Role-Based Access Control (RBAC)

Modified on Wed, 3 Jan at 3:42 PM

This article provides an overview of how role-based access control works in Laboperator. In the following, you will find a description of Permissions, Roles, and Groups, as well as a general overview of all existing Permissions.


Rights to use functionalities in Laboperator, e.g. adding a Collection, are specified in Laboperator as Permissions. A set of Permissions can be unified through the definition of Roles. Read more about how to set up Roles and Permissions.


Applied to the environment of everyday laboratory work, Roles in the laboratory can be represented by different personas including:

  • Lab Technician: rights related to Workflow Run Execution.
  • Lab Manager: rights related to managing collections and workflow templates.
  • IT Admin: rights related to Connectors, Ports, and Devices.
  • QA Manager: right related to viewing user permission reports and signing/reviewing workflow runs.
  • Auditor: right related to viewing audit trails and workflow runs.


Once the respective Permissions for a Role are defined, the Role needs to be associated with the relevant Users and Collections. To do this, a Group needs to be defined. Here, a User can be assigned to multiple Roles and with that rights in the respective Collections


Note: Currently, a user's membership in different groups will provide the user with cumulative rights. If the separation of duties should be ensured, it is currently necessary to set up separate Laboperator user accounts for the same person. The ability to select a user to select a role when logging in (for users with membership in multiple groups) is a coming feature in Laboperator.




Permissions Overview

Below is an overview of all available permissions in Laboperator with a brief description of their meaning. Permissions are assigned through the definition of Roles.


PermissionDescription
Automation
View AutomationView Automations.
Add AutomationAdd new Automation.
Update AutomationEdit settings (name, state - active/inactive) of Automations.
Delete AutomationRemove a Resource of this type from the databank.
Collection
Add CollectionAdd Collections to an existing Collection to which the user also already has access.
Update CollectionEdit settings (name) of Collections.
Archive CollectionArchived Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user.
Restore CollectionRestore Collection that has been archived by the user already.
Delete CollectionRemove a Resource of this type from the databank.
Add Resource to CollectionAdd existing Resources (i.e. Workflow Templates, Connectors, etc.) to another Collection to which the user has access. Resources may exist in multiple Collections; all are linked to the same instance of the Resource.
Remove Resource from CollectionRemove access to a Resource from a Collection. Only allowed when the Resource is accessible in multiple Collections.
Connector
View ConnectorView/open Resources of this type located in Collections the user has access to.
Add ConnectorAdd a Resource of this type to a Collection the user has access to.
Update ConnectorChange the settings (name) of a Connector box.
Archive ConnectorArchive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user.
Restore ConnectorRestore Resources of this type archived by the user already.
Delete ConnectorRemove a Resource of this type from the databank.
Reset Device Drivers on ConnectorForce redownload the Drivers of all Devices connected to a certain Connector box/software. Used primarily during the development of new Drivers.
Dashboard
View DashboardView/open Resources of this type are located in Collections to which the user has access.
Add DashboardAdd a Resource of this type to a Collection the user has access to.
Update DashboardEdit the settings (name) of a Dashboard.
Archive DashboardArchive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user.
Restore DashboardRestore Resources of this type archived by the user already.
Delete DashboardRemove a Resource of this type from the databank.
Update Dashboard layoutEdit the layout of a Dashboard.
Reset Dashboard layoutReset the layout of a Dashboard to the layout it had upon being added.
Device
View DeviceView/open Resources of this type are located in Collections to which the user has access.
Update DeviceEdit the settings (name, custom attributes) of a Device.
Archive DeviceArchive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user.
Restore DeviceRestore Resources of this type archived by the user already.
Delete DeviceRemove a Resource of this type from the databank.
Send Command to DeviceSend commands from Laboperator to a Device.
Update Dashboard of DeviceEdit the settings (excluding the layout) of a Dashboard of a Device.
Reset Dashboard of DeviceReset the layout of a Dashboard for a Device to the layout it had upon being added.
Export Data Point of DeviceExport data points (measurements) of Devices to JSON/CSV/XLSX.
Event
Full access to Audit TrailAllow viewing Audit Trail entries for actions executed by other users or the system. By default, users can normally only view Audit Trail entries for events triggered by themselves.
Export Audit TrailAbility to export a PDF/CSV/etc. of the current filtered view of the Audit Trail.
Export
View ExportView/open Resources of this type are located in Collections to which the user has access.
Archive ExportArchive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user.
Restore ExportRestore Resources of this type archived by the user already.
Delete ExportRemove a Resource of this type from the databank.
Group
View GroupView Groups within Roles & Permissions.
Add GroupAdd a new Group within Roles & Permissions.
Update GroupEdit the name, Users, Collections, and Roles assigned to a Group.
Delete GroupRemove a Resource of this type from the databank.
Measurement
View MeasurementView/open Resources of this type are located in Collections to which the user has access.
Add MeasurementCreate a new Measurement for a Device the user has access to. Measurements are a logged set of Measurement values collected during a time period specified by the user.
Update MeasurementEdit the settings (start/stop times, description, select channel, custom attributes) of a Measurement.
Archive MeasurementArchive Resources of this type are located in collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user.
Restore MeasurementRestore Resources of this type archived by the user already.
Delete MeasurementRemove a Resource of this type from the databank.
Update Dashboard of MeasurementEdit the settings of a Dashboard of a Measurement.
Reset Dashboard of MeasurementReset the layout of a Dashboard for a Measurement to the layout it had upon being added.
Notification
View Notification SettingView the settings for a Notification.
Subscribe to Notification SettingSubscribe to a Notification the user has access to.
Add Notification SettingCreate a new global Notification.
Update Notification SettingEdit the settings (name/description) for a Notification the user has access to.
Update Trigger of Notification SettingAdd a trigger or edit the settings of a trigger for a Notification the user has access to.
Delete Notification SettingRemove a Resource of this type from the databank.
Oauth
View OAuth 2.0 ApplicationView applications.
Add OAuth 2.0 ApplicationAdd a new application.
Update OAuth 2.0 ApplicationEdit the settings (name, Redirect URI, scopes) of an application.
Delete OAuth 2.0 ApplicationRemove a Resource of this type from the databank.
Organization
Update Organization SettingUpdate the Organization's Settings (i.e. logo, time format, color/theme settings, etc.). Accessible from the "Details" section of an Organization.
Invite User to the OrganizationAdd users to the Organization. If the user does not yet have a Laboperator account, they will also have one created for them.
Remove User from the OrganizationRemoves the user's ability to access an organization. This action does NOT delete the user from the databank.
Port
Update Connector PortAllow Device simulation on a Port on a Connector box.
Link Device to Connector PortLink a Device to a Port on a Connector box via the "Connect" button.
Unlink Device from Connector PortUnlink a Device from a port on a Connector box via the "Unlink Device" button.
Role
View RoleView Roles within Roles & Permissions.
Add RoleAdd a new Role within Roles & Permissions.
Update RoleEdit the name of and Permissions assigned to a Role.
Delete RoleRemove a Resource of this type from the databank.
Sample
View SampleView/open Resources of this type are located in Collections to which the user has access.
Add SampleAdd a Resource of this type to a Collection the user has access to.
Update SampleEdit the settings (name/identifier) of Resources of this type in a Collection the user has access to.
Archive SampleArchive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user.
Restore SampleRestore Resources of this type archived by the user already.
Delete SampleRemove a Resource of this type from the databank.
Secret
View Organization SecretView organization-specific Secrets.
Add Organization SecretAdd a new organization-specific Secret.
Update Organization SecretEdit settings (key, value, description) of organization-specific Secrets.
Delete Organization SecretRemove a Resource of this type from the databank.
Approve access to Organization SecretApprove access to a Resource that requires access to an organization-specific Secret.
Reject access to Organization SecretReject access to a Resource that requires access to an organization-specific Secret.
Smart View / Saved Filter
View Smart ViewView/open Resources of this type are located in Collections to which the user has access.
Add Smart ViewAdd a Resource of this type to a Collection the user has access to.
Update Smart ViewEdit Resources of this type are located in Collections the user has access to.
Archive Smart ViewArchive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user.
Restore Smart ViewRestore Resources of this type archived by the user already.
Delete Smart ViewRemove a Resource of this type from the databank.
User
Update User AccountChange the Role of a user (e.g. admin vs. member). Legacy Permission is obsolete in RBAC.
Webhook Subscription
View Webhook SubscriptionView Webhooks Subscriptions.
Add Webhook SubscriptionAdd a new Webhook Subscription.
Update Webhook SubscriptionEdit settings (target URL, headers, trigger events) of Webhook Subscriptions.
Delete Webhook SubscriptionRemove a Resource of this type from the databank.
Workflow Run
View Workflow RunView/open Resources of this type are located in Collections to which the user has access.
Add Workflow Run based on blank Workflow Template
Create a new Workflow Run based on a blank template. This Workflow Run then requires Workflow Step Templates and the Permission to build Workflow Runs, e.g. via "Add Workflow Step to Workflow Run".
Add Workflow Run based on Workflow TemplateCreate a new Workflow Run based on a Workflow Template located in a Collection the user has access to.
Update Workflow RunUpdate settings (title, description, workflow template) of a Workflow Run.
Archive Workflow RunArchive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user.
Restore Workflow RunRestore Resources of this type archived by the user already.
Delete Workflow RunRemove a Resource of this type from the databank.
Start Workflow RunStart a Workflow Run located in a Collection the user has access to.
Complete Workflow RunMark a Workflow Run as completed. No more changes can be carried out in a completed Workflow Run.
Lock Workflow RunMark a Workflow Run as locked. No more changes can be carried out in a completed Workflow Run.
Pause Workflow RunMark a Workflow Run as paused. No actions can be carried out in a paused Workflow Run (e.g. measurement acquisition, data input, etc.) until it is marked active again.
Add Workflow Step to Workflow RunAdd Workflow Steps via Workflow Step templates located in a Collection the user has access to.
Move Workflow Step in Workflow RunChange the order of Workflow Steps in a Workflow Run that is still inactive (not yet started or completed).
Remove Workflow Step from Workflow RunRemove Workflow Steps from a Workflow Run that is still inactive (not yet started or completed).
Complete SubstepCarry out behaviors in a Workflow Run that trigger the "complete_substep" action, marking the Workflow Substep as completed.
Repeat SubstepRepeat a Workflow Substep, overwriting the data previously stored for this Workflow Substep. (Information about this change is still located in the Audit Trail.)
Trigger Workflow ActionExecute actions (i.e. clicking buttons, scanning) in a Workflow Run.
Update Workflow FieldEdit Workflow fields directly located in the UI of a Workflow Step.
Approve Update Request to Workflow FieldApprove update requests made by Workflow behaviors, e.g. data point trying to update Workflow Fields.
Cancel Update Request to Workflow FieldReject update requests made by Workflow behaviors, e.g. data point trying to update Workflow Fields.
View Comment on Workflow StepView comments left behind on a Workflow Step.
Add Comment to Workflow StepAdd comments to a Workflow Step.
Update Comment on Workflow StepEdit comments on a Workflow Step.
Archive Comment on Workflow StepArchive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user.
Restore Comment on Workflow StepRestore an "archived" comment in a Workflow Step.
Delete Comment on Workflow StepRemove a Resource of this type from the databank.
View Workflow Run SignaturesView electronic signatures that have been used to sign a Workflow Run.
Sign Workflow RunUse the electronic signature function to sign a Workflow Run.
Workflow Step Template
View Workflow Step TemplateView/open Resources of this type are located in Collections to which the user has access.
Add Workflow Step TemplateAdd a Resource of this type to a Collection the user has access to.
Archive Workflow Step TemplateArchive Resources of this type are located in collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user.
Restore Workflow Step TemplateRestore Resources of this type archived by the user already.
Delete Workflow Step TemplateRemove a Resource of this type from the databank.
Workflow Template
View Workflow TemplateView/open Resources of this type are located in Collections to which the user has access.
Add Workflow TemplateAdd a Resource of this type to a Collection the user has access to.
Archive Workflow TemplateArchive Resources of this type are located in Collections to which the user has access. The usage of "archive" here does not reflect the standard definition of moving data out of a productive environment. Archiving a Resource in Laboperator simply tags the Resource with a label that allows it to be filtered out of view to improve the overview of Resources for the user.
Restore Workflow TemplateRestore Resources of this type archived by the user already.
Delete Workflow TemplateRemove a Resource of this type from the databank.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article