Configured Role-Based Permissions
Manage the permissions of the System Administrator, Facility Administrator, Researcher, and Collaborator user roles to restrict or allow the following actions:
Sign in to Clarity LIMS.
Sign in to the API.
View and interact with certain features of the interface.
Perform certain actions in the interface.
View and restrict any actions in the interface. [Clarity LIMS v6.1 and above]
Command-line Permissions Tool
Role-based permissions are controlled through the permissions-tool.jar tool, at /opt/gls/clarity/tools/permissions/.
For assistance with running the command-line permissions tool, contact the Illumina Support team.
Functionality includes the following commands:
listRoles—List all roles in the system.
describeRole—List names and descriptions of all permissions in the system.
createRole—Create a role.
showSummary—List permissions assigned to each role in the system.
listPermissions—List permissions assigned to a specific role.
assignPermission—Assign a permission to a role.
removePermission—Remove a permission from a role.
NOTE: The permissions-tool.jar tool function names and property names are case-sensitive. If you type the incorrect case, your command or property cannot be understood.
There can be a delay (up to 20 minutes) before changes to some API-related permissions take effect.
Supported Commands
listRoles
List all user roles in the system:
describeRole
Show permissions for a specific role:
createRole
Create a role:
showSummary
Show assigned permissions for all roles:
listPermissions
List names and descriptions of all permissions:
assignPermission
Assign a permission to a role (the example assigns permission to create controls):
[Clarity LIMS v6.1 and above] Assign a permission to a role (the example assigns read-only permission to a role):
Refer to Supported Permissions.
removePermission
Remove a permission from a role (the example removes permission to create controls):
Refer to Supported Permissions.
Usage
Options
-a
--apiUri
REST API base URI (ends with "/api/<version>/") Must be completed as: http://<servername>/api/v2/
-p
--password
LIMS password (required)
-u
--username
LIMS sign-in username (required)
Supported Permissions
The sections below list LIMS permissions and actions, and the user roles to which each permission/action is assigned by default.
By default, System Administrators and Facility Administrators have all permissions listed.
Permission: AdministerLabLink
The default role with AdministerLabLink permission is Administrator. This permission is added to the existing System Administrator & Facility Administrator roles.
The Collaborator role is based on the existing Collaborator role in LabLink v1.0.
Note: The existing Researcher role does not have the new permission and behaves similarly to the LabLink Collaborator role.
Action
Permission Required
System Administrator and Facility Administrator
Collaborator
Sign in to LabLink
CollaborationsLogin action
Yes
Yes
Manage Project
Projects create, read, update.
Yes
Yes
Manage Sample
Samples create, read, update.
Yes
Yes
Manage User
Users create, read, update.
Yes
No
Manage Configuration
Configuration update
Yes
No
View the Configuration page
AdministerLabLink
Yes
No
View the User Management page
AdministerLabLink
Yes
No
Permission: ClarityLogin
Default roles with this permission: Administrator, Researcher
Sign in to ClarityLIMS
Access Lab View and Projects and Samples screen
Access Consumables > Reagents configuration tab; view, edit, and delete reagent lots; add lots to existing kits.
Access Consumables > Controls configuration tab and view control details
Access Consumables > Instruments configuration tab; add, edit, delete, and activate instruments; view instrument types.
Sign In screen
Sorry, you do not have permission to sign in to Clarity LIMS.
Permission: APILogin
Access LIMS Rest API
Sign In screen
403 Forbidden error via http://host/api/*
Permission: Project
create
Create project
Modify project details
Modify project custom fields
Projects and Samples
New Project button hidden
View project details (read-only)
Note: No permission is needed to upload files to a project
Update
Modify project details
Projects and Samples
Save button disabled (if delete is permitted)
Button menu hidden (if delete is not permitted)
View project details (read-only)
Delete
Delete project containing no samples.
Delete project containing samples (also requires Sample:delete permission)
Projects and Samples
Delete button disabled (if update is permitted)
Button menu hidden (if update is not permitted)
Permission: Sample
create
Submit/add samples
Upload sample list
Download sample list example
Modify samples.
Projects and Samples
Submit Samples title hidden
Download Example Sample List link hidden
Upload Sample List button hidden
Add Samples button hidden
Modify Samples button renamed Download List
Modify Samples button hidden (sample list)
Sample Management
Sample + button hidden
Update
Modify samples.
Projects and Samples
Modify Samples button renamed Download List
Delete
Delete a submitted sample on Projects and Samples screen, provided no work has been performed on the sample.
Delete a submitted sample in API, provided no work has been performed on the sample.
Projects and Samples
Delete button hidden
403 Forbidden error via http://host/api/sample
The Sample:update permission is automatically granted to roles that have the Sample:create permission at the time of migration to Clarity LIMS v5.x. If you have removed create permissions from any default role, the role does not acquire the update permission.
Permission: Controls
Default roles with these permissions: Administrator
create
Create control samples.
Controls
New Control button hidden
New Control button hidden
Update
Modify control samples.
Archive control samples (requires both update and delete permissions)
Controls
Save button disabled (if delete is permitted)
Button menu hidden (if delete is not permitted)
View control sample details (read-only)
Delete
Delete control samples.
Archive control samples (requires both update and delete permissions)
Controls
Delete button disabled (if update is permitted)
Button menu hidden (if delete is not permitted)
Archived toggle disabled
Users with ClarityLogin permission can access the Consumables > Controls tab and view control sample details (read only).
Permission: ReagentKit
Default roles with these permissions: Administrator
create
Create reagent kits
Reagents
New Reagent Kit button hidden
View reagent kit details (read-only)
Update
Modify reagent kits
Archive reagent kits (requires both update and delete permissions)
Reagents
Save button disabled (if delete is permitted)
Button menu hidden (if delete is not permitted)
View kit details (read-only - except for Status)
Delete
Delete reagent kits
Archive reagent kits (requires both update and delete permissions)
Reagents
Delete button disabled (if update is permitted)
Button menu hidden (if delete is not permitted)
Archived toggle disabled
Users with ClarityLogin permission can access the Consumables > Reagents tab. They can also view, edit, and delete reagent lots, and add lots to existing kits. No additional ReagentKit permissions are required.
Permission: Role
Default roles with these permissions: Administrator
read
View client (researcher/contact) details, including details such as username and roles in API
View users and clients (contacts) on Users and Clients screen
403 Forbidden error via http://host/api/roles
create
Create user roles.
403 Forbidden error via http://host/api/roles
Update
Modify existing user roles.
Add/remove user role permissions
403 Forbidden error via http://host/api/roles
Delete
Delete user roles.
403 Forbidden error via http://host/api/roles
APILogin permission is required for role management. All users with ClarityLogin permissions can view and edit their own user details (except for assigning/removing roles).
Permission: Read-Only [Clarity LIMS v6.1 and above]
Default roles with this permission: Not applicable. You can assign this permission to any role.
At least one System Administrator must be available to reconfigure user roles. Therefore, we recommend that you do not assign the Read-Only permission to the default Administrator and API users.
read
View project and sample details on the Projects & Samples screen
View lab activities, in-progress steps, and steps that are ready to be worked on in Lab View
Permission: User
Default roles with these permissions: Administrator
read
View users and clients on Users and Clients screen
View client details, including details such as username and roles in API
403 Forbidden error via http://host/api/researchers
create
Create users and clients on Users and Clients screen (User:update permission is required to assign permissions to the user)
Send login instructions and password reset emails on Users and Clients screen (either this action or User:update is required)
Create clients in API.
Create user credentials and assign roles in API.
Users and Clients
New User button hidden
View user details (read-only)
403 Forbidden error via http://host/api/researchers
Update
Update users and clients on Users and Clients screen
Send sign in instructions and password reset emails on Users and Clients screen (either this action or User:create is required)
Modify client details in API.
Assign role to user in API.
Remove role from user in API.
Save button disabled (if delete is permitted)
Button menu hidden (if delete is not permitted)
View user/client details (read-only)
403 Forbidden error via http://host/api/researchers
Delete
Delete users and clients on Users and Clients screen.
Delete a client and associated user in API.
Delete button disabled (if update is permitted)
Button menu hidden (if delete is not permitted)
403 Forbidden error via http://host/api/researchers
In the LIMS user interface, the term 'contact' has been replaced with 'client.' However, the API still uses the permission Contact.
All users with ClarityLogin permission can view and edit their own user details (except for assigning/removing roles).
Permission: Contact
Default roles with these permissions: Administrator
read
View clients on Users and Clients screen
View client details in API
403 Forbidden error via http://host/api/researchers
create
Create clients on Users and Clients screen.
Create clients in API.
Contact:update permission is required to assign permissions to clients.
New User button hidden
View user details (read-only)
403 Forbidden error via http://host/api/researchers
Update
Update client details on Users and Clients screen.
Update client details in API.
Assign role to/remove role from client.
403 Forbidden error via http://host/api/researchers
This permission does not affect the display of clients in Project and Samples and Sample Accessioning screens.
Delete
Delete clients in API
Delete clients on Users and Clients screen.
Clients with associated user details cannot be deleted
Delete button disabled (if update is permitted)
Button menu hidden (if delete is not permitted)
403 Forbidden error via http://host/api/researchers
In the LIMS user interface, the term 'contact' has been replaced with 'client.' However, the API still uses the permission Contact.
Users with ClarityLogin permission can view and edit their own client and user details.
Clients can edit their own details (except for assigning/removing roles) without having update permission.
Permission: Process
Default roles with these permissions: Administrator
read
View master steps
403 Forbidden error via http://host/api/roles
create
Create master steps.
403 Forbidden error via http://host/api/roles
Update
Modify master steps.
403 Forbidden error via http://host/api/roles
In the LIMS user interface, the term 'process' has been replaced with 'master step.' However, the API still uses the permission Process.
Permission: OverviewDashboard
Default roles with this permission: Administrator
read
Access the Overview Dashboard
No Dashboards button
Permission: Configuration
Default roles with this permission: Administrator
update
Manage all configuration in the LIMS interface (ClarityLogin permission is also required)
Manage configuration in API (APILogin permission is also required)
403 Forbidden error via any URI that begins with http://host/api/configuration.
Permission: ReQueueSample
Default roles with this permission: Administrator, Researcher, Collaborator
Requeue a sample in sample search.
Requeue a sample in container search.
Sample and Container Search
Requeue button hidden.
Permission: SampleWorkflowAssignment
Default roles with this permission: Administrator, Researcher, Collaborator
Assign sample to workflow from Projects and Samples screen.
Sample Management
Sample cannot be dragged into workflow widgets.
Workflow selection widget hidden
Workflow lozenge Remove button hidden
Delete workflow button hidden.
Permission: RemoveSampleFromWorkflow
Default roles with this permission: Administrator
Remove sample from queue.
Remove sample from workflow.
Sample Management
Remove from this queue option hidden (if Move to next step is permitted)
Options button hidden (if Move to next step is not permitted)
Permission: MoveToNextStep
Default roles with this permission: Administrator
Move sample to next step in workflow
Sample Management
Move to the next step option hidden (if Remove from this queue is permitted)
Options button hidden (if Remove from this queue is not permitted)
Permission: SampleRework
Default roles with this permission: Administrator
Rework a sample from a previous step.
Sample Management
In Select the next step of the sample drop-down list, Rework from an earlier step option displays.
On Protocol Step Results screen, a button displays to allow the sample to be reworked from an earlier step.
Permission: ReviewEscalatedSamples
Default roles with this permission: Administrator
Review escalated samples.
Sample Escalation
Enter Review Comment box enabled.
Permission: ESignatureSigning
Default roles with this permission: Administrator
Sign an eSignature on step completion.
Record Details
Error message in e-Signature popup
Permission: CanEditCompletedSteps (LIMS v5.1 and Later)
Default roles with this permission: None
Edit button when viewing a completed step.
Select button to edit completed step details on Record Details screen.
Assign Next Steps.
Edit button displays.
Record Details
After clicking Edit button, Record Details fields are editable, as applicable/permitted.
Modifications are limited to what is available on the Record Details screen for the step.
Details such as sample placement or routing cannot be modified.
Only steps completed after upgrading to LIMS v5.1 can be edited. Steps completed in v5.0 or earlier cannot be edited.
Steps that were executed using the Process API cannot be edited.
For details, see Modify Completed Step Details .
Last updated