Lab Permissions: Difference between revisions

From Network for Advanced NMR
Jump to navigationJump to search
← Older edit
VisualWikitext
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
<span style="display:inline-block; margin-bottom:1em;">[[Lab Administration|← Lab Administration]]</span>
{{LabAdmin}}


= User Permissions and Roles in NAN =
= User Permissions and Roles in NAN =


This page explains how user permissions are managed in the NAN portal, including account setup, lab permissions, project-based access, and facility management.
This page explains how user permissions are managed in the NAN portal, including account setup, lab permissions, project-based access, and facility management.
See the [[User Roles and Permissions]] page for details on the various user roles that exist on the NAN portal


== Account Setup and Access Requirements ==
== Account Setup and Access Requirements ==
Line 28: Line 30:


[[File:Lab-permissions.png|thumb|Lab Permissions Matrix|450x450px]]
[[File:Lab-permissions.png|thumb|Lab Permissions Matrix|450x450px]]
=== PI Permissions ===


PIs have full control over their lab's data and permissions, including:
=== PI Permissions and Lab View ===
 
PIs have full control over their lab’s data and permissions. These are managed primarily through the '''Lab View''' section of the Lab Permissions Dashboard.
 
* '''Pending PI requests''' appear at the top and can be accepted or declined using thumbs up/down icons.
* '''Current lab members''' are listed in the Lab-group Users section.
* '''Lab-group Defaults''' allow the PI to assign a default permission set for all users. Any new users added to the lab-group automatically inherit these defaults.
 
Permissions can be adjusted per user for:
* UHF Viewer – view UHF requests
* UHF Submitter – submit UHF requests
* Read (Blue) – read/view datasets where they are the assigned NAN user
* Write (Blue) – edit datasets where they are the assigned NAN user
* Read (Orange) – read/view all datasets owned by the PI
* Write (Orange) – edit all datasets owned by the PI


* Granting or revoking read/write access for individual lab members.
Additional columns indicate:
* Controlling who can publish data.
* Whether the PI is the user's primary PI (if the user has more than one)
* Assigning read access to external collaborators.
* When the user joined the lab-group
* Managing fine-grained permissions on a per-user or per-project basis.
* Setting default permissions for all lab members to simplify management.
* Removing users from the current lab group (they remain linked as past members).
* Managing permissions for both active and former lab members.
==== Lab View Permissions ====
An example of the Lab View permission is shown in the figure.


* Pending PI requests appear at the top and can be accepted or declined by selecting the thumbs up/down icons
PIs can also:
* Current lab members automatically appear in the Lab-group Users
* Grant read access to external '''Collaborative Users'''
* Lab-group Defaults will create the selection across all users. This feature is nice in that any new users who are added to the lab-group automatically obtain those permissions.
* Permit collaborative users to '''publish''' lab data
* Permissions can be adjusted for:
* Remove users from the current lab group (they remain visible as past users for continued permission management)
** UHF Viewer - ability to view UHF requests
** UHF Submitter - ability to submit UHF requests
** Read (Blue) - User can read/view data where they are the assigned NAN user
** Write (Blue) - User can edit data where they are the assigned NAN user
** Read (Orange) - User can read/view all data owned by the PI
** Write (Orange) - User can edit all data owned by the PI
** Additional columns show whether the PI is the primary PI (only applicable if a user has more than one PI) and  when they joined the lab-group.
* Collaborative users can be added and permission granted to Read and Publish lab data
* Past users remain on the Lab Permission page for continued management.


=== Project-Specific Permissions ===
=== Project-Specific Permissions ===

Latest revision as of 20:23, 10 June 2025

User Permissions and Roles in NAN

This page explains how user permissions are managed in the NAN portal, including account setup, lab permissions, project-based access, and facility management.

See the User Roles and Permissions page for details on the various user roles that exist on the NAN portal

Account Setup and Access Requirements

To access non-public features of the NAN portal:

  • Users must log in using the Single Sign-On (SSO) service hosted on NMRhub.org, which is shared between NAN and NMRbox.
  • Each user must:
    • Provide a valid ORCID iD.
    • Declare their principal investigator (PI), or self-identify as a PI.
  • All user accounts and PI declarations are reviewed and verified by NMRhub staff.
  • PI assignments initiated by users are validated by the designated PI or a delegate.
  • Access to non-public NAN features is disabled until PI designation and validation are complete.

Lab Structure and Permissions

Data Ownership and Visibility

  • Data harvested by NAN is associated with the NAN user who collected it, but is officially owned by the PI as a proxy for their institution.
  • All users linked to a PI appear in the PI’s Lab Permissions Dashboard.
  • Users can see:
    • All public and published datasets.
    • Any datasets for which they have been granted view permissions.
Lab Permissions Matrix

PI Permissions and Lab View

PIs have full control over their lab’s data and permissions. These are managed primarily through the Lab View section of the Lab Permissions Dashboard.

  • Pending PI requests appear at the top and can be accepted or declined using thumbs up/down icons.
  • Current lab members are listed in the Lab-group Users section.
  • Lab-group Defaults allow the PI to assign a default permission set for all users. Any new users added to the lab-group automatically inherit these defaults.

Permissions can be adjusted per user for:

  • UHF Viewer – view UHF requests
  • UHF Submitter – submit UHF requests
  • Read (Blue) – read/view datasets where they are the assigned NAN user
  • Write (Blue) – edit datasets where they are the assigned NAN user
  • Read (Orange) – read/view all datasets owned by the PI
  • Write (Orange) – edit all datasets owned by the PI

Additional columns indicate:

  • Whether the PI is the user's primary PI (if the user has more than one)
  • When the user joined the lab-group

PIs can also:

  • Grant read access to external Collaborative Users
  • Permit collaborative users to publish lab data
  • Remove users from the current lab group (they remain visible as past users for continued permission management)

Project-Specific Permissions

  • Permissions can be assigned at the project level to:
    • Provide specific access to subsets of lab members or collaborators.
    • Prevent broader lab access when unnecessary.
  • PIs can define default project-level permissions for all lab members to reduce administrative overhead.

PI Delegates

PIs can assign trusted users as Delegates who:

  • May switch roles to act as the PI.
  • Accept PI requests submitted by users.
  • Manage lab member permissions.
  • Control data access on behalf of the PI.

Facility Managers

Facility Managers are responsible for overseeing data generated at their NMR facilities. They can:

  • View all datasets collected within their facility.
  • Manage dataset ownership when:
    • No NAN user or PI was associated at the time of harvesting.
    • Ownership must be reassigned post-harvest.
  • Link spectrometer workstation users to NAN accounts.
  • Define and manage default data harvesting modes.
  • Choose whether users can:
    • Modify the harvesting setting.
    • Specify a different NAN username during harvesting.
  • Remove datasets that were harvested in error.
Retrieved from "https://wiki.usnan.org/index.php?title=Lab_Permissions&oldid=792"