User Roles and Permissions: Difference between revisions
From Network for Advanced NMR
Jump to navigationJump to search
Mmaciejewski (talk | contribs) |
Mmaciejewski (talk | contribs) |
||
| (8 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
== | == NAN Users and NMRbox Users and NMRhub Users—Oh My! == | ||
* [https://nmrbox.nmrhub.org/ NMRbox] and NAN were both developed at [https://health.uconn.edu/ UConn Health] and operate on shared computational resources hosted by the [https://health.uconn.edu/high-performance-computing/ HPC facility]. NMRbox has served the NMR community for over a decade, during which users had '''NMRbox''' accounts. | |||
* With the introduction of NAN, we wanted to avoid '''YAUA''' — ''Yet Another User Account''. To streamline access, we created the '''[https://nmrhub.org/ NMRhub]''' landing site, which provides links to all computational resources hosted at UConn Health. At the same time, we rebranded NMRbox accounts as '''NMRhub users'''. | |||
* As a result, there is no functional difference between a NAN user and an NMRbox user — throughout the documentation, the terms '''NAN user''' and '''NMRhub user''' are used interchangeably. | |||
<big>'''The Role of Vetted PIs'''</big> | |||
A key change introduced with NAN was the concept of '''vetted PIs''' and the formal linking of users to PI-led lab groups. Previously, users self-declared their roles (e.g., PI, graduate student), but these designations were not verified. | |||
Because '''dataset ownership in NAN is PI-based''', we added mechanisms for: | |||
* Users to update their account and request '''PI status''' | |||
* The NAN team to verify and approve PI status | |||
* Users to request access to a PI's lab group, which must be approved by the PI or their delegate | |||
<big>'''Seamless Access Through SSO'''</big> | |||
We have implemented '''Single Sign-On (SSO)''' across all NMRhub resources — including '''NMRbox''', '''NAN''', '''[https://nuscon.org/home NUScon]''', and the '''virtual NAN Operations Center''' — to enable seamless navigation and access across the ecosystem. | |||
== Public User == | |||
A user who is not authenticated with an NMRhub account. | A user who is not authenticated with an NMRhub account. | ||
They have view-only access to: | They have view-only access to: | ||
* The '''[[Resource Connector]]''' (lists facilities, instruments, configurations, searchable by services) | * The '''[[Resource Connector]]''' (lists facilities, instruments, configurations, searchable by services) | ||
* The '''Knowledgebase''' (introductory content on how NMR can be used in research) | * The '''[[Knowledgebases|Knowledgebase]]''' (introductory content on how NMR can be used in research) | ||
* The '''Vignette Library''' (summaries of papers using NMR) | * The '''[[Vignette Library]]''' (summaries of papers using NMR) | ||
* The '''Materials Periodic Table''' (isotope-specific NMR attributes) | * The '''[[Materials Periodic Table]]''' (isotope-specific NMR attributes) | ||
* All '''Public Datasets''' including those in the Knowledgebase | * All '''[[Public and Publishing|Public Datasets]]''' including those in the Knowledgebase | ||
* '''Published Collections''' | * '''[[Public and Publishing|Published Collections]]''' | ||
* The '''[https://usnan.nmrhub.org/operations/kibana-public Public View]''' of the Virtual NAN Operations Center (vNOC) | * The '''[https://usnan.nmrhub.org/operations/kibana-public Public View]''' of the Virtual NAN Operations Center (vNOC) | ||
== | == Standard NAN User == | ||
An authenticated user with an NMRhub account. | An authenticated user with an NMRhub account. | ||
They have access to: | They have access to: | ||
* All Public User content | * All Public User content | ||
* '''Dataset, Sample, and Collection Browsers''' (for data they have permission to see) | * '''[[Data Browser|Dataset, Sample, and Collection Browsers]]''' (for data they have permission to see) | ||
* The ability to '''reassign datasets''' to other lab members for 3 months after harvesting | * The ability to '''reassign datasets''' to other lab members for 3 months after harvesting | ||
* '''UHF Access''' (view/submit requests if granted by their PI) | * '''[[UHF Access]]''' (view/submit requests if granted by their PI) | ||
* '''My Permissions''' (shows what permissions their PI has granted) | * [[Data Browser#My Permissions|'''My Permissions''']] (shows what permissions their PI has granted) | ||
* The | * The [https://usnan.nmrhub.org/operations/kibana-user '''User Dashboard'''] of vNOC | ||
* The ability to create '''Literature Vignettes''' | * The ability to create '''[[Vignette Library|Literature Vignettes]]''' | ||
== | == Principal Investigator (PI) == | ||
Includes everything a standard NAN User sees, plus: | Includes everything a standard NAN User sees, plus: | ||
* Access to '''[[Lab Administration]]''' for: | * Access to '''[[Lab Administration]]''' for: | ||
| Line 35: | Line 50: | ||
* Ability to create '''Literature Vignettes''' | * Ability to create '''Literature Vignettes''' | ||
== | == PI Delegate == | ||
A lab-group member designated by the PI with delegate permissions. | A lab-group member designated by the PI with delegate permissions. | ||
| Line 42: | Line 57: | ||
* All actions are performed as the PI once switched | * All actions are performed as the PI once switched | ||
== '''Facility Manager | == Facility Staff == | ||
Each facility must have at least one staff member assigned when it is created. Facility staff are defined on the Facility Information page (viewable only by users with edit rights). Staff with the '''''Roles''''' of '''Administrator''', '''Director''', or '''Facility Manager''' have special privileges, including the ability to edit facility information, manage users, and access all data harvested by NDTS from the facility, as described below. | |||
Users may hold more than one role: '''Administrator''', '''Director''', Engineer, '''Facility Manager''', Researcher, Technician, or Approver. Users who are '''NOT''' listed as an Administrator, Director, or Facility Manager do not have special privileges beyond being recognized as facility staff. | |||
Users assigned the roles of Administrator, Director, or Facility Manager have: | |||
* Access to the '''[[Facility Dashboards|Facility Dashboard]]''' to: | |||
* Access to the '''[[Facility Dashboards|Facility Dashboard]]''' | ** Edit facility, instrument, and probe details | ||
** | ** Manage users and instrument records | ||
** | ** Download NDTS software | ||
** | * Real-time updates to the portal based on dashboard changes | ||
* Real-time updates to the portal based on dashboard changes | * Unrestricted access to all datasets collected within their facility | ||
* Unrestricted access to all datasets collected within their facility | * Ability to '''reassign''' or '''purge''' datasets collected within their facility | ||
* Ability to '''reassign''' or '''purge datasets collected within their facility | * Access to the '''[https://usnan.nmrhub.org/operations/kibana-fm Facility Dashboard]''' of vNOC | ||
* | |||
== | == Knowledgebase / Website Content Provider == | ||
A NAN user with content editing privileges. | A NAN user with content editing privileges. | ||
| Line 63: | Line 82: | ||
* Edit any page with built-in content management tools on the portal | * Edit any page with built-in content management tools on the portal | ||
== | == UHF Reviewer == | ||
A user added to the reviewer pool for Ultra-High Field (UHF) requests. | A user added to the reviewer pool for Ultra-High Field (UHF) requests. | ||
* All PIs from labs with access to 1.1 GHz instruments are automatically added | * All PIs from labs with access to 1.1 GHz instruments are automatically added | ||
== | == UHF Administrator == | ||
A privileged user who helps run the UHF system. | A privileged user who helps run the UHF system. | ||
| Line 74: | Line 93: | ||
* Assists the UHF Operations Committee and current cycle chair | * Assists the UHF Operations Committee and current cycle chair | ||
== | == UHF Operations Committee Member == | ||
A user with broad oversight of UHF review activities. | A user with broad oversight of UHF review activities. | ||
Latest revision as of 14:46, 31 July 2025
NAN Users and NMRbox Users and NMRhub Users—Oh My!
- NMRbox and NAN were both developed at UConn Health and operate on shared computational resources hosted by the HPC facility. NMRbox has served the NMR community for over a decade, during which users had NMRbox accounts.
- With the introduction of NAN, we wanted to avoid YAUA — Yet Another User Account. To streamline access, we created the NMRhub landing site, which provides links to all computational resources hosted at UConn Health. At the same time, we rebranded NMRbox accounts as NMRhub users.
- As a result, there is no functional difference between a NAN user and an NMRbox user — throughout the documentation, the terms NAN user and NMRhub user are used interchangeably.
The Role of Vetted PIs
A key change introduced with NAN was the concept of vetted PIs and the formal linking of users to PI-led lab groups. Previously, users self-declared their roles (e.g., PI, graduate student), but these designations were not verified.
Because dataset ownership in NAN is PI-based, we added mechanisms for:
- Users to update their account and request PI status
- The NAN team to verify and approve PI status
- Users to request access to a PI's lab group, which must be approved by the PI or their delegate
Seamless Access Through SSO
We have implemented Single Sign-On (SSO) across all NMRhub resources — including NMRbox, NAN, NUScon, and the virtual NAN Operations Center — to enable seamless navigation and access across the ecosystem.
Public User
A user who is not authenticated with an NMRhub account.
They have view-only access to:
- The Resource Connector (lists facilities, instruments, configurations, searchable by services)
- The Knowledgebase (introductory content on how NMR can be used in research)
- The Vignette Library (summaries of papers using NMR)
- The Materials Periodic Table (isotope-specific NMR attributes)
- All Public Datasets including those in the Knowledgebase
- Published Collections
- The Public View of the Virtual NAN Operations Center (vNOC)
Standard NAN User
An authenticated user with an NMRhub account.
They have access to:
- All Public User content
- Dataset, Sample, and Collection Browsers (for data they have permission to see)
- The ability to reassign datasets to other lab members for 3 months after harvesting
- UHF Access (view/submit requests if granted by their PI)
- My Permissions (shows what permissions their PI has granted)
- The User Dashboard of vNOC
- The ability to create Literature Vignettes
Principal Investigator (PI)
Includes everything a standard NAN User sees, plus:
- Access to Lab Administration for:
- Creating and managing Projects
- Adding funding sources
- Managing lab users and permissions
- The PI Dashboard of vNOC (summary of lab-wide data)
- Ability to create Literature Vignettes
PI Delegate
A lab-group member designated by the PI with delegate permissions.
- Can switch into the PI account to perform actions on their behalf (like the su command in Linux)
- Does not have PI privileges in their own account directly
- All actions are performed as the PI once switched
Facility Staff
Each facility must have at least one staff member assigned when it is created. Facility staff are defined on the Facility Information page (viewable only by users with edit rights). Staff with the Roles of Administrator, Director, or Facility Manager have special privileges, including the ability to edit facility information, manage users, and access all data harvested by NDTS from the facility, as described below.
Users may hold more than one role: Administrator, Director, Engineer, Facility Manager, Researcher, Technician, or Approver. Users who are NOT listed as an Administrator, Director, or Facility Manager do not have special privileges beyond being recognized as facility staff.
Users assigned the roles of Administrator, Director, or Facility Manager have:
- Access to the Facility Dashboard to:
- Edit facility, instrument, and probe details
- Manage users and instrument records
- Download NDTS software
- Real-time updates to the portal based on dashboard changes
- Unrestricted access to all datasets collected within their facility
- Ability to reassign or purge datasets collected within their facility
- Access to the Facility Dashboard of vNOC
Knowledgebase / Website Content Provider
A NAN user with content editing privileges.
They can:
- Create and edit Knowledgebase content
- Assign datasets as KB Datasets
- Edit any page with built-in content management tools on the portal
UHF Reviewer
A user added to the reviewer pool for Ultra-High Field (UHF) requests.
- All PIs from labs with access to 1.1 GHz instruments are automatically added
UHF Administrator
A privileged user who helps run the UHF system.
- Has full access to manage UHF requests
- Assists the UHF Operations Committee and current cycle chair
UHF Operations Committee Member
A user with broad oversight of UHF review activities.
They can:
- Manage and review UHF requests
- Assign reviewers
- Modify user roles and expertise areas
- Change the status of UHF requests
- One member serves as the Chair for each review cycle
