User Guide

Role-based access control

 

About role-based access

User access to features and data in a workspace is managed through a permissions model with multiple levels of access controlled roles. These are governed by a workspace Administrator.

This detailed level of role-based access control allows users to operate specific features of the platform, subject to having been given specific permission to do so.

All platform users are registered with a default set of permissions at a workspace level, based on a standard set of roles, (Observer, Standard User, Administrator and Contributor), as detailed in the descriptions and table below.

 

Access roles

 

Observer

The Observer role has the following curated permissions:

  • Can access, but not manipulate data or upload data via SFTP.
  • Can read documents, but cannot upload datafiles or files.
  • Can run mini-apps, but cannot create, publish, preview or delete them.
  • Can create notes, as well as edit and delete their own.
  • Can view/read list of workspaces that they have been granted access to, and view associated members.
  • Cannot view audit data.
 

Standard user

The Standard User role has the following curated permissions:

  • Can upload data via SFTP, and access/manipulate data.
  • Can create, collaborate on, and delete files.
  • Can create, preview, publish, delete and run mini-apps.
  • Can install, run and delete software in the virtual desktop in order to do analysis.
  • Can create notes, as well as edit and delete their own.
  • Can create comments, as well as edit and delete their own.
  • Can view/read list of workspaces that they have been granted access to, and view associated members.
  • Cannot view audit data.
 

Administrator

The Administrator role has the same permissions as a Standard User, however they also have the following additional authorisations:

  • Manage access to their workspace(s).
  • Access the audit of their workspace(s).
 

Contributor

The Contributor role is a limited role, which can support a workspace but cannot access its contents:

  • Can upload data via SFTP.
  • Can log into the web workspace, but cannot view or access any workspaces for which they are assigned the Contributor role.
 

Role-based privileges

List/Read Create Update Destroy Publish/Preview Run Install
Files
Datasets
Mini-apps
Audit
R Session
Comment/notes
Workspace
Workspace Members
Figure 6: Role-based privileges
Workspace Administrator, Standard User, Observer, Contributor
 

Managing workspace memberships and privileges

Workspace Administrators can invite members to, and remove them from, a workspace. They are responsible for ensuring that only appropriate individuals are invited to become members of their workspaces.

Before a user can be invited to a workspace they must have an AnalytiXagility account. Due to the sensitive data contained within AnalytiXagility, all account requests must be placed by the workspace Administrator to your Service Desk.

Once the requested person has been granted a user account, the Administrator can invite them to their workspace. This can be done by:

  • visiting the Administrator’s homepage to display their full list of workspaces
  • clicking on the workspace the new user should be added to

By clicking on ‘Invite or edit Members’ in the right-hand panel to display the ‘Edit Workspace Members’ window.

tools sidebar, grabbed on 17.01.17, using XAP version 1.19.1 2740-8759a, from https://edcvaatest04.aridhiatest.net/#/workspaces/1150

From here individual users can be selected by clicking ‘Invite’ next to their name.
edit workspace members, grabbed on 24.01.17, using XAP version 1.19.1 2740-8759a, from https://edcvaatest04.aridhiatest.net/#

Figure 7: Inviting users to a workspace

Note the status indicators to the right of the users name; this indicates if users have accepted the invite (green), or if the invite is still pending (yellow).

When the Administrator has added all required members, they should click ‘Save Changes’.

Removing users from a workspace can be done in the same manner, simply click the ‘Remove’ button beside the users to be removed.

 

To contact support, send an email to the Aridhia service desk: servicedesk@aridhia.com.