What are group policies and how to use them? v6.0 and above - LabCollector

Search Knowledge Base by Keyword

You are here:
← All Topics
  • If you have version 5.31 or below please see this KB instead.
  • If you have a version below 6.0 please see this KB instead.
  • This KB is for version 6.0 and above.


Note: Only accessible to super-administrator

The super administrator can define ONE member group to manage the user’s general permissions (confidentiality).
By default there is only the Full Access group. Additional groups can be added.

You can define access in 2 parts:
1. Multigroup access mode
2. Existing group settings 

1. Multigroup access mode

Group rules can be defined to manage user module access, based on several options.
In LabCollector you can now give a user access to more than one group.
To define group policies go to Admin > Users & Staff > Manage Users.

  • Permissions can be changed at any time through this menu.
  • Search filters also use these group definitions to help filter data by group.
  • Super-administrator can assign master administrators to the groups under Admin > Users & Staff > Manage Users. These administrators can create and manage lab members and user accounts for their own group.
  • Since version 5.3, super-administrator and group master administrators can select more than one group for a user on the Group Policy column.
  • Users can choose which of their groups they want to share data with on a record-by-record basis. If a user is in more than one group then their data is shared with all those groups by default. The user can otherwise choose particular groups from the Share Options dropdown while creating or editing a record.
  • The administrator can assign a Primary Group to users that are in more than one group on the Primary Group Restriction column. This means that by default their data is shared only with the Primary Group unless they explicitly choose to share individual records with their other group(s) while including/excluding their Primary group.
  • You can lock the user login by clicking on the icon located to the right of the table, this will disable the user from login in back into the system, unless the super administrator unlocks it back.
  • You can delete/archive users by clicking on the icon located to the right of the table, this will disable the user from login in back into the system permanently. Once you click on the icon, a screen will pop-up to confirm the removal (as shown on the screenshot down below):

Now, for example, let’s say you include a user in different groups with different access levels with a common module in all the groups (see the image below).

So how would you manage access levels in such scenarios? This is why LabCollector v6.0 and above gives you two options.
Go to Admin > Users & Staff > Manage group policies.

  • A. F>B/V: By selecting this, you can choose the “Full Access” option to supersede the “Block” and “View only” option for the common module between groups.
  • B. F<B/V: By selecting this, you can choose the “Block” and “View only” option to supersede the “Full Access” option for the common module between groups.

 

Note
Group policy rules overwrite individual user privileges. For example, if the storage option is enabled for visibility within a group, all users in that group will only have the ability to view storage. This restriction applies regardless of whether a user is an admin or staff member within the group; they will not be able to remove tubes or perform actions beyond the specified access level.

2. Existing group settings

To access this settings, go to Admin > Users & Staff > Manage Users.

  • 1. F, V & B is the short form for below access levels.
    F: Full Access
    V: View only – User access to the module is limited to only view/show data.
    B: Block access – Users can’t enter into the respective module. Blocked users will see that the module exists.
    : View ONLY Storage
  • 2. This option blocks the access to view all the storage system (including storage browser).
  • 3. With this option group, members will see all records in LabCollector. However, storage information will be limited to group members.
  • 4. By checking this option, group members will only see records and storage information from their own group. This applies to record creation and record ownership. Note that records owned by the super-admin will be visible to all users. Data can, therefore, be secured by the group. To take advantage of this you must have at least two groups.
  • 5. In this option, all users can see all orders in the purchase order management. There are no limitations except by user permissions.
  • 6. This option excludes access to full records. If you check this option with one of the over, the group will not see the Full Access records.
  • 7. Add-ons can also have restricted access: F: Full Access or B: Block access – Users can’t enter into the respective add-on.
  • 8. Once the group is set up, you can also restrict the group to a list of IPs (see KB-restrict access to Labcollector).
  • 9. (This option is now available for version 6.1): You can restrict the access to view/modify certain fields for a selected group, whether the field is on the main list, on the analysis tab, or on the registry book. (See screenshot below).

Records made by users not affiliated to a group will not be restricted and will remain visible to ALL users in any group. The super-admin does not belong to any group

You can purchase additional groups if you need more – please contact [email protected] or [email protected] (US and Canada).

 

Related topics: