Role Management

FAIR roles are groupings of permissions that can be assigned to users of the service. These roles can be managed via the user interface or API as described here. Two types of roles exist:

  • Managed: roles created and managed by Aridhia. The list of managed roles can be found here.
  • Custom: roles created and managed by the service administrator(s)

role_dropdown.png

The Role Management interface can be found from the Administer dropdown.

Viewing Roles

Roles can be viewed by navigating to the Roles panel. This displays the four Managed roles (Observer, Standard, Data Steward and Administrator) as well as any custom roles, e.g. Admin Data Steward shown below.

Default Roles_FAIR.png

The Roles panel displays the following information:

  • The Role display name
  • The Role ID as specified during creation
  • The Role description
  • The number of assigned permission split between the number of admin and non-admin permissions
  • The number of users assigned to the role as well as the number of users who have been approved to use FAIR (there can be cases where a user has a role but has not been approved to access the service yet)

Creating Roles

Roles can be created by selecting the 'New role' item in the 'Administer' dropdown or directly within the Roles panel above. A role creation dialog allows the following information to be specified:

  • ID: the optional ID for the role.
  • Name: the name of the role.
  • Based on: the name of an existing role to base the new role's permissions on. These can then be adjusted accordingly.
  • Description: an optional description for the role.

role_create.png

Default Role

A default role can be set, this means that all new users will be assigned the same role by default.

To do this click the 'Default' option in the Roles panel, and choose the role you wish to make the default. This can be a managed role or a custom role.

Assigning Permissions to Roles

After creating a role, or editing an existing role, permissions assigned to the role can be toggled on or off.

Updated permissions image.png

Permissions are categorised into the following sets:

  • Dataset permissions
  • Data Access Request (DAR) permissions (for DAR-enabled customers only)
  • Cohort Builder permissions
  • Administrative permissions
  • Collections administration permissions
  • Saved search permissions
  • User API access permissions

Permissions can also be discovered via the filter box situated on the top right of the panel.

When the required permissions are enabled, the 'Save' button will update the role's permissions with these taking affect immediately.

API Token Roles

Creating new API token roles follows the process detailed above for user roles, with one minor differences.

Some of the FAIR system tokens require the following Data access request permissions to manage approval workflows:

  • The token can notify data owners of pending requests (Workflows only)
  • The token can create a system token restricted to the request on behalf of a requester or approver (Workflows only)
  • The token can approve or deny a request (Workflows only)

If these are applied to a custom role, that role cannot be selected for a user generated long life token.

Updated on June 14, 2024

Was this article helpful?