Configured Role-Based Permissions
Manage the permissions of the System Administrator, Facility Administrator, Researcher, and Collaborator user roles to restrict or allow the following actions:
Sign in to Clarity LIMS.
Sign in to the API.
View and interact with certain features of the interface.
Perform certain actions in the interface.
View and restrict any actions in the interface. [Clarity LIMS v6.1 and above]
Command-line Permissions Tool
Role-based permissions are controlled through the permissions-tool.jar tool, at /opt/gls/clarity/tools/permissions/.
For assistance with running the command-line permissions tool, contact the Illumina Support team.
Functionality includes the following commands:
listRoles—List all roles in the system.
describeRole—List names and descriptions of all permissions in the system.
createRole—Create a role.
showSummary—List permissions assigned to each role in the system.
listPermissions—List permissions assigned to a specific role.
assignPermission—Assign a permission to a role.
removePermission—Remove a permission from a role.
NOTE: The permissions-tool.jar tool function names and property names are case-sensitive. If you type the incorrect case, your command or property cannot be understood.
There can be a delay (up to 20 minutes) before changes to some API-related permissions take effect.
Supported Commands
listRoles
List all user roles in the system:
describeRole
Show permissions for a specific role:
createRole
Create a role:
showSummary
Show assigned permissions for all roles:
listPermissions
List names and descriptions of all permissions:
assignPermission
Assign a permission to a role (the example assigns permission to create controls):
[Clarity LIMS v6.1 and above] Assign a permission to a role (the example assigns read-only permission to a role):
Refer to Supported Permissions.
removePermission
Remove a permission from a role (the example removes permission to create controls):
Refer to Supported Permissions.
Usage
Options
Supported Permissions
The sections below list LIMS permissions and actions, and the user roles to which each permission/action is assigned by default.
By default, System Administrators and Facility Administrators have all permissions listed.
Permission: AdministerLabLink
The default role with AdministerLabLink permission is Administrator. This permission is added to the existing System Administrator & Facility Administrator roles.
The Collaborator role is based on the existing Collaborator role in LabLink v1.0.
Note: The existing Researcher role does not have the new permission and behaves similarly to the LabLink Collaborator role.
Permission: ClarityLogin
Default roles with this permission: Administrator, Researcher
Permission: APILogin
Permission: Project
Permission: Sample
The Sample:update permission is automatically granted to roles that have the Sample:create permission at the time of migration to Clarity LIMS v5.x. If you have removed create permissions from any default role, the role does not acquire the update permission.
Permission: Controls
Default roles with these permissions: Administrator
Users with ClarityLogin permission can access the Consumables > Controls tab and view control sample details (read only).
Permission: ReagentKit
Default roles with these permissions: Administrator
Users with ClarityLogin permission can access the Consumables > Reagents tab. They can also view, edit, and delete reagent lots, and add lots to existing kits. No additional ReagentKit permissions are required.
Permission: Role
Default roles with these permissions: Administrator
APILogin permission is required for role management. All users with ClarityLogin permissions can view and edit their own user details (except for assigning/removing roles).
Permission: Read-Only [Clarity LIMS v6.1 and above]
Default roles with this permission: Not applicable. You can assign this permission to any role.
At least one System Administrator must be available to reconfigure user roles. Therefore, we recommend that you do not assign the Read-Only permission to the default Administrator and API users.
Permission: User
Default roles with these permissions: Administrator
In the LIMS user interface, the term 'contact' has been replaced with 'client.' However, the API still uses the permission Contact.
All users with ClarityLogin permission can view and edit their own user details (except for assigning/removing roles).
Permission: Contact
Default roles with these permissions: Administrator
In the LIMS user interface, the term 'contact' has been replaced with 'client.' However, the API still uses the permission Contact.
Users with ClarityLogin permission can view and edit their own client and user details.
Clients can edit their own details (except for assigning/removing roles) without having update permission.
Permission: Process
Default roles with these permissions: Administrator
In the LIMS user interface, the term 'process' has been replaced with 'master step.' However, the API still uses the permission Process.
Permission: OverviewDashboard
Default roles with this permission: Administrator
Permission: Configuration
Default roles with this permission: Administrator
Permission: ReQueueSample
Default roles with this permission: Administrator, Researcher, Collaborator
Permission: SampleWorkflowAssignment
Default roles with this permission: Administrator, Researcher, Collaborator
Permission: RemoveSampleFromWorkflow
Default roles with this permission: Administrator
Permission: MoveToNextStep
Default roles with this permission: Administrator
Permission: SampleRework
Default roles with this permission: Administrator
Permission: ReviewEscalatedSamples
Default roles with this permission: Administrator
Permission: ESignatureSigning
Default roles with this permission: Administrator
Permission: CanEditCompletedSteps (LIMS v5.1 and Later)
Default roles with this permission: None
Modifications are limited to what is available on the Record Details screen for the step.
Details such as sample placement or routing cannot be modified.
Only steps completed after upgrading to LIMS v5.1 can be edited. Steps completed in v5.0 or earlier cannot be edited.
Steps that were executed using the Process API cannot be edited.
For details, see Modify Completed Step Details .
Last updated