Study Level Security

Topics:

Study Level Security & Repository Access

Study Level Security is used to restrict access to specimen and subject data based on a user's study authorization as well as their repository affiliation.  

The access level set for the repository will determine the restrictions imposed on users belonging to that repository. Users with access to multiple repositories may see different specimens depending on which repository they are currently logged into. Role permissions, assigned through User Administration, work in conjunction with study authorizations to determine the actions the user can perform. Regardless of repository, users with the correct permissions can only add or modify specimen data belonging to their own repository.

Users with access to the Subjects or Reports manager may view general subject data for all specimens, regardless of study permissions

The following restrictions are common across all repository types:

  • A study's Require Authorization property must also be set to “True/Yes” for the security restrictions to take effect.  For all specimens that are NOT part of a study which requires authorization, regardless of repository, personnel will have access to view and report on the specimen data.
  • All users must have explicit study-specific permissions to view and edit subject data for studies that require authorization, regardless of their repository and in addition to regular role permissions.

Study Authorizations

Authorizations may be assigned to users for any study where the Requires Authorization property is set to True/Yes. Depending on their repository users must have study-specific permission, in addition to the associated role permission, in order to complete the action on specimens in the study.

Users who are authorized but do not have any specific study permissions can run reports on study specimens and subjects.

Required for all users (regardless of repository):

The study permissions below are required to complete actions for all studies that require authorization, regardless of repository type.

  • Users who have been authorized for the study, but not given any of the following permissions may still run reports on study and specimen data.
Study Permission Description Associated Role Permissions
Create/Edit Consent Form The user is authorized to create and edit consent forms for the study. Create/Edit Consent Form
Create/Edit Patient Consent The user is authorized to create and edit individual patient consent forms for the study. Create/Edit Patient Consent
Delete Consent Form  The user is authorized to delete consent forms from the study. Delete Consent Form 
Delete Patient Consent  The user is authorized to delete patient consent forms for the study. Delete Patient Consent 
Delete Subject  The user is authorized to delete subjects from the study. Delete Subject 
Delete Subject Attributes  The user is authorized to delete fields from the Subject Attributes list of the study. Delete Subject Attributes 
Edit Subject  The user is authorized to edit subjects included in the study.  Edit Subject 
Edit Subject Attributes  The user is authorized to edit fields from the Subject Attributes list of the study. Edit Subject Attributes 
View Consent  The user is authorized to view consent data for the study. View Consent 
View Subject The user is authorized to view study-specific subject data for the study.  View Subject
Authorize Users for Study  The user is able to authorize new users, modify existing authorizations and remove authorizations for the study. Authorize Study Users
Edit Study Warnings  The user is able to modify the study warnings. Edit Study Warnings 
Edit a Study  The user is able to modify Study ID, study name, description, password, and PI. Edit Study
View Restricted Comments  The user is authorized to view restricted comments in the study. View Restricted Comments 

Required only for Study Access Only repository and non-repository users:

Users logged into a Study Access Only repository or logged into no repository must have the study permissions below in order to perform actions on specimens in studies that require authorization. 

  • These authorizations do not affect users at All Access, Custodial Access, or Advanced Custodial Access type repositories.
Study Permission Description Associated Role Permissions
Approve Requests  The user is authorized to approve specimen inclusion in requisitions. Non-repository/Study Access Only repository users must have either:
  • The "Approve Requests" role permission and "Approve Requests" study permission, or;
  • The "Approve Any Request" role permission.

Approve Requests

Approve Any Request

Create/Edit Shipments  The user is authorized to create new shipments for the study. Create/Edit Shipments 
Submit Requisitions  The user is authorized to submit new requisitions for the study. Submit Requisitions 
Commit Sample Reservation Batches  The user is authorized to commit sample reservation batches of all types for the study. Commit Sample Reservation Batches 

Required only for Study Access Only repository users:

Additionally, users in Study Access Only type repositories must have the study permission below in order to perform actions on specimens in studies that require authorization.

  • These authorizations do not affect users at All Access, Custodial Access, or Advanced Custodial Access type repositories.
  • Non-repository users cannot perform these actions, regardless of whether or not they have role & study permissions.
Study Permission Description Associated Role Permissions
Commit Add Batches  The user is authorized to commit data entry add batches containing specimens from the study. Commit Add Batches 
Commit Modify Batches  The user is authorized to commit data entry modify batches containing specimens from the study. Commit Modify Batches 
Commit Delete Batches  The user is authorized to commit data entry delete batches containing specimens from the study. Commit Delete Batches 
Commit Change ID Batches  The user is authorized to commit data entry change BSI ID batches containing specimens from the study. Commit Change ID Batches 

What types of users may need Study Level Security permissions?

  • Study PIs - to authorize other users, edit the study, or create subjects in their study.
  • Non-repository Customers accessing BSI Engage - to create new shipments or submit requisitions for their study.
  • Collection Centers - to manage subjects and their associated consent forms.
  • Technicians in Study Access Only repositories - to commit Data Entry batches for the study.