-
Notifications
You must be signed in to change notification settings - Fork 21
Roles and rights specification
There are two levels of rights in Shanoir :
- General roles : apply globally to a user
- Study rights : apply to a user for a specific study
There are four categories of persons that uses Shanoir. Depending of their functions, they may view or edit some data while some other data should not be accessible or editable for them. Here is the list of those roles and their descriptions.
- USER : Depending on his rights on a study a user can be a researcher that want to use the collected data or an MRI operator / doctor that collects and organize the data in Shanoir. The main reason for this role is that despite his rights on any study, he is prevented from doing some operations in Shanoir that could alter the data quality (he cannot create studies or edit datasets, centers, coils, manufacturers, equipment, etc).
- EXPERT : The expert works with operators and doctors and administrate his studies. He is a trusted user that can create new studies, configure them and can edit the imported data more precisely. He can also create new entities like centers, coils, etc.
- ADMIN : This role is reserved to the technical support members and give the possibility to do almost everything in Shanoir.
In order to interact with a study, a user must be a member of it. His membership comes with certain rights.
- CAN_SEE_ALL : The member can see all the study's data.
- CAN_DOWNLOAD : The member can download data from this study.
- CAN_IMPORT : The member can import data in this study. Must come with CAN_SEE_ALL otherwise the user cannot see the data he has imported.
- CAN_ADMINISTRATE : The member can edit the study's parameters, the study's members and their rights and protocol files for this study.
In case a study requires a data user agreement (DUA), each member of the study will have to accept the DUA first, before getting access to the data and using their rights below. For this reason StudyUser (the membership table in edit study) now contains a confirmed column, that shows if the current member has already accepted the DUA or not. Members where confirmed is false, can not access to any data of the study. If no DUA is required by the study, the StudyUser confirmed is true by default. For more information, please see: DUA Spec.
Note : The Shanoir UI may check automatically some rights when selecting certains rights. For instance CAN_ADMINISTRATE will check every other right.
- Receive Import Mail: when this flag is true for a member of a study, this user receives a notification email for each import done within this study.
- Receive Member Mail: when this flag is true for a member of a study, this user receives a notification email each time one or more new members are added to the study.
| USER | EXPERT | ADMIN | |
|---|---|---|---|
| CAN_SEE_ALL | x | x | x |
| CAN_DOWNLOAD | x | x | x |
| CAN_IMPORT | x | x | x |
| CAN_ADMINISTRATE | x | x | x |
We assume that an ADMIN has every right
| USER | EXPERT | ||
|---|---|---|---|
| View details | CAN_SEE_ALL | CAN_SEE_ALL | |
| STUDY | Create | ✗ | ✔ |
| (incl. protocol) | Edit / Delete | ✗ | CAN_ADMINISTRATE |
| View details | CAN_SEE_ALL | CAN_SEE_ALL | |
| DATASET | Download | CAN_DOWNLOAD | CAN_DOWNLOAD |
| DATASET ACQ | Create (ds acq) | CAN_IMPORT | CAN_IMPORT |
| Execute a pipeline | ✗ | CAN_ADMINISTRATE | |
| Edit / Delete | ✗ | CAN_ADMINISTRATE | |
| View details | CAN_SEE_ALL | CAN_SEE_ALL or only names | |
| SUBJECT | Create | CAN_IMPORT | CAN_IMPORT |
| Edit | ✗ | ✗ | |
| Delete | ✗ | CAN_ADMINISTRATE | |
| View details | CAN_SEE_ALL | CAN_SEE_ALL or only names | |
| Create | CAN_IMPORT | CAN_IMPORT | |
| EXAMINATION | Edit | CAN_IMPORT | CAN_IMPORT |
| Delete | ✗ | CAN_ADMINISTRATE | |
| View details | CAN_SEE_ALL | CAN_SEE_ALL | |
| SUBJECT-STUDY | Create | CAN_IMPORT | CAN_IMPORT || CAN_ADMINISTRATE |
| Edit | CAN_IMPORT | CAN_IMPORT || CAN_ADMINISTRATE | |
| Delete | ✗ | CAN_ADMINISTRATE | |
| View details | ✔ | ✔ | |
| EQUIPMENT | Create | ✗ | ✔ |
| Edit / Delete | ✗ | ✔ | |
| View details | ✔ | CAN_SEE_ALL | |
| STUDY CARDS | Create | ✗ | CAN_ADMINISTRATE |
| Edit / Delete | ✗ | CAN_ADMINISTRATE | |
| View details | ✔ | CAN_SEE_ALL | |
| QUALITY CARDS | Create | ✗ | CAN_ADMINISTRATE |
| Edit / Delete | ✗ | CAN_ADMINISTRATE | |
| IMPORT | Import | CAN_IMPORT | CAN_IMPORT |
| View | Only names | Only names | |
| USERS | Create / Delete | ✗ | ✗ |
| Edit | Only me - Only email / name / pwd | Only me - Only email / name / pwd | |
| Approve / Refuse | ✗ | ✗ | |
| NIFTI CONVERTER | View | ✔ | ✔ |