User Access Level

Topics:

User Access Levels

There are four types of users in the BSI system, defined by the Access Level given in the user profile: System Administrators, Database Managers, Local Administrators, and Users.  

  • System Administrators are IMS personnel who are responsible for maintaining the entire system. System Administrators can set system preferences for the database.
  • Database Managers are repository personnel who are responsible for managing the entire database using extensive administrative options.
  • Local Administrators are repository personnel who are responsible for managing the users and repository policies at their location.  
  • Users are all other repository and non-repository personnel responsible for maintaining accurate data in the BSI system or who need to access that data.
This Access Level is not the same as Repository Access Level available in the repository code list.

Example: Dr. Jones is the main researcher at Repository C and will need permissions to complete all processes involving her specimens. She will be given an Access Level of “User” and assigned those permissions. Mr. Jenkins will be responsible for administration of BSI, including account maintenance and assigning permissions. His account will be assigned an Access Level of “Local Administrator” for Repository C. SOPs will preclude him from having permissions to complete any actions involving specimens, but will be able to assign those permissions to other users.

The general privileges of each type of user are shown below:

User Access Level

Privileges

System Administrator

Can add, edit, or delete privileges of any other User, Local Administrator, or Database Manager.

Database Manager

Can add, edit, or delete privileges of any User or Local Administrator across institutions. Database Managers cannot edit the Status, Access Level, or Current Repository of other Database Managers.

Local Administrator

Can add, edit, or delete privileges of any User associated with the administrator's institution. However, Local Administrators cannot edit the Status, Access Level, or Current Repository of other Local Administrators.

User

Cannot modify any privileges.

Local Administrator

The inherent permissions given to all users with an Access Level of “Local Administrator” are:

  • Access User Administration module to:
    • Add/Edit/Inactivate other users in their institution
    • Assign existing roles (from the Institution they belong to) to other users in their institution
  • Access Roles module to:
    • View existing roles (roles cannot be created without the explicit permission to do so)
  • Assign existing roles (from the Institution they belong to) to their own user account
  • View Messages module (all users with “client access” permission can view this)
  • View Server Locks module (They can view the server locks, but not delete them. – They can see Data Entry and Requisition Batches which are locked for use by other users, but cannot delete the locks, as System Administrators can do.)
  • Cancel a requisition that was created by another user.

Additionally, to access the Customization manager and Study Property Templates sub-manager, users must have both the corresponding role permission and an Access Level of Database Manager, Local Administrator or System Administrator. Users with an Access Level of User will not be able to see these managers even if they are assigned the role permissions.

Database Manager

Users granted the Access Level of Database Manager have the same inherent abilities as a local administrator plus the ability to:

  • Create or edit an account with an Access Level of Local Administrator or User within any Institution
    • This includes granting themselves and other users access to any repository on the database.
  • Edit, but not create promote/demote, or activate/deactivate other Database Manager accounts
  • Mark an account as an Exclusive Webservices account and reset the password for this type of account
  • Edit lkup_institution, lkup_container_type, and repository code lists
    • These code lists are vital to the operation of BSI allowing the Database Manager to edit institutions, container type, or repositories within a specified code list. 
  • Grant themselves study permissions for any study (the Study PI will be notified via email)
  • Assign Customization permissions to any role and/or user regardless of whether or not their roles include the “Assign Customization Permissions” permission.
  • Assign User Configuration Templates from any institution to any user whose account they have the ability to edit.
  • Delete server locks which gives the Database Manager the capability to view and remove locks placed on objects in the system
    • Server locks are placed to prevent two users from being within the same editor at the same time and overwriting each other’s data.  If one user had an editor open, such as a requisition editor, this feature allows the Database Manager to delete the lock created by the system giving other users access to that specific object.

If Database Managers have the appropriate role permission to do so they may view, create, and edit items within any institution:

  • Labels
  • Roles
  • Reports
  • Templates
  • Requisition Property Templates
  • Requisition Task Templates
  • User Configuration Templates

Database Managers can also view the above items within the IMS institution and subfolders if they are assigned to it.

System Administrator

Users with an Access Level of "System Administrator" can edit system preferences for the database, delete edit locks on system items, create scheduled monitor reports, and edit all aspects of any type of account.

For more information on permissions given to and capabilities of users with an Access Level of “System Administrator”, please contact the BSI Technical Support team via email at bsifeedback@imsweb.com or via telephone (301) 628-1BSI (274) between 8AM - 4PM EST.

Example: Repository A is managed by Dr. Griffin and Repository B is managed by Dr. Smith. Their database is owned by the ABC company, but they work in separate facilities. Both Dr. Griffin and Dr. Smith are designated as Local Administrators for their respective groups, so they can manage their own users’ roles and accounts.