Clarity LIMS users are assigned roles. These roles control permissions and the ability to:
Access certain Clarity LIMS features.
Perform certain actions.
Sign in to the Clarity LIMS interfaces.
In a typical LIMS lab environment, there are four primary user roles:
The following sections describe the default permissions of the four primary user roles. Some user role permissions are configurable (see Configured Role-Based Permissions).
By default, both the System Administrator and Facility Administrator user roles have access to:
All configuration areas of the Clarity LIMS web interface, allowing them to:
Add and configure workflows, protocols, and steps.
Add consumables—reagents, controls, instruments, reagent labels, containers.
Add and configure custom fields.
Add and configure automations.
Supervisory and lab management functions in the Clarity LIMS web interface, allowing them to:
Review escalations.
Remove samples from workflows.
Move samples into the next step in a workflow.
Access the Overview and Projects dashboards.
User management, allowing them to:
Create, modify, and delete user accounts.
Modify user roles and permissions.
Approve access requests from external collaborators.
The Researcher role is typically assigned to the laboratory scientist. By default, individuals who are assigned this user role are able to:
Log in to Clarity LIMS.
Access Lab View.
Manage and work with samples contained in all projects in the system.
Edit their own user profiles—ie, they can change their own passwords and other profile information.
Access three Consumables configuration areas: Reagents, Controls, and Instruments, and do the following.
View reagent kits and add new reagent lots to those kits (researchers cannot create reagent kits).
View controls.
View instrument types and add new instruments to those instrument types (researchers cannot create instrument types).
Reactivate expired (archived) instruments by resetting the expiration date.
The Collaborator role is assigned to external collaborators who interact with Clarity LIMS using the LabLink Interface.
The Collaborator role is supported in v5.3 and later. It is not supported in v5.0.x to v5.2.x.
An external person can request a user ID through LabLink. By default, when the request is approved by an administrator, the collaborator is able to:
Sign in to LabLink.
Create, view, and delete projects. (Collaborators are automatically given full permissions to projects they create.)
Submit samples to projects, and delete samples from projects.
By default, collaborators do not have access to the main Clarity LIMS web interface.
This section describes how to update some of the details associated with your profile, including your password, email address, and profile photo.
After signing into Clarity LIMS, you can update some of the details associated with your profile, including your password, email address, and profile photo.
If the user is an LDAP or PAS account, then you cannot update the profile in Clarity LIMS.
In Clarity LIMS, at the right of the menu bar, select your username and then select Profile.
The Profile page opens, displaying the details associated with your user profile.
On this page, you can:
Change your password.
Change your email address.
Upload an image to associate with your profile.
On the Sign In screen, click the Forgot your password link.
In the Reset Your Password screen, enter your username or email address and click Submit.
This section describes two tasks that Clarity LIMS administrators are often required to perform:
Temporarily prevent a user from logging in by archiving the user.
Email a link to a user that allows them to reset their Clarity LIMS password.
While Clarity LIMS does not enforce password changes, for best practice and security, we recommend that user passwords are changed frequently.
On the main menu, select Configuration.
Select User Management.
Select the Users tab to see a list of all current active and archived users in the system, categorized by role.
Select the user to archive.
The details for the selected user display in the User Details area on the right. The Status slider displays the current status of the user.
Select Archived to temporarily archive the user.
Select Save.
By default, every new user created in Clarity LIMS is an active user and can sign in to Clarity LIMS with their username and password.
On the main menu, select Configuration.
Select User Management.
Select the Users tab to see a list of all current active and archived users in the system.
Select the user whose password is to be reset.
The details for the selected user display in the User Details area on the right.
Select Login and Password and select Reset password.
This sends the user a link that allows them to reset their password.
NOTE: The new password must satisfy the following requirements:
Contain at least 12 characters
Contain at least one special character (# $ % ? ! @, etc.)
Contain at least one number
Contain at least one lowercase letter
Contain at least one uppercase letter
The Send login instructions option sends the user the following information:
The URL for the login screen.
Instructions on how to set their login password.
This email is sent automatically when a new user is created, but you may occasionally need to resend it.
The User Management configuration screen allows for viewing and managing users, clients, and accounts.
Users are the individuals who have access to the Clarity LIMS interface. Because each step in Clarity LIMS is associated with a user, you can make use of user profiles to track the work moving through your lab. While users are associated with the steps they perform as part of a project, they are not directly associated with that project—unless they are assigned as the project client.
Clients are directly associated with projects in Clarity LIMS. When you create a project, you must associate it with a client. Clients differ from users in that they are not able to log in and access the Clarity LIMS web interface. They are typically external collaborators or customers who submit samples to the lab.
Accounts must be directly associated with projects, users, and clients that are created in Clarity LIMS.
NOTE: Viewing user/client/account details, and adding, modifying, and deleting users/clients/accounts are role-based permissions. For more information, see Configured Role-Based Permissions.
This section describes how to add and manage users and clients in Clarity LIMS.
When creating users, keep the following in mind:
The username must be unique among active users in the system. This is validated when you save the user details.
If the username is already associated with an existing user, an error message displays and you are not be able to save the new user profile.
All users must provide their email address and reset their password upon upgrading their software to v5.4 (or later).
From User Management, select the Users tab.
Select inside the Role field to display a drop-down list of roles:
Select the role to assign to this user.
To remove a role from this field, select the X to the left of the role name.
[Optional] Enter a title, phone number, and fax number for the user.
Select Save.
An invitation email is automatically sent to the user. This email includes the login screen URL and information on how to set the login password. You may resend the login instructions email at any time (see #modify-user-details).
The user displays in the Users list.
[Optional] By default, the status of a new user is set to Active, which means that they can log in to Clarity LIMS. To temporarily prevent a user from logging in, change this setting by selecting Archived. (See also Manage User Access)
From User Management, select the Users tab.
Select the user to modify.
In the User Details area, modify the details as required. If you change the username, a password reset email is sent automatically to the user.
Select Login and Password to access the following options:
Send login instructions—Choose this option to re-send the user the login screen URL and information on how to set their login password.
Reset password—Choose this option to send the user a link that allows them to reset their login password (see Manage User Access).
Select Save.
From User Management, select the Users tab.
Select the user to delete.
In the User Details area, select Delete.
When deleting users, keep the following in mind:
You cannot delete a user if that user has logged in to Clarity LIMS.
You cannot delete a user if that user is associated with a project (eg, the user is the project client).
Deleting a user removes them from Clarity LIMS. You may instead prefer to archive the user or temporarily remove their access to the system. For details, see Manage User Access.
When adding new clients, each client must be a unique entry in the LIMS.
From User Management, select the Clients tab.
Select New Client.
In the Client Details area, complete the following required information:
Enter the first name and last name of the client.
Select inside the Account field and select the client account from the drop-down list.
Enter the client email address.
[Optional] Enter client title, phone number, and fax number.
Select Save.
The user displays in the Clients list, under their account name.
A client cannot be deleted if that client is associated with a project.
From User Management, select the Clients tab.
Select the client to delete.
In the Client Details area, select Delete.
Accounts are the organizations with which a facility conducts business. In the Clarity LIMS Projects and Samples screen, select the existing account from the Account drop-down list to associate projects and samples with it.
To create a new account, type directly into the Account field.
For Clarity LIMS v6.2 and later, you can also create a new account through the Accounts section of the User Management tab that is under Configuration.
From Configuration, select the User Management tab.
Select the Accounts tab.
In the Account Details area, select New Account.
Type a name for the account and complete any other applicable fields (eg, Billing Address).
Select Save.
From Configuration, select the User Management tab.
Select the Accounts tab.
In the Accounts list, select the account that you want to modify.
In the Account Details area, update the fields that need to be modified.
Select Save.
From Configuration, select the User Management tab.
Select the Accounts tab.
In the Accounts list, select the account that you want to delete.
Select Delete.
You cannot delete an account that is associated with a user or project.
Manage the permissions of the System Administrator, Facility Administrator, Researcher, and Collaborator user roles to restrict or allow the following actions:
Sign in to Clarity LIMS.
Sign in to the API.
View and interact with certain features of the interface.
Perform certain actions in the interface.
View and restrict any actions in the interface. [Clarity LIMS v6.1 and above]
NOTE: You can use System Settings to configure role-based permission in Clarity LIMS v6.3. For details, see #roles-and-permissions-management.
Role-based permissions are controlled through the permissions-tool.jar tool, at /opt/gls/clarity/tools/permissions/.
For assistance with running the command-line permissions tool, contact the Illumina Support team.
Functionality includes the following commands:
#listroles—List all roles in the system.
#describerole—List names and descriptions of all permissions in the system.
#createrole—Create a role.
#showsummary—List permissions assigned to each role in the system.
#listpermissions—List permissions assigned to a specific role.
#assignpermission—Assign a permission to a role.
#removepermission—Remove a permission from a role.
NOTE: The permissions-tool.jar tool function names and property names are case-sensitive. If you type the incorrect case, your command or property cannot be understood.
There can be a delay (up to 20 minutes) before changes to some API-related permissions take effect.
List all user roles in the system:
Show permissions for a specific role:
Create a role:
Show assigned permissions for all roles:
List names and descriptions of all permissions:
Assign a permission to a role (the example assigns permission to create controls):
[Clarity LIMS v6.1 and above] Assign a permission to a role (the example assigns read-only permission to a role):
Refer to #supported-permissions.
Remove a permission from a role (the example removes permission to create controls):
Refer to #supported-permissions.
The sections below list LIMS permissions and actions, and the user roles to which each permission/action is assigned by default.
By default, System Administrators and Facility Administrators have all permissions listed.
The default role with AdministerLabLink permission is Administrator. This permission is added to the existing System Administrator & Facility Administrator roles.
The Collaborator role is based on the existing Collaborator role in LabLink v1.0.
Note: The existing Researcher role does not have the new permission and behaves similarly to the LabLink Collaborator role.
Default roles with this permission: Administrator, Researcher
The Sample:update permission is automatically granted to roles that have the Sample:create permission at the time of migration to Clarity LIMS v5.x. If you have removed create permissions from any default role, the role does not acquire the update permission.
Default roles with these permissions: Administrator
Users with ClarityLogin permission can access the Consumables > Controls tab and view control sample details (read only).
Default roles with these permissions: Administrator
Users with ClarityLogin permission can access the Consumables > Reagents tab. They can also view, edit, and delete reagent lots, and add lots to existing kits. No additional ReagentKit permissions are required.
Default roles with these permissions: Administrator
APILogin permission is required for role management. All users with ClarityLogin permissions can view and edit their own user details (except for assigning/removing roles).
Default roles with this permission: Not applicable. You can assign this permission to any role.
At least one System Administrator must be available to reconfigure user roles. Therefore, we recommend that you do not assign the Read-Only permission to the default Administrator and API users.
Default roles with these permissions: Administrator
In the LIMS user interface, the term 'contact' has been replaced with 'client.' However, the API still uses the permission Contact.
All users with ClarityLogin permission can view and edit their own user details (except for assigning/removing roles).
Default roles with these permissions: Administrator
In the LIMS user interface, the term 'contact' has been replaced with 'client.' However, the API still uses the permission Contact.
Users with ClarityLogin permission can view and edit their own client and user details.
Clients can edit their own details (except for assigning/removing roles) without having update permission.
Default roles with these permissions: Administrator
In the LIMS user interface, the term 'process' has been replaced with 'master step.' However, the API still uses the permission Process.
Default roles with this permission: Administrator
Default roles with this permission: Administrator
Default roles with this permission: Administrator, Researcher, Collaborator
Default roles with this permission: Administrator, Researcher, Collaborator
Default roles with this permission: Administrator
Default roles with this permission: Administrator
Default roles with this permission: Administrator
Default roles with this permission: Administrator
Default roles with this permission: Administrator
Default roles with this permission: None
Modifications are limited to what is available on the Record Details screen for the step.
Details such as sample placement or routing cannot be modified.
Only steps completed after upgrading to LIMS v5.1 can be edited. Steps completed in v5.0 or earlier cannot be edited.
Steps that were executed using the Process API cannot be edited.
For details, see Modifying Completed Step Details.
| Action | Permission Required | System Administrator and Facility Administrator | Collaborator |
|---|---|---|---|
| Allows: | Result of denied permission |
|---|---|
| Allows: | Result of denied permission |
|---|---|
| Action: | Allows: | Result of denied permission |
|---|---|---|
| Action: | Allows: | Result of denied permission |
|---|---|---|
| Action: | Allows: | Result of denied permission |
|---|---|---|
| Action: | Allows: | Result of denied permission |
|---|---|---|
| Action: | Allows: | Result of denied permission |
|---|---|---|
| Action: | Allows: |
|---|---|
| Action: | Allows: | Result of denied permission |
|---|---|---|
| Action: | Allows: | Result of denied permission |
|---|---|---|
| Action: | Allows: | Result of denied permission |
|---|---|---|
| Action: | Allows: | Result of denied permission |
|---|---|---|
| Action: | Allows: | Result of denied permission |
|---|---|---|
| Allows: | Result of denied permission |
|---|---|
| Allows: | Result of denied permission |
|---|---|
| Allows: | Result of denied permission |
|---|---|
| Allows: | Result of denied permission |
|---|---|
| Allows: | Result - permission granted |
|---|---|
| Allows: | Result - permission granted |
|---|---|
| Allows: | Result of denied permission |
|---|---|
| Allows: | Result - permission granted |
|---|---|
-a
--apiUri
REST API base URI (ends with "/api/<version>/") Must be completed as: http://<servername>/api/v2/
-p
--password
LIMS password (required)
-u
--username
LIMS sign-in username (required)
Sign in to LabLink
CollaborationsLogin action
Yes
Yes
Manage Project
Projects create, read, update.
Yes
Yes
Manage Sample
Samples create, read, update.
Yes
Yes
Manage User
Users create, read, update.
Yes
No
Manage Configuration
Configuration update
Yes
No
View the Configuration page
AdministerLabLink
Yes
No
View the User Management page
AdministerLabLink
Yes
No
Sign in to ClarityLIMS
Access Lab View and Projects and Samples screen
Access Consumables > Reagents configuration tab; view, edit, and delete reagent lots; add lots to existing kits.
Access Consumables > Controls configuration tab and view control details
Access Consumables > Instruments configuration tab; add, edit, delete, and activate instruments; view instrument types.
Sign In screen
Sorry, you do not have permission to sign in to Clarity LIMS.
Access LIMS Rest API
Sign In screen
403 Forbidden error via http://host/api/*
create
Create project
Modify project details
Modify project custom fields
Projects and Samples
New Project button hidden
View project details (read-only)
Note: No permission is needed to upload files to a project
Update
Modify project details
Projects and Samples
Save button disabled (if delete is permitted)
Button menu hidden (if delete is not permitted)
View project details (read-only)
Delete
Delete project containing no samples.
Delete project containing samples (also requires Sample:delete permission)
Projects and Samples
Delete button disabled (if update is permitted)
Button menu hidden (if update is not permitted)
create
Submit/add samples
Upload sample list
Download sample list example
Modify samples.
Projects and Samples
Submit Samples title hidden
Download Example Sample List link hidden
Upload Sample List button hidden
Add Samples button hidden
Modify Samples button renamed Download List
Modify Samples button hidden (sample list)
Sample Management
Sample + button hidden
Update
Modify samples.
Projects and Samples
Modify Samples button renamed Download List
Delete
Delete a submitted sample on Projects and Samples screen, provided no work has been performed on the sample.
Delete a submitted sample in API, provided no work has been performed on the sample.
Projects and Samples
Delete button hidden
403 Forbidden error via http://host/api/sample
create
Create control samples.
Controls
New Control button hidden
New Control button hidden
Update
Modify control samples.
Archive control samples (requires both update and delete permissions)
Controls
Save button disabled (if delete is permitted)
Button menu hidden (if delete is not permitted)
View control sample details (read-only)
Delete
Delete control samples.
Archive control samples (requires both update and delete permissions)
Controls
Delete button disabled (if update is permitted)
Button menu hidden (if delete is not permitted)
Archived toggle disabled
create
Create reagent kits
Reagents
New Reagent Kit button hidden
View reagent kit details (read-only)
Update
Modify reagent kits
Archive reagent kits (requires both update and delete permissions)
Reagents
Save button disabled (if delete is permitted)
Button menu hidden (if delete is not permitted)
View kit details (read-only - except for Status)
Delete
Delete reagent kits
Archive reagent kits (requires both update and delete permissions)
Reagents
Delete button disabled (if update is permitted)
Button menu hidden (if delete is not permitted)
Archived toggle disabled
read
View client (researcher/contact) details, including details such as username and roles in API
View users and clients (contacts) on Users and Clients screen
403 Forbidden error via http://host/api/roles
create
Create user roles.
403 Forbidden error via http://host/api/roles
Update
Modify existing user roles.
Add/remove user role permissions
403 Forbidden error via http://host/api/roles
Delete
Delete user roles.
403 Forbidden error via http://host/api/roles
read
View project and sample details on the Projects & Samples screen
View lab activities, in-progress steps, and steps that are ready to be worked on in Lab View
read
View users and clients on Users and Clients screen
View client details, including details such as username and roles in API
403 Forbidden error via http://host/api/researchers
create
Create users and clients on Users and Clients screen (User:update permission is required to assign permissions to the user)
Send login instructions and password reset emails on Users and Clients screen (either this action or User:update is required)
Create clients in API.
Create user credentials and assign roles in API.
Users and Clients
New User button hidden
View user details (read-only)
403 Forbidden error via http://host/api/researchers
Update
Update users and clients on Users and Clients screen
Send sign in instructions and password reset emails on Users and Clients screen (either this action or User:create is required)
Modify client details in API.
Assign role to user in API.
Remove role from user in API.
Save button disabled (if delete is permitted)
Button menu hidden (if delete is not permitted)
View user/client details (read-only)
403 Forbidden error via http://host/api/researchers
Delete
Delete users and clients on Users and Clients screen.
Delete a client and associated user in API.
Delete button disabled (if update is permitted)
Button menu hidden (if delete is not permitted)
403 Forbidden error via http://host/api/researchers
read
View clients on Users and Clients screen
View client details in API
403 Forbidden error via http://host/api/researchers
create
Create clients on Users and Clients screen.
Create clients in API.
Contact:update permission is required to assign permissions to clients.
New User button hidden
View user details (read-only)
403 Forbidden error via http://host/api/researchers
Update
Update client details on Users and Clients screen.
Update client details in API.
Assign role to/remove role from client.
403 Forbidden error via http://host/api/researchers
This permission does not affect the display of clients in Project and Samples and Sample Accessioning screens.
Delete
Delete clients in API
Delete clients on Users and Clients screen.
Clients with associated user details cannot be deleted
Delete button disabled (if update is permitted)
Button menu hidden (if delete is not permitted)
403 Forbidden error via http://host/api/researchers
read
View master steps
403 Forbidden error via http://host/api/roles
create
Create master steps.
403 Forbidden error via http://host/api/roles
Update
Modify master steps.
403 Forbidden error via http://host/api/roles
read
Access the Overview Dashboard
No Dashboards button
update
Manage all configuration in the LIMS interface (ClarityLogin permission is also required)
Manage configuration in API (APILogin permission is also required)
403 Forbidden error via any URI that begins with http://host/api/configuration.
Requeue a sample in sample search.
Requeue a sample in container search.
Sample and Container Search
Requeue button hidden.
Assign sample to workflow from Projects and Samples screen.
Sample Management
Sample cannot be dragged into workflow widgets.
Workflow selection widget hidden
Workflow lozenge Remove button hidden
Delete workflow button hidden.
Remove sample from queue.
Remove sample from workflow.
Sample Management
Remove from this queue option hidden (if Move to next step is permitted)
Options button hidden (if Move to next step is not permitted)
Move sample to next step in workflow
Sample Management
Move to the next step option hidden (if Remove from this queue is permitted)
Options button hidden (if Remove from this queue is not permitted)
Rework a sample from a previous step.
Sample Management
In Select the next step of the sample drop-down list, Rework from an earlier step option displays.
On Protocol Step Results screen, a button displays to allow the sample to be reworked from an earlier step.
Review escalated samples.
Sample Escalation
Enter Review Comment box enabled.
Sign an eSignature on step completion.
Record Details
Error message in e-Signature popup
Edit button when viewing a completed step.
Select button to edit completed step details on Record Details screen.
Assign Next Steps.
Edit button displays.
Record Details
After clicking Edit button, Record Details fields are editable, as applicable/permitted.