-
Notifications
You must be signed in to change notification settings - Fork 22
Roles and rights specification
Julien Louis edited this page Jun 7, 2019
·
13 revisions
There are two levels of rights in Shanoir :
- General roles : apply globally to a user
- Study rights : apply to a user for a specific study
There are four categories of persons that uses Shanoir. Depending of their functions, they may view or edit some data while some other data should not be accessible or editable for them. Here is the list of those roles and their descriptions.
- USER : Depending on his rights on a study a user can be a researcher that want to use the collected data or an MRI operator / doctor that collects and organize the data in Shanoir. The main reason for this role is that despite his rights on any study, he is prevented from doing some operations in Shanoir that could alter the data quality (he cannot create studies or edit datasets, centers, coils, manufacturers, equipements, etc).
- EXPERT : The expert works with operators and doctors and administrate his studies. He is a trusted user that can create new studies, configure them and can edit the imported data more precisely. He can also create new entities like centers, coils, etc.
- ADMIN : This role is reserved to the technical support memebers and give the possibility to do almost everything in Shanoir.
In order to interract with a study, a user must be a member of it. His membership comes with certain rights.
- CAN_SEE_ALL : The member can see all the study's data.
- CAN_DOWNLOAD : The member can downlad data from this study.
- CAN_IMPORT : The member can import data in this study. Must come with CAN_SEE_ALL otherwise the user cannot see the data he has imported.
- CAN_ADMINISTRATE : The member can edit the study's parameters, the study's members and their rights and protocol files for this study.
Note : The Shanoir UI may check automatically some rights when selecting certains rights. For instance CAN_ADMINISTRATE will check every other right.
| USER | EXPERT | ADMIN | |
|---|---|---|---|
| CAN_SEE_ALL | x | x | x |
| CAN_DOWNLOAD | x | x | x |
| CAN_IMPORT | x | x | x |
| CAN_ADMINISTRATE | x | x |
We assume that an ADMIN has every right (except editing datasets)
| USER | EXPERT | ||
|---|---|---|---|
| View details | CAN_SEE_ALL | CAN_SEE_ALL | |
| STUDY | Create | ✗ | ✔ |
| (incl. protocol) | Edit / Delete | ✗ | CAN_ADMINISTRATE |
| View details | CAN_SEE_ALL | CAN_SEE_ALL | |
| DATASET | Download | CAN_DOWNLOAD | CAN_DOWNLOAD |
| DATASET ACQ | Create (ds acq) | CAN_IMPORT | CAN_IMPORT |
| Edit / Delete | ✗ | CAN_ADMINISTRATE | |
| View details | CAN_SEE_ALL | CAN_SEE_ALL | |
| SUBJECT | Create | CAN_IMPORT | CAN_IMPORT |
| EXAMINATION | Edit | ✗ | ✗ |
| Delete | ✗ | CAN_ADMINISTRATE | |
| View details | CAN_SEE_ALL | CAN_SEE_ALL | |
| SUBJECT-STUDY | Create | CAN_IMPORT | CAN_IMPORT || CAN_ADMINISTRATE |
| Edit | CAN_IMPORT | CAN_IMPORT || CAN_ADMINISTRATE | |
| Delete | ✗ | CAN_ADMINISTRATE | |
| View details | ✔ | ✔ | |
| equipment | Create | ✗ | ✔ |
| Edit / Delete | ✗ | ✔ | |
| IMPORT | Import | CAN_IMPORT | CAN_IMPORT |
| View | Only names | Only names | |
| USERS | Create / Delete | ✗ | ✗ |
| Edit | Only me - Only email / name / pwd | Only me - Only email / name / pwd | |
| Approve / Refuse | ✗ | ✗ | |
| NIFTI CONVERTER | View | ✔ | ✔ |