This article provides an overview of how role-based access control works in Laboperator. In the following, you will find a description of Permissions, Roles, and Groups, as well as a general overview of all existing Permissions.
Rights to use functionalities in Laboperator, e.g. adding a Collection, are specified in Laboperator as Permissions. A set of Permissions can be unified through the definition of Roles. Read more about how to set up Roles and Permissions.
Applied to the environment of everyday laboratory work, Roles in the laboratory can be represented by different personas including:
- Lab Technician: rights related to Workflow Run Execution.
- Lab Manager: rights related to managing collections and workflow templates.
- IT Admin: rights related to Connectors, Ports, and Devices.
- QA Manager: right related to viewing user permission reports and signing/reviewing workflow runs.
- Auditor: right related to viewing audit trails and workflow runs.
Once the respective Permissions for a Role are defined, the Role needs to be associated with the relevant Users and Collections. To do this, a Group needs to be defined. Here, a User can be assigned to multiple Roles and with that rights in the respective Collections.
Note: Currently, a user's membership in different groups will provide the user with cumulative rights. If the separation of duties should be ensured, it is currently necessary to set up separate Laboperator user accounts for the same person. The ability to select a user to select a role when logging in (for users with membership in multiple groups) is a coming feature in Laboperator.
Permissions Overview
Below is an overview of all available permissions in Laboperator with a brief description of their meaning. Permissions are assigned through the definition of Roles.
| Permission | Description |
| Automation | |
| View Automation | View Automations. |
| Add Automation | Add new Automation. |
| Update Automation | Edit settings (name, state - active/inactive) of Automations. |
| Delete Automation | Remove a Resource of this type from the databank. |
| Collection | |
| Add Collection | Add Collections to an existing Collection to which the user also already has access. |
| Update Collection | Edit settings (name) of Collections. |
| Archive Collection | Archived Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user. |
| Restore Collection | Restore Collection that has been archived by the user already. |
| Delete Collection | Remove a Resource of this type from the databank. |
| Add Resource to Collection | Add existing Resources (i.e. Workflow Templates, Connectors, etc.) to another Collection to which the user has access. Resources may exist in multiple Collections; all are linked to the same instance of the Resource. |
| Remove Resource from Collection | Remove access to a Resource from a Collection. Only allowed when the Resource is accessible in multiple Collections. |
| Connector | |
| View Connector | View/open Resources of this type located in Collections the user has access to. |
| Add Connector | Add a Resource of this type to a Collection the user has access to. |
| Update Connector | Change the settings (name) of a Connector box. |
| Archive Connector | Archive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user. |
| Restore Connector | Restore Resources of this type archived by the user already. |
| Delete Connector | Remove a Resource of this type from the databank. |
| Reset Device Drivers on Connector | Force redownload the Drivers of all Devices connected to a certain Connector box/software. Used primarily during the development of new Drivers. |
| Dashboard | |
| View Dashboard | View/open Resources of this type are located in Collections to which the user has access. |
| Add Dashboard | Add a Resource of this type to a Collection the user has access to. |
| Update Dashboard | Edit the settings (name) of a Dashboard. |
| Archive Dashboard | Archive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user. |
| Restore Dashboard | Restore Resources of this type archived by the user already. |
| Delete Dashboard | Remove a Resource of this type from the databank. |
| Update Dashboard layout | Edit the layout of a Dashboard. |
| Reset Dashboard layout | Reset the layout of a Dashboard to the layout it had upon being added. |
| Device | |
| View Device | View/open Resources of this type are located in Collections to which the user has access. |
| Update Device | Edit the settings (name, custom attributes) of a Device. |
| Archive Device | Archive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user. |
| Restore Device | Restore Resources of this type archived by the user already. |
| Delete Device | Remove a Resource of this type from the databank. |
| Send Command to Device | Send commands from Laboperator to a Device. |
| Update Dashboard of Device | Edit the settings (excluding the layout) of a Dashboard of a Device. |
| Reset Dashboard of Device | Reset the layout of a Dashboard for a Device to the layout it had upon being added. |
| Export Data Point of Device | Export data points (measurements) of Devices to JSON/CSV/XLSX. |
| Event | |
| Full access to Audit Trail | Allow viewing Audit Trail entries for actions executed by other users or the system. By default, users can normally only view Audit Trail entries for events triggered by themselves. |
| Export Audit Trail | Ability to export a PDF/CSV/etc. of the current filtered view of the Audit Trail. |
| Export | |
| View Export | View/open Resources of this type are located in Collections to which the user has access. |
| Archive Export | Archive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user. |
| Restore Export | Restore Resources of this type archived by the user already. |
| Delete Export | Remove a Resource of this type from the databank. |
| Group | |
| View Group | View Groups within Roles & Permissions. |
| Add Group | Add a new Group within Roles & Permissions. |
| Update Group | Edit the name, Users, Collections, and Roles assigned to a Group. |
| Delete Group | Remove a Resource of this type from the databank. |
| Measurement | |
| View Measurement | View/open Resources of this type are located in Collections to which the user has access. |
| Add Measurement | Create a new Measurement for a Device the user has access to. Measurements are a logged set of Measurement values collected during a time period specified by the user. |
| Update Measurement | Edit the settings (start/stop times, description, select channel, custom attributes) of a Measurement. |
| Archive Measurement | Archive Resources of this type are located in collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user. |
| Restore Measurement | Restore Resources of this type archived by the user already. |
| Delete Measurement | Remove a Resource of this type from the databank. |
| Update Dashboard of Measurement | Edit the settings of a Dashboard of a Measurement. |
| Reset Dashboard of Measurement | Reset the layout of a Dashboard for a Measurement to the layout it had upon being added. |
| Notification | |
| View Notification Setting | View the settings for a Notification. |
| Subscribe to Notification Setting | Subscribe to a Notification the user has access to. |
| Add Notification Setting | Create a new global Notification. |
| Update Notification Setting | Edit the settings (name/description) for a Notification the user has access to. |
| Update Trigger of Notification Setting | Add a trigger or edit the settings of a trigger for a Notification the user has access to. |
| Delete Notification Setting | Remove a Resource of this type from the databank. |
| Oauth | |
| View OAuth 2.0 Application | View applications. |
| Add OAuth 2.0 Application | Add a new application. |
| Update OAuth 2.0 Application | Edit the settings (name, Redirect URI, scopes) of an application. |
| Delete OAuth 2.0 Application | Remove a Resource of this type from the databank. |
| Organization | |
| Update Organization Setting | Update the Organization's Settings (i.e. logo, time format, color/theme settings, etc.). Accessible from the "Details" section of an Organization. |
| Invite User to the Organization | Add users to the Organization. If the user does not yet have a Laboperator account, they will also have one created for them. |
| Remove User from the Organization | Removes the user's ability to access an organization. This action does NOT delete the user from the databank. |
| Port | |
| Update Connector Port | Allow Device simulation on a Port on a Connector box. |
| Link Device to Connector Port | Link a Device to a Port on a Connector box via the "Connect" button. |
| Unlink Device from Connector Port | Unlink a Device from a port on a Connector box via the "Unlink Device" button. |
| Role | |
| View Role | View Roles within Roles & Permissions. |
| Add Role | Add a new Role within Roles & Permissions. |
| Update Role | Edit the name of and Permissions assigned to a Role. |
| Delete Role | Remove a Resource of this type from the databank. |
| Sample | |
| View Sample | View/open Resources of this type are located in Collections to which the user has access. |
| Add Sample | Add a Resource of this type to a Collection the user has access to. |
| Update Sample | Edit the settings (name/identifier) of Resources of this type in a Collection the user has access to. |
| Archive Sample | Archive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user. |
| Restore Sample | Restore Resources of this type archived by the user already. |
| Delete Sample | Remove a Resource of this type from the databank. |
| Secret | |
| View Organization Secret | View organization-specific Secrets. |
| Add Organization Secret | Add a new organization-specific Secret. |
| Update Organization Secret | Edit settings (key, value, description) of organization-specific Secrets. |
| Delete Organization Secret | Remove a Resource of this type from the databank. |
| Approve access to Organization Secret | Approve access to a Resource that requires access to an organization-specific Secret. |
| Reject access to Organization Secret | Reject access to a Resource that requires access to an organization-specific Secret. |
| Smart View / Saved Filter | |
| View Smart View | View/open Resources of this type are located in Collections to which the user has access. |
| Add Smart View | Add a Resource of this type to a Collection the user has access to. |
| Update Smart View | Edit Resources of this type are located in Collections the user has access to. |
| Archive Smart View | Archive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user. |
| Restore Smart View | Restore Resources of this type archived by the user already. |
| Delete Smart View | Remove a Resource of this type from the databank. |
| User | |
| Update User Account | Change the Role of a user (e.g. admin vs. member). Legacy Permission is obsolete in RBAC. |
| Webhook Subscription | |
| View Webhook Subscription | View Webhooks Subscriptions. |
| Add Webhook Subscription | Add a new Webhook Subscription. |
| Update Webhook Subscription | Edit settings (target URL, headers, trigger events) of Webhook Subscriptions. |
| Delete Webhook Subscription | Remove a Resource of this type from the databank. |
| Workflow Run | |
| View Workflow Run | View/open Resources of this type are located in Collections to which the user has access. |
Add Workflow Run based on blank Workflow Template | Create a new Workflow Run based on a blank template. This Workflow Run then requires Workflow Step Templates and the Permission to build Workflow Runs, e.g. via "Add Workflow Step to Workflow Run". |
| Add Workflow Run based on Workflow Template | Create a new Workflow Run based on a Workflow Template located in a Collection the user has access to. |
| Update Workflow Run | Update settings (title, description, workflow template) of a Workflow Run. |
| Archive Workflow Run | Archive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user. |
| Restore Workflow Run | Restore Resources of this type archived by the user already. |
| Delete Workflow Run | Remove a Resource of this type from the databank. |
| Start Workflow Run | Start a Workflow Run located in a Collection the user has access to. |
| Complete Workflow Run | Mark a Workflow Run as completed. No more changes can be carried out in a completed Workflow Run. |
| Lock Workflow Run | Mark a Workflow Run as locked. No more changes can be carried out in a completed Workflow Run. |
| Pause Workflow Run | Mark a Workflow Run as paused. No actions can be carried out in a paused Workflow Run (e.g. measurement acquisition, data input, etc.) until it is marked active again. |
| Add Workflow Step to Workflow Run | Add Workflow Steps via Workflow Step templates located in a Collection the user has access to. |
| Move Workflow Step in Workflow Run | Change the order of Workflow Steps in a Workflow Run that is still inactive (not yet started or completed). |
| Remove Workflow Step from Workflow Run | Remove Workflow Steps from a Workflow Run that is still inactive (not yet started or completed). |
| Complete Substep | Carry out behaviors in a Workflow Run that trigger the "complete_substep" action, marking the Workflow Substep as completed. |
| Repeat Substep | Repeat a Workflow Substep, overwriting the data previously stored for this Workflow Substep. (Information about this change is still located in the Audit Trail.) |
| Trigger Workflow Action | Execute actions (i.e. clicking buttons, scanning) in a Workflow Run. |
| Update Workflow Field | Edit Workflow fields directly located in the UI of a Workflow Step. |
| Approve Update Request to Workflow Field | Approve update requests made by Workflow behaviors, e.g. data point trying to update Workflow Fields. |
| Cancel Update Request to Workflow Field | Reject update requests made by Workflow behaviors, e.g. data point trying to update Workflow Fields. |
| View Comment on Workflow Step | View comments left behind on a Workflow Step. |
| Add Comment to Workflow Step | Add comments to a Workflow Step. |
| Update Comment on Workflow Step | Edit comments on a Workflow Step. |
| Archive Comment on Workflow Step | Archive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user. |
| Restore Comment on Workflow Step | Restore an "archived" comment in a Workflow Step. |
| Delete Comment on Workflow Step | Remove a Resource of this type from the databank. |
| View Workflow Run Signatures | View electronic signatures that have been used to sign a Workflow Run. |
| Sign Workflow Run | Use the electronic signature function to sign a Workflow Run. |
| Workflow Step Template | |
| View Workflow Step Template | View/open Resources of this type are located in Collections to which the user has access. |
| Add Workflow Step Template | Add a Resource of this type to a Collection the user has access to. |
| Archive Workflow Step Template | Archive Resources of this type are located in collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user. |
| Restore Workflow Step Template | Restore Resources of this type archived by the user already. |
| Delete Workflow Step Template | Remove a Resource of this type from the databank. |
| Workflow Template | |
| View Workflow Template | View/open Resources of this type are located in Collections to which the user has access. |
| Add Workflow Template | Add a Resource of this type to a Collection the user has access to. |
| Archive Workflow Template | Archive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user. |
| Restore Workflow Template | Restore Resources of this type archived by the user already. |
| Delete Workflow Template | Remove a Resource of this type from the databank. |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article