Permissions Detail
Permissions controlling access to functionality in the Ovation LIMS can be held at one of three access levels: Read, Write and Admin. Each level is inclusive of the previous: Admin access confers the access defined for Write access; Write access confers the access defined for Read.
Functional permissions sometimes pertain to information that is held within a project (requisitions, samples ...). In those cases, the user must have that permission through a role granted to them at the organization level and also be added to the project's user list. In this context, the role in the project user list does not matter.
Roles on the project user list do matter for one thing: results report signing. Requisitions can be configured to require that results reports are signed by a user with a certain role (or by multiple users with different roles). In this context, the role granted to the user on the project is considered.
Permissions controlling access to documents work differently (as described in Documentation Permissions below).
Note: The role called "Admin" confers certain access to users, even if they do not have the otherwise required permission. These exceptions are listed in Administration Permissions below.
The implication of granting each available permission is defined below according to the category of the permission:
- Administration Permissions
- Analytics Permissions
- Biobanking Permissions
- Configuration Permissions
- Document Permissions
- Inventory Permissions
- Project Permissions
- Requisition Permissions
- Training Permissions
- Workflow Permissions
- Webhook Permissions
Administration Permissions
| Permission | Read | Write | Admin |
|---|---|---|---|
| Manual Notifications | This permission is obsolete | |
|
| Org Permissions | N/A | N/A | View and modify role and document folder permissions This access is implicitly conferred to users granted a role called "Admin" |
| Org Roles & Permissions | Enables Roles & Permissions and Documents tab | N/A | View, create, rename and delete roles and document folders (but only if the user also has Admin on Org Permissions) This access is implicitly conferred to users granted a role called "Admin" |
| Org Security | N/A | Modify organization security settings (under Settings > Security) |
Same as Write |
| Org User Roles | N/A | N/A | View and modify user role grants This access is implicitly conferred to users granted a role called "Admin" |
| Org Users | View users | Create, modify and delete users | Same as Write This access is implicitly conferred to users granted a role called "Admin" |
| Sales | View Sales Accounts, Provider Accounts, Providers and Contacts | Modify and delete Sales Accounts, Provider Accounts, Providers and Contacts | Same as Write |
Analytics Permissions
| Permission | Read | Write or Admin |
|---|---|---|
| Analytics | Required to access the Analytics menu View Turnaround Times pages View Fax History and re-send faxes View the Turnaround Time History, Reports Signed and Samples by Stage charts on the Project Dashboard |
Same as Read |
| ASP Reporting | Download ASP reports View the report generation schedule |
Generate reports and schedule report generation |
| COVID-19 Reporting | Download COVID-19 reports View the report generation schedule |
Generate reports and schedule report generation |
| Infectious Disease Reporting | Download Infectious Disease reports |
Generate reports |
| QC Workflow Reports | Download QC Workflow reports | Generate reports |
| Requisition Reports | Download Requisition Reports View the report generation schedule |
Generate reports and schedule report generation |
Biobanking Permissions
| Permission | Read | Write or Admin |
|---|---|---|
| Biobanks | Select Receiver for a shipment (needed to create or modify a shipment) | Same as Read |
| Shipments | View shipments | Create, modify and delete shipments |
Configuration Permissions
| Permission | Read | Write or Admin |
|---|---|---|
| Billing Settings | View billing settings and billing submissions (More > Lab > Billing Settings) | Modify billing settings |
| Instruments | View instruments (More > Lab > Instruments) | Create, modify and delete instruments |
| Integrations | View integration configuration and event logs (More > Lab > Integrations) | Modify integration configuration |
| Plating Configuration | View plating configurations (More > Lab > Plating Configurations) Required to use plating configuration in workflows |
Create, modify and delete plating configurations |
| System Settings | View organizational settings (More > Settings > System Settings) | Modify organizational settings |
| Test Configurations | N/A | View, create, modify and delete configurations on tests |
| Test Genes | View tests definitions, including test configurations (More > Lab > Test Panels) | Create, modify and delete tests (not including test configurations) |
| Test Panels | View test panel definitions (More > Lab > Test Panels) | Create, modify and delete test panels |
Document Permissions
Access to documents in the Ovation LIMS is controlled by access levels granted for document folders:
- View access on a folder allows users to see what files are in the folder
- Read access on a folder allows users to see the contents of the files in that folder (previewing and downloading)
- Write access on a folder allows users to create, modify
- Admin access on a folder allows users to delete files in that folder
These permissions depend on how they are held. If the role (that includes this access) is granted at the organization level, the user can access documents in that folder at the organization level (under More > Documents). If it is granted on a project, then they can access documents in that folder in that project (in the Documents tab on the project and on any requisition in that project).
Note that patient result reports are actually documents (stored in the Incomplete Documents or Complete Documents folder for the requisition). Users must have the appropriate document permission in order to preview those reports (in a requisition's Reports tab).
There is one regular permission pertaining to documents:
| Permission | Read, Write or Admin |
|---|---|
| Documents | Enables the Documents menu (for access to documents at the organization level Enables Documents Requiring Signature on the organization dashboard |
Inventory Permissions
| Permission | Read | Write or Admin |
|---|---|---|
| Containers | View containers (More > Containers) | Create, modify and delete containers |
| Inventory Management | View controls and adapters (More > Lab > Controls and More > Lab > Adapters) | Create, modify and delete controls and adapters |
| Samples | View samples under the Samples menu; only samples on the projects the user is on are listed | Same as Read |
Project Permissions
| Permission | Read | Write | Admin |
|---|---|---|---|
| Project Settings | View project settings | Modify project settings (except report and billing configuration) | Modify report and billing configuration |
| Project User Roles | View project users | Add and remove project users | Same as Write |
| Projects | Required to view any project (users must also be on the project's user list |
Create projects | Delete projects |
Requisition Permissions
| Permission | Read | Write or Admin |
|---|---|---|
| Requisition Signature | N/A | Sign requisition results reports |
| Requisitions | View requisitions, including samples Enables Unsigned Requisitions and Rejected Samples on the organization dashboard |
Create, modify and delete requisitions and requisition templates Regenerate reports Create provider accounts (as secondary provider accounts on a requisition) Queue samples to workflow types |
| Report Generation | N/A | Generate a report through this API |
| Report Re-generation Status | N/A | Set the report type (either "Final" or "Correction") when re-generating a report |
| Report Release | View Report Release on the organization dashboard | Use Report Release |
Training Permissions
The Org Training Packages and Training permissions are obsolete.
Workflow Permissions
| Permission | Read | Write or Admin |
|---|---|---|
| Workflows | View workflows, including all activities, and queues View Active Workflows on the organization dashboard |
Create and modify workflows, including all activities |
| Activities | View information about any activity in a workflow | Modify, submit and undo any activity in a workflow |
| All other permissions in the Workflow category | View information about activity of that type in a workflow | Modify, submit and undo activities of that type in a workflow |
Webhook Permissions
Webhook administration must be done through the API and two permissions control that: Webhook Administrator and Webhook User. Their usage is defined in the article that describes these APIs.