23.3. Roles administration

23.3.1. Pre-defined system roles
23.3.2. Edit role

Roles are meant to represent different kinds of working positions that users can have, like server administrator or regular user just to mention two. Users are normally assigned a role, perhaps more than one, when they are created and registered in BASE.

23.3.1. Pre-defined system roles

BASE comes with some pre-defined roles. These are configured to cover the normal user roles that can appear. A more detailed description of the different roles and when to use them follows here.


This role gives the user full permission to do everything in BASE and also possibility to share items with the system-group 'Everyone'. Users that are supposed to administrate the server, user accounts, groups etc. should have this role.


Users that are members of this role has permission to read everything in BASE. This role does not let the members to actually do anything in BASE except read and supervise.

Power user

This role allows it's members to do some things that an ordinary user not is allowed to. Most things are related to global resources like reporters, the array lims and plug-ins. This role can be proper for those users that are in some kind of leading position over work groups or projects.


A role that is suitable for all ordinary users. This allows the members to do common things in BASE such as creating biomaterials and experiments, uploading raw data and analyse it.


This is a role with limited access to create new things. It is useful for those who wants to have peek at the program. It can also be used for someone that is helping out with the analysis of an experiment.

Job agent

This role is given to the job agents and allows them to read and execute jobs. Job agents always runs the jobs as the user who created the job and therefore it have to be able to act as another user.

23.3.2. Edit role

Creating a new role or editing the system-roles are something that do not needs to be done very often. The existing roles will normally be enough but there can be some cases when they need to be complemented, either with a new role or with different permissions.


Figure 23.8. Role properties

Role properties


The name of the role.

Share to Everyone

Allows the user to share items to the system-group 'Everyone'.

Act as another user

Allows the user to login as another user without knowing the password. This is used by job agents to make it possible for them to execute a plug-in as the user that created the job. This permission will also make it possible to switch user in the web interface. It can be useful for an administrator who needs to check out a problem, but use this permission with care.

Select job agent for jobs

Allows the user to select a specific job agent when running jobs. Users without this permission will always have a randomly selected job agent.


Mark this checkbox to let BASE automatically add new users as members to the role.


Description and information about the role.

Set the properties and proceed then to either one of the other tabs or by clicking on one of the buttons: Save to save the changes or Cancel to abort.


Figure 23.9. Role permissions

Role permissions

A role's permissions are defined for each item type within BASE. Set the role's permission on an item type by first selecting the item(s) in the list and then tick those permissions that should be applied. Not all permissions can be applied to every item type, that's why permission check-boxes becomes disabled when selecting some of the item types

After each item type in the list is a string inside square brackets that shows what kind of permissions the current role has on that particular item type. The permissions that do not have been set are represented with '-' inside the square brackets and those which have been set are represented with characters that are listed below.

  • DENIED = Deny access to the selected item type. This exclude all the other permissions by unchecking the other check boxes.
  • C = Create
  • R = Read
  • U = Use
  • W = Write
  • D = Delete
  • O = Set owner
  • P = Set permission

Set the role's permission on each one of the item types and proceed then to one of the other tabs or click on Save to save the changes or Cancel to abort.


Figure 23.10. Role members

Role members


Users that are members of a role are listed in the list-box located on this tab.

Add users

Select the users that should be added from the list in the pop-up window. Click on the Ok button to close the pop-up window and add the selected users.


Removes the selected users from the role.

Press Save to save the role or go to one of the other tabs if there are more that needs to be set. Use Close to abort and close the window without saving the changes.