Roles are meant to represent different kinds of working positions that users can have, like server administrator or regular user just to mention two. Users are normally assigned a role, perhaps more than one, when they are created and registered in BASE.
BASE comes with some pre-defined roles. These are configured to cover the normal user roles that can appear. A more detailed description of the different roles and when to use them follows here.
- Administrator
-
This role gives the user full permission to do everything in BASE and also possibility to share items with the system-group 'Everyone'. Users that are supposed to administrate the server, user accounts, groups etc. should have this role.
- Supervisor
-
Users that are members of this role has permission to read everything in BASE. This role does not let the members to actually do anything in BASE except read and supervise.
- Power user
-
This role allows it's members to do some things that an ordinary user not is allowed to. Most things are related to global resources like reporters, the array lims and plug-ins. This role can be proper for those users that are in some kind of leading position over work groups or projects.
- User
-
A role that is suitable for all ordinary users. This allows the members to do common things in BASE such as creating biomaterials and experiments, uploading raw data and analyse it.
- Guest
-
This is a role with limited access to create new things. It is useful for those who wants to have peek at the program. It can also be used for someone that is helping out with the analysis of an experiment.
- Job agent
-
This role is given to the job agents and allows them to read and execute jobs. Job agents always runs the jobs as the user who created the job and therefore it have to be able to act as another user.
Creating a new role or editing the system-roles are something that do not needs to be done very often. The existing roles will normally be enough but there can be some cases when they need to be complemented, either with a new role or with different permissions.
- Name
-
The name of the role.
- Share to Everyone
-
Allows the user to share items to the system-group 'Everyone'.
- Act as another user
-
Allows the user to login as another user without knowing the password. This is used by job agents to make it possible for them to execute a plug-in as the user that created the job. This permission will also make it possible to switch user in the web interface. It can be useful for an administrator who needs to check out a problem, but use this permission with care.
- Select job agent for jobs
-
Allows the user to select a specific job agent when running jobs. Users without this permission will always have a randomly selected job agent.
- Default
-
Mark this checkbox to let BASE automatically add new users as members to the role.
- Description
-
Description and information about the role.
Set the properties and proceed then to either one of the other tabs or by clicking on one of the buttons: to save the changes or to abort.
A role's permissions are defined for each item type within BASE. Set the role's permission on an item type by first selecting the item(s) in the list and then tick those permissions that should be applied. Not all permissions can be applied to every item type, that's why permission check-boxes becomes disabled when selecting some of the item types
After each item type in the list is a string inside square brackets that shows what kind of permissions the current role has on that particular item type. The permissions that do not have been set are represented with '-' inside the square brackets and those which have been set are represented with characters that are listed below.
- DENIED = Deny access to the selected item type. This exclude all the other permissions by unchecking the other check boxes.
- C = Create
- R = Read
- U = Use
- W = Write
- D = Delete
- O = Set owner
- P = Set permission
Set the role's permission on each one of the item types and proceed then to one of the other tabs or click on to save the changes or to abort.
- Members
-
Users that are members of a role are listed in the list-box located on this tab.
-
Select the users that should be added from the list in the pop-up window. Click on the button to close the pop-up window and add the selected users.
- Remove
-
Removes the selected users from the role.
Press to save the role or go to one of the other tabs if there are more that needs to be set. Use to abort and close the window without saving the changes.