Permissions are defined in SDMS to allow/deny users access to documents according to individual, team membership, Sites, Roles and, if configured, those who are members of specific client projects. Permissions are file-type and project based, that is, for a user or team, and so on, permissions are defined according to file type and project. For additional flexibility, flags can be introduced to re-categorize documents according to needs specific to your facility. While adding flexibility, flags introduce another level of complexity to configuration of permissions. For details about flags, see section Building Flag Permissions.
A user who is an administrator can have complete access for one file type, yet have no access to another file type. The permissions that affect a specific document are based on the permissions set at several levels:
The permission hierarchy is based on the following relationship tree:
| 1. | Role - The role permissions are the highest level of permission. If Deny is set for any object at this level, it overrides access to that object configured at any other level. Role permissions can allow a user to access all sites, file types, projects and documents in the SDMS. |
Regarding permissions, there are two relevant SDMS roles available:
| • | Administrator - This is a user in STARLIMS who has the Method Developer option marked in the User Management application. |
| • | Everyone - Anyone who does not have the Method Developer option marked. |
To view the permissions configured for the Administrator and Everyone roles, open Utilities > SDMS Admin and click the Permissions tab. Highlight the role for which you want to view permissions and click Edit. In the resulting dialog box, double-click the SDMS entity to which you want to view/configure permissions. For details, see section Understanding Role-based Permissions.
| 2. | Site - Second level of priority. If Deny is set for any object at this level, it overrides access to that object configured at any lower level. Unless you want to Deny or Allow access to documents for everyone at a site, it is typical to allow permissions to remain marked as <not set> at this level. |
| 3. | Flags, File Type, Project - Third level of priority. Typically, this is where most permissions are configured. It is where permissions are most manageable using the Deny access. Because all documents are uploaded with an associated file type and project, both are always taken into account, while flags are optional: see the diagram in the next section. Permissions for File Types and Flags are configured in the File Types and Flags tabs of the SDMS Admin application, and permissions for projects are configured in the User Management application using the SDMS Permissions link. |
NOTE Flags which can deny or allow access can be attached to specific documents to provide a document permission level. Furthermore, flags can be used to restrict access to a specific document for a specific user. For more information about configuring flags, see section Flags.
To trace how a particular permission, such as Browse, is available after configuration at different levels, see the diagram and/or charts in the following sections A Diagram for Permission Flow and Access Charts for Permissions.