Configured Role-Based Permissions

Manage the permissions of the System Administrator, Facility Administrator, Researcher, and Collaborator user roles to restrict or allow the following actions:

Sign in to Clarity LIMS.
Sign in to the API.
View and interact with certain features of the interface.
Perform certain actions in the interface.
View and restrict any actions in the interface. [Clarity LIMS v6.1 and above]

Command-line Permissions Tool

Role-based permissions are controlled through the permissions-tool.jar tool, at /opt/gls/clarity/tools/permissions/.

For assistance with running the command-line permissions tool, contact the Illumina Support team.

Functionality includes the following commands:

listRoles—List all roles in the system.
describeRole—List names and descriptions of all permissions in the system.
createRole—Create a role.
showSummary—List permissions assigned to each role in the system.
listPermissions—List permissions assigned to a specific role.
assignPermission—Assign a permission to a role.
removePermission—Remove a permission from a role.

NOTE: The permissions-tool.jar tool function names and property names are case-sensitive. If you type the incorrect case, your command or property cannot be understood.

There can be a delay (up to 20 minutes) before changes to some API-related permissions take effect.

Supported Commands

listRoles

List all user roles in the system:

java -jar permissions-tool.jar -a <apiUri> -u <username> -p <password> listRoles

describeRole

Show permissions for a specific role:

java -jar permissions-tool.jar -a <apiUri> -u <username> -p <password> describeRole <rolename>

createRole

Create a role:

java -jar permissions-tool.jar -a <apiUri> -u <username> -p <password> createRole <rolename>

showSummary

Show assigned permissions for all roles:

java -jar permissions-tool.jar -a <apiUri> -u <username> -p <password> showSummary

listPermissions

List names and descriptions of all permissions:

java -jar permissions-tool.jar -a <apiUri> -u <username> -p <password> listPermissions

assignPermission

Assign a permission to a role (the example assigns permission to create controls):

java -jar permissions-tool.jar -a <apiUri> -u <username> -p <password> assignPermission <rolename> Controls:create

[Clarity LIMS v6.1 and above] Assign a permission to a role (the example assigns read-only permission to a role):

java -jar permissions-tool.jar -a <apiUri> -u <username> -p <password> assignPermission <rolename> RoleOnly

Refer to Supported Permissions.

removePermission

Remove a permission from a role (the example removes permission to create controls):

java -jar permissions-tool.jar -a <apiUri> -u <username> -p <password> removePermission <rolename> Controls:create

Refer to Supported Permissions.

Usage

java -jar permissions-tool.jar -a <apiUri> -u <username> -p <password> <command> [<args>]

Options

Supported Permissions

The sections below list LIMS permissions and actions, and the user roles to which each permission/action is assigned by default.

By default, System Administrators and Facility Administrators have all permissions listed.

Permission: AdministerLabLink

The default role with AdministerLabLink permission is Administrator. This permission is added to the existing System Administrator & Facility Administrator roles.

The Collaborator role is based on the existing Collaborator role in LabLink v1.0.

Note: The existing Researcher role does not have the new permission and behaves similarly to the LabLink Collaborator role.

Permission: ClarityLogin

Default roles with this permission: Administrator, Researcher

Allows:

Result of denied permission

Permission: APILogin

Allows:

Result of denied permission

Permission: Project

Action:

Allows:

Result of denied permission

Permission: Sample

Action:

Allows:

Result of denied permission

The Sample:update permission is automatically granted to roles that have the Sample:create permission at the time of migration to Clarity LIMS v5.x. If you have removed create permissions from any default role, the role does not acquire the update permission.

Permission: Controls

Default roles with these permissions: Administrator

Action:

Allows:

Result of denied permission

Users with ClarityLogin permission can access the Consumables > Controls tab and view control sample details (read only).

Permission: ReagentKit

Default roles with these permissions: Administrator

Action:

Allows:

Result of denied permission

Users with ClarityLogin permission can access the Consumables > Reagents tab. They can also view, edit, and delete reagent lots, and add lots to existing kits. No additional ReagentKit permissions are required.

Permission: Role

Default roles with these permissions: Administrator

Action:

Allows:

Result of denied permission

APILogin permission is required for role management. All users with ClarityLogin permissions can view and edit their own user details (except for assigning/removing roles).

Permission: Read-Only [Clarity LIMS v6.1 and above]

Default roles with this permission: Not applicable. You can assign this permission to any role.

At least one System Administrator must be available to reconfigure user roles. Therefore, we recommend that you do not assign the Read-Only permission to the default Administrator and API users.

Action:

Allows:

Permission: User

Default roles with these permissions: Administrator

Action:

Allows:

Result of denied permission

In the LIMS user interface, the term 'contact' has been replaced with 'client.' However, the API still uses the permission Contact.

All users with ClarityLogin permission can view and edit their own user details (except for assigning/removing roles).

Permission: Contact

Default roles with these permissions: Administrator

Action:

Allows:

Result of denied permission

In the LIMS user interface, the term 'contact' has been replaced with 'client.' However, the API still uses the permission Contact.

Users with ClarityLogin permission can view and edit their own client and user details.

Clients can edit their own details (except for assigning/removing roles) without having update permission.

Permission: Process

Default roles with these permissions: Administrator

Action:

Allows:

Result of denied permission

In the LIMS user interface, the term 'process' has been replaced with 'master step.' However, the API still uses the permission Process.

Permission: OverviewDashboard

Default roles with this permission: Administrator

Action:

Allows:

Result of denied permission

Permission: Configuration

Default roles with this permission: Administrator

Action:

Allows:

Result of denied permission

Permission: ReQueueSample

Default roles with this permission: Administrator, Researcher, Collaborator

Allows:

Result of denied permission

Permission: SampleWorkflowAssignment

Default roles with this permission: Administrator, Researcher, Collaborator

Allows:

Result of denied permission

Permission: RemoveSampleFromWorkflow

Default roles with this permission: Administrator

Allows:

Result of denied permission

Permission: MoveToNextStep

Default roles with this permission: Administrator

Allows:

Result of denied permission

Permission: SampleRework

Default roles with this permission: Administrator

Allows:

Result - permission granted

Permission: ReviewEscalatedSamples

Default roles with this permission: Administrator

Allows:

Result - permission granted

Permission: ESignatureSigning

Default roles with this permission: Administrator

Allows:

Result of denied permission

Permission: CanEditCompletedSteps (LIMS v5.1 and Later)

Default roles with this permission: None

Allows:

Result - permission granted

Modifications are limited to what is available on the Record Details screen for the step.

Details such as sample placement or routing cannot be modified.

Only steps completed after upgrading to LIMS v5.1 can be edited. Steps completed in v5.0 or earlier cannot be edited.

Steps that were executed using the Process API cannot be edited.

For details, see Modify Completed Step Details .

PreviousUser Roles NextUser and Profile Page

Last updated 20 days ago