Core LIMS Training: User Management

User Accounts Licenses may be charged by site, # of concurrent users, or individual named user – check with your contract or salesperson for more details To ensure data integrity and complete traceability, each person that views or enters data in the LIMS should have their own user account You may also want to provide external contractors/collaborators direct (but limited) access to your data with their own user accounts Core will automatically create any database user accounts it needs on the backend (be sure to check that you are in compliance with any database provider (Oracle) licenses) You can create new user accounts individually or batch import a spreadsheet CONFIDENTIAL

Finding Current User Records 1) Select the LIMS Administration section in the Application Menu 2) Select Employee> List All CONFIDENTIAL

Viewing All User Records Click on a hyperlink to view an Employee record To see a more complete list in one page, modify the Records per Page Scroll through the pages to see more records CONFIDENTIAL

Employee Details Just like compounds or experiments, every user will have a record Click on the Edit Icon to change a user setting (like password or security settings) CONFIDENTIAL

How Do I Create a New User? 1) Select the LIMS Administration section in the Application Menu 2) Select Employee> Create 2) OR click on a link from a gadget CONFIDENTIAL

Create New User Page Tip: If creating many users at the same time you can use the Entity Loader Name will be barcode if left blank; must be unique Required fields have an asterisk by them Users will be able to change their own passwords later (unless you are configured with an LDAP) After all required and desired fields are entered, click Create New at the bottom of the page to make the account CONFIDENTIAL

Managing User Access User records that are inactive will not be able to log into the system at all Users can never be deleted from the system, but they can be deactivated Users can be assigned to one or more Access Levels – each access level will give various read/write/edit privileges on different entities in the system Administrators can configure and edit as many Access Levels as needed; however to simplify management, it is recommended to define a few generic user roles based on a data function they perform (view chemistry data, approve biology data, etc.) The system can also be configured to limit users to specific Projects (if Project-Level security is activated) Users can also have Application menus hidden to limit access The individual user access is an aggregate of Application, Access Level and Project settings CONFIDENTIAL

Editing Access for a User Click on the Edit Icon to edit a record View a detailed report of Read/Write/Edit privileges of every object in the system for user Deselect the Active checkbox to block a user from logging in Select Access level(s) so that users will be able to read/write/edit to the objects they need to (Use Control Key to select multiple levels) Can also turn on project security for a user Select Application(s) so that users will be able to get to the dashboards and Java menus they need (Use Control Key to select multiple applications) CONFIDENTIAL Don’t forget the Update button to save your changes

Canned Access Levels You can assign one or more common access levels to a user: Admin Access – this access level will generally give a user the right to read, write, and edit all objects in the LIMS; it will give a user full access to the administration panel to configure system changes; it will allow them to change their own permissions Data Generator – this access level gives users the right to read, write, and edit common objects in the LIMS needed to register samples and enter experimental data, but not full access to administration functions Data Viewer or View-All – these access levels give users the right to view, but not create or modify most common objects in the LIMS Default – this access level allows a user to just log in, but not much else Signed Entity Edit – this access level gives users the correct permissions to use the ELN CONFIDENTIAL

Can I Edit the Access Levels? 1) From any user record, click on the hyperlink of the Access Level you want to edit 2) Click on the Edit Icon on the Access Level Details page 3) Adjust the Read/Write/Edit privileges on entities as desired 4) Select the Update button to save the changes CONFIDENTIAL

Can I Make Custom Access Levels? Yes! As many as you want… Go to the Main Administration Panel Select List All Entity types for Access Level 3) Select New by the Access Level Entity Type CONFIDENTIAL 5/8/2018 Confidential

What is Application Security? Users will only be able to see the applications that have been associated to their user record in the Application menu in the upper right corner Gadget shortcuts to canned applications will also only work if your user record has an association to the application Selecting an application will automatically change the Application-Specific menus on the left side of the page and display any application dashboards CONFIDENTIAL Note: Users may be able to access some menus from the Entity Type menu on a record outside of an application

What is Project-Based Security? Every record in the LIMS must be associated to one or more projects; by default, any record not specified is associated to the General project By default, project-based security is turned off When project-based security is turned on for a user, that user will only see the records that are associated to the projects that the user is associated to To turn on project-based security, you have to turn multiple Booleans on: on the System configuration page on each Entity Type you want to limit (like samples, experiments, etc.); by default entity types Booleans are set to true on each user you want to limit If you do not need this high level of security, it is recommended to leave the setting off; if a user forgets to assign an appropriate project to a record, other colleagues may be unaware of the record’s existence CONFIDENTIAL

Tips For Setting User Security Set Access Levels first Decide what user types you will need (biology data approver, project manager, chemist who performs sample registration, etc.) and create access levels for each group Customize what read/write/edit privileges each access level will need on each entity type to perform their roles There is no limit to the number of access levels, but a simpler list is easier to maintain and control Define user applications next Decide what applications each user type will need access to see the dashboards and menus they need to perform their roles Consider creating custom applications or modifying existing applications for user groups who may only need some functionality of an application, but may be overwhelmed or difficult to support if presented with extra functionality Turn on Project-based Security if you need it Test the access level/application/project settings on a dummy user account before assigning them to real users CONFIDENTIAL

User Logs 1) Select the LIMS Administration menu 2) Choose User Audit Logs from the Employee Toolbar User Audit Logs = activity for a specific user Recent System Activity = activity for all users 3) Select Audit Log for the desired user CONFIDENTIAL

Example User Activity Log Detailed logs are organized by user for all activity within the last 2 weeks by default; Use the calendar hyperlinks to change the date ranges Click on View hyperlink to see the record user viewed CONFIDENTIAL