For a system like Elements, ensuring that valid users only have access to the appropriate screens and data is a very important aspect of data security. People with access to someone else’s protocol or staff account (aka grant) would represent a considerable risk of deliberate or accidental meddling!
“I’m sure Joe down the hall would love to buy me these animals as a birthday present!”
Elements provides tools to ensure that this risk is managed. We think of access control in Elements as having two “axes”—the horizontal axis providing role-based access control to screens and menu items, while the vertical access provides protocol-based access to protocol and animal data. The intersection of these axes controls what a given user can do to which set of data.
Role-Based Access
Role-based access is controlled in the Administration module. Customers can create their own roles and assign access right to them. A given user can then be associated with one or multiple roles. Typical roles include PI, IACUC Member, IRB Manager, Vet Tech, etc.
For an Administrator at a large facility, this can represent an ongoing workload if staff turnover is significant. The users have to be associated to their roles even if some kind of authentication automation is being used. There are ways to automate all or part of this admin burden via web service integration. If you need help, contact us!
Protocol-Based Access
The protocol-based access control (which internally in our local TOPAZ dialect we refer to as “row security”) is all based on the protocol. Essentially, users who are not some type of admin with “access all” superpower can only access data related to protocols where they are some kind of associate. I can only order animals against “my” protocols, can only see the cage population for “my” protocols, and can only review animal health issues on “my” animals.
