Lab Permissions: Difference between revisions

From Network for Advanced NMR
Jump to navigationJump to search
VisualWikitext
Created page with "= User Permissions and Roles in NAN = This page explains how user permissions are managed in the NAN portal, including account setup, lab permissions, project-based access, and facility management. == Account Setup and Access Requirements == To access non-public features of the NAN portal: * Users must log in using the Single Sign-On (SSO) service hosted on [https://nmrhub.org NMRhub.org], which is shared between NAN and NMRbox. * Each user must: ** Provide a valid O..."
 
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{LabAdmin}}
= User Permissions and Roles in NAN =
= User Permissions and Roles in NAN =


This page explains how user permissions are managed in the NAN portal, including account setup, lab permissions, project-based access, and facility management.
This page explains how user permissions are managed in the NAN portal, including account setup, lab permissions, project-based access, and facility management.
See the [[User Roles and Permissions]] page for details on the various user roles that exist on the NAN portal


== Account Setup and Access Requirements ==
== Account Setup and Access Requirements ==


To access non-public features of the NAN portal:
To access non-public features of the NAN portal:


* Users must log in using the Single Sign-On (SSO) service hosted on [https://nmrhub.org NMRhub.org], which is shared between NAN and NMRbox.
* Users must log in using the Single Sign-On (SSO) service hosted on [https://nmrhub.org NMRhub.org], which is shared between NAN and NMRbox.
* Each user must:
* See [[Creating an Account]] for detailed instructions
** Provide a valid ORCID iD.
** Declare their principal investigator (PI), or self-identify as a PI.
* All user accounts and PI declarations are reviewed and verified by NMRhub staff.
* PI assignments initiated by users are validated by the designated PI or a delegate.
* Access to non-public NAN features is disabled until PI designation and validation are complete.


== Lab Structure and Permissions ==
== Lab Structure and Permissions ==
Line 19: Line 19:
=== Data Ownership and Visibility ===
=== Data Ownership and Visibility ===


* Data harvested by NAN is associated with the NAN user who collected it, but is officially '''owned by the PI''' as a proxy for their institution.
* Data harvested by NAN is associated with the NAN user who collected it, but is controlled by the '''PI''' who acts as the official steward of the data.
* All users linked to a PI appear in the PI’s '''Lab Permissions Dashboard'''.
* All users linked to a PI appear in the PI’s '''Lab Permissions Dashboard'''.
* Users can see:
* Users can see:
Line 25: Line 25:
** Any datasets for which they have been granted view permissions.
** Any datasets for which they have been granted view permissions.


=== PI Permissions ===
[[File:Lab-permissions.png|thumb|Lab Permissions Matrix|450x450px]]


PIs have full control over their lab's data and permissions, including:
=== PI Permissions and Lab View ===


* Granting or revoking read/write access for individual lab members.
PIs have full control over their lab’s data and permissions. These are managed primarily through the '''Lab View''' section of the Lab Permissions Dashboard.
* Controlling who can publish data.
 
* Assigning read access to external collaborators.
* '''Pending PI requests''' appear at the top and can be accepted or declined using thumbs up/down icons.
* Managing fine-grained permissions on a per-user or per-project basis.
* '''Current lab members''' are listed in the Lab-group Users section.
* Setting default permissions for all lab members to simplify management.
* '''Lab-group Defaults''' allow the PI to assign a default permission set for all users. Any new users added to the lab-group automatically inherit these defaults.
* Removing users from the current lab group (they remain linked as past members).
 
* Managing permissions for both active and former lab members.
Permissions can be adjusted per user for:
{| class="wikitable"
! Role/Permission !! Description
|-
| UHF Viewer || View UHF requests
|-
| UHF Submitter || Submit UHF requests
|-
| Read (Blue) || Read/view datasets where they are the assigned NAN user
|-
| Write (Blue) || Edit datasets where they are the assigned NAN user
|-
| Read (Orange) || Read/view all datasets owned by the PI
|-
| Write (Orange) || Edit all datasets owned by the PI
|}
 
Additional columns indicate:
* Whether the PI is the user's primary PI (if the user has more than one)
* When the user joined the lab-group
 
PIs can also:
* Grant read access to external '''Collaborative Users'''
* Permit collaborative users to '''publish''' lab data
* Remove users from the current lab group (they remain visible as past users for continued permission management)


=== Project-Specific Permissions ===
=== Project-Specific Permissions ===
Line 67: Line 91:
** Specify a different NAN username during harvesting.
** Specify a different NAN username during harvesting.
* Remove datasets that were harvested in error.
* Remove datasets that were harvested in error.
== Initial Facility Setup ==
* When a facility first joins NAN, an initial Facility Manager is added by the NAN administrative team.
* Additional managers and facility staff can be added or modified by the existing Facility Manager(s) using the web portal.

Latest revision as of 19:00, 14 July 2025

User Permissions and Roles in NAN

This page explains how user permissions are managed in the NAN portal, including account setup, lab permissions, project-based access, and facility management.

See the User Roles and Permissions page for details on the various user roles that exist on the NAN portal

Account Setup and Access Requirements

To access non-public features of the NAN portal:

  • Users must log in using the Single Sign-On (SSO) service hosted on NMRhub.org, which is shared between NAN and NMRbox.
  • See Creating an Account for detailed instructions

Lab Structure and Permissions

Data Ownership and Visibility

  • Data harvested by NAN is associated with the NAN user who collected it, but is controlled by the PI who acts as the official steward of the data.
  • All users linked to a PI appear in the PI’s Lab Permissions Dashboard.
  • Users can see:
    • All public and published datasets.
    • Any datasets for which they have been granted view permissions.
Lab Permissions Matrix

PI Permissions and Lab View

PIs have full control over their lab’s data and permissions. These are managed primarily through the Lab View section of the Lab Permissions Dashboard.

  • Pending PI requests appear at the top and can be accepted or declined using thumbs up/down icons.
  • Current lab members are listed in the Lab-group Users section.
  • Lab-group Defaults allow the PI to assign a default permission set for all users. Any new users added to the lab-group automatically inherit these defaults.

Permissions can be adjusted per user for:

Role/Permission Description
UHF Viewer View UHF requests
UHF Submitter Submit UHF requests
Read (Blue) Read/view datasets where they are the assigned NAN user
Write (Blue) Edit datasets where they are the assigned NAN user
Read (Orange) Read/view all datasets owned by the PI
Write (Orange) Edit all datasets owned by the PI

Additional columns indicate:

  • Whether the PI is the user's primary PI (if the user has more than one)
  • When the user joined the lab-group

PIs can also:

  • Grant read access to external Collaborative Users
  • Permit collaborative users to publish lab data
  • Remove users from the current lab group (they remain visible as past users for continued permission management)

Project-Specific Permissions

  • Permissions can be assigned at the project level to:
    • Provide specific access to subsets of lab members or collaborators.
    • Prevent broader lab access when unnecessary.
  • PIs can define default project-level permissions for all lab members to reduce administrative overhead.

PI Delegates

PIs can assign trusted users as Delegates who:

  • May switch roles to act as the PI.
  • Accept PI requests submitted by users.
  • Manage lab member permissions.
  • Control data access on behalf of the PI.

Facility Managers

Facility Managers are responsible for overseeing data generated at their NMR facilities. They can:

  • View all datasets collected within their facility.
  • Manage dataset ownership when:
    • No NAN user or PI was associated at the time of harvesting.
    • Ownership must be reassigned post-harvest.
  • Link spectrometer workstation users to NAN accounts.
  • Define and manage default data harvesting modes.
  • Choose whether users can:
    • Modify the harvesting setting.
    • Specify a different NAN username during harvesting.
  • Remove datasets that were harvested in error.
Retrieved from "https://wiki.usnan.org/index.php?title=Lab_Permissions&oldid=1188"