User Roles and Permissions: Difference between revisions

From Network for Advanced NMR
Jump to navigationJump to search
← Older edit
VisualWikitext
Mtest (talk | contribs)
14 edits
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== NAN users and NMRbox users and NMRhub users—oh my! ==
NMRbox and NAN were both developed at UConn Health on shared computational resources operating out of the HPC facility. NMRbox has been utilized by the NMR community for over a decade and users had "NMRbox" accounts. With the introduction of NAN we did not want YAUA—Yet Another User Account. We decided to create the NMRhub landing space with links to the computational resources hosted at UConn Health and rebranded NMRbox users as NMRhub users. Thus, there is no difference between a NAN user or NMRbox user and we call them "NMRhub users". Throughout the wiki documentation the terms NAN user and NMRhub user are used interchangeably.
One key change in NMRhub user accounts was made with the introduction of NAN and that was the concept of vetted PIs and the linking of users to PIs. In the past we let users self-declare if they were a PI, graduate student, etc., but those designations were not vetted. As dataset ownership in NAN is based on PIs we added the ability for users to update their accounts and request PI status. We verify the PI status and then approve the change to the account. We also created the ability for users to request access to a PIs lab-group which must be approved by the PI or their delegate.
We have implemented SSO across NMRhub resources (NMRbox, NAN, NUScon, NMRhub, and the NAN virtual NAN operations center) for seamless navigation between them.
== NAN Users and NMRbox Users and NMRhub Users—Oh My! ==
== NAN Users and NMRbox Users and NMRhub Users—Oh My! ==


NMRbox and NAN were both developed at UConn Health and operate on shared computational resources hosted by the HPC facility. NMRbox has served the NMR community for over a decade, during which users had '''NMRbox''' accounts.
* [https://nmrbox.nmrhub.org/ NMRbox] and NAN were both developed at [https://health.uconn.edu/ UConn Health] and operate on shared computational resources hosted by the [https://health.uconn.edu/high-performance-computing/ HPC facility]. NMRbox has served the NMR community for over a decade, during which users had '''NMRbox''' accounts.
* With the introduction of NAN, we wanted to avoid '''YAUA''' — ''Yet Another User Account''. To streamline access, we created the '''[https://nmrhub.org/ NMRhub]''' landing site, which provides links to all computational resources hosted at UConn Health. At the same time, we rebranded NMRbox accounts as '''NMRhub users'''.
* As a result, there is no functional difference between a NAN user and an NMRbox user — throughout the documentation, the terms '''NAN user''' and '''NMRhub user''' are used interchangeably.


With the introduction of NAN, we wanted to avoid '''YAUA''' — ''Yet Another User Account''. To streamline access, we created the '''NMRhub''' landing site, which provides links to all computational resources hosted at UConn Health. At the same time, we rebranded NMRbox accounts as '''NMRhub users'''.
<big>'''The Role of Vetted PIs'''</big>
 
As a result, there is no functional difference between a NAN user and an NMRbox user — throughout the documentation, the terms '''NAN user''' and '''NMRhub user''' are used interchangeably.
 
=== The Role of Vetted PIs ===


A key change introduced with NAN was the concept of '''vetted PIs''' and the formal linking of users to PI-led lab groups. Previously, users self-declared their roles (e.g., PI, graduate student), but these designations were not verified.
A key change introduced with NAN was the concept of '''vetted PIs''' and the formal linking of users to PI-led lab groups. Previously, users self-declared their roles (e.g., PI, graduate student), but these designations were not verified.
Line 22: Line 13:
* The NAN team to verify and approve PI status
* The NAN team to verify and approve PI status
* Users to request access to a PI's lab group, which must be approved by the PI or their delegate
* Users to request access to a PI's lab group, which must be approved by the PI or their delegate
<big>'''Seamless Access Through SSO'''</big>


=== Seamless Access Through SSO ===
We have implemented '''Single Sign-On (SSO)''' across all NMRhub resources — including '''NMRbox''', '''NAN''', '''[https://nuscon.org/home NUScon]''', and the '''virtual NAN Operations Center''' — to enable seamless navigation and access across the ecosystem.
 
We have implemented '''Single Sign-On (SSO)''' across all NMRhub resources — including '''NMRbox''', '''NAN''', '''NUScon''', and the '''virtual NAN Operations Center''' — to enable seamless navigation and access across the ecosystem.


== Public User ==
== Public User ==
Line 32: Line 22:
They have view-only access to:
They have view-only access to:
* The '''[[Resource Connector]]''' (lists facilities, instruments, configurations, searchable by services)
* The '''[[Resource Connector]]''' (lists facilities, instruments, configurations, searchable by services)
* The '''Knowledgebase''' (introductory content on how NMR can be used in research)
* The '''[[Knowledgebases|Knowledgebase]]''' (introductory content on how NMR can be used in research)
* The '''Vignette Library''' (summaries of papers using NMR)
* The '''[[Vignette Library]]''' (summaries of papers using NMR)
* The '''Materials Periodic Table''' (isotope-specific NMR attributes)
* The '''[[Materials Periodic Table]]''' (isotope-specific NMR attributes)
* All '''Public Datasets''' including those in the Knowledgebase
* All '''[[Public and Publishing|Public Datasets]]''' including those in the Knowledgebase
* '''Published Collections'''
* '''[[Public and Publishing|Published Collections]]'''
* The '''[https://usnan.nmrhub.org/operations/kibana-public Public View]''' of the Virtual NAN Operations Center (vNOC)
* The '''[https://usnan.nmrhub.org/operations/kibana-public Public View]''' of the Virtual NAN Operations Center (vNOC)


Line 44: Line 34:
They have access to:
They have access to:
* All Public User content
* All Public User content
* '''Dataset, Sample, and Collection Browsers''' (for data they have permission to see)
* '''[[Data Browser|Dataset, Sample, and Collection Browsers]]''' (for data they have permission to see)
* The ability to '''reassign datasets''' to other lab members for 3 months after harvesting
* The ability to '''reassign datasets''' to other lab members for 3 months after harvesting
* '''UHF Access''' (view/submit requests if granted by their PI)
* '''[[UHF Access]]''' (view/submit requests if granted by their PI)
* '''My Permissions''' (shows what permissions their PI has granted)
* [[Data Browser#My Permissions|'''My Permissions''']] (shows what permissions their PI has granted)
* The '''[https://usnan.nmrhub.org/operations/kibana-user User Dashboard]''' of vNOC
* The [https://usnan.nmrhub.org/operations/kibana-user '''User Dashboard'''] of vNOC
* The ability to create '''Literature Vignettes'''
* The ability to create '''[[Vignette Library|Literature Vignettes]]'''


== Principal Investigator (PI) ==
== Principal Investigator (PI) ==
Line 67: Line 57:
* All actions are performed as the PI once switched
* All actions are performed as the PI once switched


== Facility Manager (Staff) ==
== Facility Staff ==
A user designated as staff for an NMR facility.
 
Each facility must have at least one staff member assigned when it is created. Facility staff are defined on the Facility Information page (viewable only by users with edit rights). Staff with the '''''Roles''''' of '''Administrator''', '''Director''', or '''Facility Manager''' have special privileges, including the ability to edit facility information, manage users, and access all data harvested by NDTS from the facility, as described below.
 
Users may hold more than one role: '''Administrator''', '''Director''', Engineer, '''Facility Manager''', Researcher, Technician, or Approver. Users who are '''NOT''' listed as an Administrator, Director, or Facility Manager do not have special privileges beyond being recognized as facility staff.
 
Users assigned the roles of Administrator, Director, or Facility Manager have:


They have:
* Access to the '''[[Facility Dashboards|Facility Dashboard]]''' to:
* Access to the '''[[Facility Dashboards|Facility Dashboard]]''' for:
** Edit facility, instrument, and probe details
** Editing facility, instrument, and probe details
** Manage users and instrument records
** Managing users and instrument records
** Download NDTS software
** Downloading NDTS software
* Real-time updates to the portal based on dashboard changes
* Real-time updates to the portal based on dashboard changes
* Unrestricted access to all datasets collected within their facility
* Unrestricted access to all datasets collected within their facility
* Ability to '''reassign''' or '''purge''' datasets collected within their facility
* Ability to '''reassign''' or '''purge datasets collected within their facility'''
* Access to the '''[https://usnan.nmrhub.org/operations/kibana-fm Facility Dashboard]''' of vNOC
* The '''[https://usnan.nmrhub.org/operations/kibana-fm Facility Dashboard]''' of vNOC


== Knowledgebase / Website Content Provider ==
== Knowledgebase / Website Content Provider ==

Latest revision as of 14:46, 31 July 2025

NAN Users and NMRbox Users and NMRhub Users—Oh My!

  • NMRbox and NAN were both developed at UConn Health and operate on shared computational resources hosted by the HPC facility. NMRbox has served the NMR community for over a decade, during which users had NMRbox accounts.
  • With the introduction of NAN, we wanted to avoid YAUAYet Another User Account. To streamline access, we created the NMRhub landing site, which provides links to all computational resources hosted at UConn Health. At the same time, we rebranded NMRbox accounts as NMRhub users.
  • As a result, there is no functional difference between a NAN user and an NMRbox user — throughout the documentation, the terms NAN user and NMRhub user are used interchangeably.

The Role of Vetted PIs

A key change introduced with NAN was the concept of vetted PIs and the formal linking of users to PI-led lab groups. Previously, users self-declared their roles (e.g., PI, graduate student), but these designations were not verified.

Because dataset ownership in NAN is PI-based, we added mechanisms for:

  • Users to update their account and request PI status
  • The NAN team to verify and approve PI status
  • Users to request access to a PI's lab group, which must be approved by the PI or their delegate

Seamless Access Through SSO

We have implemented Single Sign-On (SSO) across all NMRhub resources — including NMRbox, NAN, NUScon, and the virtual NAN Operations Center — to enable seamless navigation and access across the ecosystem.

Public User

A user who is not authenticated with an NMRhub account.

They have view-only access to:

Standard NAN User

An authenticated user with an NMRhub account.

They have access to:

Principal Investigator (PI)

Includes everything a standard NAN User sees, plus:

  • Access to Lab Administration for:
    • Creating and managing Projects
    • Adding funding sources
    • Managing lab users and permissions
  • The PI Dashboard of vNOC (summary of lab-wide data)
  • Ability to create Literature Vignettes

PI Delegate

A lab-group member designated by the PI with delegate permissions.

  • Can switch into the PI account to perform actions on their behalf (like the su command in Linux)
  • Does not have PI privileges in their own account directly
  • All actions are performed as the PI once switched

Facility Staff

Each facility must have at least one staff member assigned when it is created. Facility staff are defined on the Facility Information page (viewable only by users with edit rights). Staff with the Roles of Administrator, Director, or Facility Manager have special privileges, including the ability to edit facility information, manage users, and access all data harvested by NDTS from the facility, as described below.

Users may hold more than one role: Administrator, Director, Engineer, Facility Manager, Researcher, Technician, or Approver. Users who are NOT listed as an Administrator, Director, or Facility Manager do not have special privileges beyond being recognized as facility staff.

Users assigned the roles of Administrator, Director, or Facility Manager have:

  • Access to the Facility Dashboard to:
    • Edit facility, instrument, and probe details
    • Manage users and instrument records
    • Download NDTS software
  • Real-time updates to the portal based on dashboard changes
  • Unrestricted access to all datasets collected within their facility
  • Ability to reassign or purge datasets collected within their facility
  • Access to the Facility Dashboard of vNOC

Knowledgebase / Website Content Provider

A NAN user with content editing privileges.

They can:

  • Create and edit Knowledgebase content
  • Assign datasets as KB Datasets
  • Edit any page with built-in content management tools on the portal

UHF Reviewer

A user added to the reviewer pool for Ultra-High Field (UHF) requests.

  • All PIs from labs with access to 1.1 GHz instruments are automatically added

UHF Administrator

A privileged user who helps run the UHF system.

  • Has full access to manage UHF requests
  • Assists the UHF Operations Committee and current cycle chair

UHF Operations Committee Member

A user with broad oversight of UHF review activities.

They can:

  • Manage and review UHF requests
  • Assign reviewers
  • Modify user roles and expertise areas
  • Change the status of UHF requests
  • One member serves as the Chair for each review cycle
Retrieved from "https://wiki.usnan.org/index.php?title=User_Roles_and_Permissions&oldid=1261"