User Permissions and Roles in NAN

This page explains how user permissions are managed in the NAN portal, including account setup, lab permissions, project-based access, and facility management.

See the User Roles and Permissions page for details on the various user roles that exist on the NAN portal

Account Setup and Access Requirements

To access non-public features of the NAN portal:

• Users must log in using the Single Sign-On (SSO) service hosted on NMRhub.org, which is shared between NAN and NMRbox.
• Each user must:
  • Provide a valid ORCID iD.
  • Declare their principal investigator (PI), or self-identify as a PI.
• All user accounts and PI declarations are reviewed and verified by NMRhub staff.
• PI assignments initiated by users are validated by the designated PI or a delegate.
• Access to non-public NAN features is disabled until PI designation and validation are complete.

Lab Structure and Permissions

Data Ownership and Visibility

• Data harvested by NAN is associated with the NAN user who collected it, but is officially owned by the PI as a proxy for their institution.
• All users linked to a PI appear in the PI’s Lab Permissions Dashboard.
• Users can see:
  • All public and published datasets.
  • Any datasets for which they have been granted view permissions.

PI Permissions and Lab View

PIs have full control over their lab’s data and permissions. These are managed primarily through the Lab View section of the Lab Permissions Dashboard.

• Pending PI requests appear at the top and can be accepted or declined using thumbs up/down icons.
• Current lab members are listed in the Lab-group Users section.
• Lab-group Defaults allow the PI to assign a default permission set for all users. Any new users added to the lab-group automatically inherit these defaults.

Permissions can be adjusted per user for:

• UHF Viewer – view UHF requests
• UHF Submitter – submit UHF requests
• Read (Blue) – read/view datasets where they are the assigned NAN user
• Write (Blue) – edit datasets where they are the assigned NAN user
• Read (Orange) – read/view all datasets owned by the PI
• Write (Orange) – edit all datasets owned by the PI

Additional columns indicate:

• Whether the PI is the user's primary PI (if the user has more than one)
• When the user joined the lab-group

PIs can also:

• Grant read access to external Collaborative Users
• Permit collaborative users to publish lab data
• Remove users from the current lab group (they remain visible as past users for continued permission management)

Project-Specific Permissions

• Permissions can be assigned at the project level to:
  • Provide specific access to subsets of lab members or collaborators.
  • Prevent broader lab access when unnecessary.
• PIs can define default project-level permissions for all lab members to reduce administrative overhead.

PI Delegates

PIs can assign trusted users as Delegates who:

• May switch roles to act as the PI.
• Accept PI requests submitted by users.
• Manage lab member permissions.
• Control data access on behalf of the PI.

Facility Managers

Facility Managers are responsible for overseeing data generated at their NMR facilities. They can:

• View all datasets collected within their facility.
• Manage dataset ownership when:
  • No NAN user or PI was associated at the time of harvesting.
  • Ownership must be reassigned post-harvest.
• Link spectrometer workstation users to NAN accounts.
• Define and manage default data harvesting modes.
• Choose whether users can:
  • Modify the harvesting setting.
  • Specify a different NAN username during harvesting.
• Remove datasets that were harvested in error.