Institution and Repository

Topics:

Institution

Institution is a property of a user account used to organize users. A user must belong to exactly one institution. Users can be grouped by Institution to more easily:

  • Assign roles
  • Share templates & reports
  • Manage different types of users

Local Administrators can only update and add user accounts under their institution, while Database Managers may create/edit accounts in any non-IMS institution. Institution is also used to organize users' reports, data entry templates, requisition task templates, requisition property templates, and labels under an institutional directory. Users can only view/share these items with other users in their institution. On BSI Engage, a user's Institution value also controls the shipments and requisitions they are able to search for.

Repositories are separate from Institutions. Many repositories can exist with a single institution on the database, or a single repository with many institutions. Every database will have at least two institutions, one of which will be IMS. It is to this institution that all IMS users and support members are assigned. The other/s will be for accounts belonging to database users.

Repository

In BSI, a repository represents an entity that is responsible for receiving, storing, processing, and/or disseminating all or part of a specimen collection. These entities might be labs, collection centers, storage facilities, or other types of facilities.

Repositories are:

  • A physical or virtual location. Each repository has its own defined storage location hierarchy in the Locations manager.
  • The custodial owner of specimens assigned to them.
  • A property of requisitions and batches. 
  • Used to determine what specimens, requisitions, and batches a user can view/edit, depending on the Current Repository they logged in under.

Users will have access to different specimens, depending on their repositories. Users can:

  • Only edit specimens which currently belong to the same Repository that they are currently logged into.
  • Users can add any specimen they have permission to view to a requisition, but may only perform tasks on specimens in the their current repository.
  • Have access to multiple repositories.
    • They can only be logged in under one repository at a time.
    • They may see different specimens depending on which repository they are currently logged into.

Repository Access Levels

All repositories have an “Access Level” value which determines what types of specimens users logged into the repository can view/edit. This is not the same as the "Access Level" assigned to a user's account via the User Administration manager.

Regardless of Repository Access Level, all users may view and edit specimens from studies where the "Requires Authorization" property is set to False/No.Users with permission to run reports or to access the Subjects manager may view general subject data for all subjects in the database. All users must have study permissions to view study-specific subject fields for studies that require authorization. A system preference exists to require study permissions to view general subject data as well. For more information, contact IMS.

The following Access Levels are available for repositories:

All Access – Personnel logged into these repositories will be able to:

  • View and report on all specimen data in the database
  • Add and modify specimens owned by their repository according to their assigned role permissions
  • View and edit subject data only if they have been granted explicit study permissions. 
Example: Across the country, Ronald Fisher has been tasked with managing a database for a single company that stores specimens for multiple repositories. He chooses to make the company’s main repository in his database ‘All Access’ so that his staff will be able to view and report on all specimens in the database. He grants study permissions to certain managers who will also need to access to the subject data stored in BSI.

Custodial Access – Personnel logged into these repositories will be able to:

  • View specimen data for all specimens that currently belong to their repository or have belonged to their repository in the past. 
  • Add and modify specimens owned by their repository according to their assigned role permissions
  • View and edit subject data only if they have been granted explicit study permissions

They do not have access to view the specimen data that belongs to other repositories for studies that require authorization, UNLESS: the specimens had once belonged to their repository, or their repository is listed as a trusted repository for the repository of the specimens they are trying to view.

Example: Inge Lehmann does not need overly strict security but still would like to limit her staff’s ability to view specimens they will not be directly working with. She chooses to have ‘Custodial Access’ for her repository so that her users can view specimens that are currently in or have belonged to her repository at some point in past.

Advanced Custodial Access – Personnel logged into these repositories will be able to:

  • View all specimen data that currently belongs to their repository
  • Add and modify specimens owned by their repository according to their assigned role permissions
  • View and edit subject data only if they have been granted explicit study permissions

They do not have access to view the specimen data that belongs to other repositories for studies that require authorization, UNLESS: their repository is listed as a trusted repository for the repository of the specimens they are trying to view.

Example: Dr. Jekyll needs Mr Hyde's repository users to be able to see specimens he transfers to them for processing, but does not want those users to be able to view data on the specimens once they are returned back to Dr. Jekyll. He will set up Mr. Hyde's repository as an Advanced Custodial repository, to prevent those users from seeing specimens which they do not currently possess.

Study Access Only – Personnel logged into these repositories will be able to:

  • View and manipulate specimen data for studies that they have been specifically granted access
  • Add and modify specimens owned by their repository according to their assigned role permissions
  • View and edit subject data only if they have been granted explicit study permissions

Users at Study Access Only repositories must have both role permissions and study authorizations to view specimens, perform actions on specimens, and view or edit subject data.

Example: A new lab would like to use BSI to keep track of its specimens. Dr. Ada Lovelace needs a high level of security since each of her studies have very sensitive information and only select people will be given access to the data. She chooses to have a repository with ‘Study Access Only’ so that her staff must be authorized for each study to view specimens and subjects. She will have to ensure all of her repository's studies require authorization. The Access Level of other repositories may need to be reevaluated if those users should also be prevented from seeing specimens from the new repository without study authorization. 

Non-Repository Users

Users accounts can be granted which do not have access to any repositories. Non-repository users:

  • Will not be able to edit any specimen data.
  • Will be able to view any specimens which are not part of a study that requires authorization.
  • Must be given explicit authorization for restricted studies to view specimens or manage study authorizations.
  • These users will also require explicit authorization to view subject data.
  • Can create new shipments and requisitions (with the corresponding role permissions) in the client or BSI Engage.

Trusted Repositories

A repository can grant access to view specimen records to another repository's users, if it is a Trusted Repository. Users in the Trusted Repository will not be able to edit specimen data outside their own repository. Trust view will not allow users in the Trusted Repository to view subject or consent data. Trusted repositories can be set up via the Repository code list. 

Example: A database has the following repositories:

  • Repository Alpha is a processing lab
  • Repository Beta is a QA lab
  • Repository Gamma is the main repository

Users in repository Gamma need access to view all the specimens on the database. Users in repository Alpha and Beta should not be able to view each other's specimens but  need to be able to request specimens from the main repository for processing. When setting up the repositories, administrators configure the 3 repositories to restrict view access appropriately:

  • Repository Alpha - All Access, with repositories Beta & Gamma listed as Trusted Repositories
  • Repository Beta - Advanced Custodial Access
  • Repository Gamma - Advanced Custodial Access

Adding new repositories and groups to the database

When adding a new group to your existing database, the most important first step is to identify how the new users and specimens will be expected to interact with the existing users and specimens. Some questions to consider:

  • Should any existing users have access to the new group’s data?
  • Should the new users have access to any existing data?
  • Will the new users need to share resources (templates, reports, labels) with the existing users?

After identifying what the relationships between the existing and new groups will be, the next step is to review the existing security settings for each repository. While reviewing, verify that these settings will support the new relationships they will have with the new group. Updates to these existing repositories may be necessary to support the new security model. The table and chart below may be helpful in determining what data is available to users in the existing repositories.

What data can users see?

In the table below, user repository types are shown as columns and data types are shown as rows. In the cells where those items overlap, a green X indicates that users can see that type of data, while a red dash indicates that they cannot see that type of data.

 

User’s Repository

All Access users

Custodial Access users

Advanced Custodial Access users

Study Access Only users

Non repository users

Type of Data

 

 

 

 

 

Specimens

Studies not requiring authorization

X

X

X

X

X

Studies requiring authorization that the user has permission to

In any repository

x

-

-

x

X

Currently In the user’s repository

X

X

X

X

 

Was previously in the user’s repository, but not currently

X

X

-

X

 

Has never been in the user’s repository

X

-

-

X

 

Is in a repository that trusts the user’s repository

X

X

X

X

 

Studies requiring authorization that the user does not have permission to

Currently In the user’s repository

X

-

-

-

-

Was previously in the user’s repository, but not currently

X

X

-

-

-

Has never been in the user’s repository

X

-

-

-

-

Is in a repository that trusts the user’s repository

X

X

X

-

-

Subjects

Studies the user has subject permission for

X

X

X

X

X

Studies the user does not have subject permission for

-

-

-

-

-

Who can see my specimen data in BSI?

You can use the flow chart below to analyze your specimen data to determine if other users on the database may be able to view it.

security_diagram.png