
|
| Projects and Samples
Sample Management
|
|
| Projects and Samples
|
|
| Projects and Samples
|
The Sample:update permission is automatically granted to roles that have the Sample:create permission at the time of migration to Clarity LIMS v5.x. If you have removed create permissions from any default role, the role does not acquire the update permission.
Permission: Controls
Default roles with these permissions: Administrator
Action: | Allows: | Result of denied permission |
---|---|---|
|
| Controls
|
|
| Controls
|
|
| Controls
|
Users with ClarityLogin permission can access the Consumables > Controls tab and view control sample details (read only).
Permission: ReagentKit
Default roles with these permissions: Administrator
Action: | Allows: | Result of denied permission |
---|---|---|
|
| Reagents
|
|
| Reagents
|
|
| Reagents
|
Users with ClarityLogin permission can access the Consumables > Reagents tab. They can also view, edit, and delete reagent lots, and add lots to existing kits. No additional ReagentKit permissions are required.
Permission: Role
Default roles with these permissions: Administrator
Action: | Allows: | Result of denied permission |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
APILogin permission is required for role management. All users with ClarityLogin permissions can view and edit their own user details (except for assigning/removing roles).
Permission: Read-Only [Clarity LIMS v6.1 and above]
Default roles with this permission: Not applicable. You can assign this permission to any role.
At least one System Administrator must be available to reconfigure user roles. Therefore, we recommend that you do not assign the Read-Only permission to the default Administrator and API users.
Action: | Allows: |
---|---|
|
|
Permission: User
Default roles with these permissions: Administrator
Action: | Allows: | Result of denied permission |
---|---|---|
|
|
|
|
| Users and Clients
|
|
|
|
|
|
|
In the LIMS user interface, the term 'contact' has been replaced with 'client.' However, the API still uses the permission Contact.
All users with ClarityLogin permission can view and edit their own user details (except for assigning/removing roles).
Permission: Contact
Default roles with these permissions: Administrator
Action: | Allows: | Result of denied permission |
---|---|---|
|
|
|
|
Contact:update permission is required to assign permissions to clients. |
|
|
|
This permission does not affect the display of clients in Project and Samples and Sample Accessioning screens. |
|
Clients with associated user details cannot be deleted |
|
In the LIMS user interface, the term 'contact' has been replaced with 'client.' However, the API still uses the permission Contact.
Users with ClarityLogin permission can view and edit their own client and user details.
Clients can edit their own details (except for assigning/removing roles) without having update permission.
Permission: Process
Default roles with these permissions: Administrator
Action: | Allows: | Result of denied permission |
---|---|---|
|
|
|
|
|
|
|
|
|
In the LIMS user interface, the term 'process' has been replaced with 'master step.' However, the API still uses the permission Process.
Permission: OverviewDashboard
Default roles with this permission: Administrator
Action: | Allows: | Result of denied permission |
---|---|---|
|
|
|
Permission: Configuration
Default roles with this permission: Administrator
Action: | Allows: | Result of denied permission |
---|---|---|
|
|
|
Permission: ReQueueSample
Default roles with this permission: Administrator, Researcher, Collaborator
Allows: | Result of denied permission |
---|---|
| Sample and Container Search
|
Permission: SampleWorkflowAssignment
Default roles with this permission: Administrator, Researcher, Collaborator
Allows: | Result of denied permission |
---|---|
| Sample Management
|
Permission: RemoveSampleFromWorkflow
Default roles with this permission: Administrator
Allows: | Result of denied permission |
---|---|
| Sample Management
|
Permission: MoveToNextStep
Default roles with this permission: Administrator
Allows: | Result of denied permission |
---|---|
| Sample Management
|
Permission: SampleRework
Default roles with this permission: Administrator
Allows: | Result - permission granted |
---|---|
| Sample Management
|
Permission: ReviewEscalatedSamples
Default roles with this permission: Administrator
Allows: | Result - permission granted |
---|---|
| Sample Escalation
|
Permission: ESignatureSigning
Default roles with this permission: Administrator
Allows: | Result of denied permission |
---|---|
| Record Details
|
Permission: CanEditCompletedSteps (LIMS v5.1 and Later)
Default roles with this permission: None
Allows: | Result - permission granted |
---|---|
| Assign Next Steps.
Record Details
|
Modifications are limited to what is available on the Record Details screen for the step.
Details such as sample placement or routing cannot be modified.
Only steps completed after upgrading to LIMS v5.1 can be edited. Steps completed in v5.0 or earlier cannot be edited.
Steps that were executed using the Process API cannot be edited.
For details, see Modify Completed Step Details .
Last updated