Description of openBIS roles including group admins

Dear openBIS team,
I have a question concerning the rights of group admins in a multi-group setup because they are currently not included in the doucmentation on openBIS roles.
In the documentation on the setup of a multi-group instance, it is written that:

The group admin has by default SPACE_ADMIN rights to all the Spaces of their group. A group admin can customise the Group ELN Settings for the group.

Can group admins also

  • create/delete spaces in the ELN-LIMS and
  • create/edit/delete entity types, property types and vocabularies (in the new Admin UI)?

Especially the latter would be very important to us because group admins of individual research groups should not have full access to other groups, however, they should be able to create/edit their own masterdata.

Furthermore, there are a few permissions in the roles documentation
that are not clear to me/might relate to older openBIS versions:


  • list persons → what is meant by “persons”, other users?
  • list file format types
  • data store services
  • upload data set to CIFEX → this is probably not relevant anymore

Space/Project Power User:

  • create report for data sets
  • process data sets
  • add, update and delete vocabulary terms → is this still true in the new admin UI?

Instance Admin:

  • create person
  • create/edit file format type

Hi Rukeia,

the roles are as described.
A group admin is SPACE_ADMIN of all spaces of the group and is admin of the group ELN_SETTINGS space. So he has the rights of a space admin.

A space admin cannot create/delete spaces, and cannot create types. These rights only apply to instance admins.

I will clarify this in the documentation.

Unfortunately, at this stage, this is the biggest limitation for a multi-group openBIS instance.
We are aware of this and we will try to provide a solution to this in the future, but I am not able to give you a timeline for this.

1 Like

Many thanks for the answer + explanation! We would certainly welcome the introduction of composite role between instance admins and group admins (with editing rights in the Admin UI but restricted/no access to Spaces of other groups). For now, we will probably work with group admins only.

Could you also elaborate on the meaning of the permissions listed above/clarify whether the are still up to date?

The permissions above are up to date

The documentation has been updated. Some if the permissions related to actions available only in the core UI. This has been fixed.

1 Like