Description of openBIS roles including group admins

relathman · 23 March 2023 08:05

Dear openBIS team,
I have a question concerning the rights of group admins in a multi-group setup because they are currently not included in the doucmentation on openBIS roles.
In the documentation on the setup of a multi-group instance, it is written that:

The group admin has by default SPACE_ADMIN rights to all the Spaces of their group. A group admin can customise the Group ELN Settings for the group.

Can group admins also

create/delete spaces in the ELN-LIMS and
create/edit/delete entity types, property types and vocabularies (in the new Admin UI)?

Especially the latter would be very important to us because group admins of individual research groups should not have full access to other groups, however, they should be able to create/edit their own masterdata.

Furthermore, there are a few permissions in the roles documentation
that are not clear to me/might relate to older openBIS versions:

Obersever:

list persons → what is meant by “persons”, other users?
list file format types
data store services
upload data set to CIFEX → this is probably not relevant anymore

Space/Project Power User:

create report for data sets
process data sets
add, update and delete vocabulary terms → is this still true in the new admin UI?

Instance Admin:

create person
create/edit file format type

cbarillari · 29 March 2023 07:24

Hi Rukeia,

the roles are as described.
A group admin is SPACE_ADMIN of all spaces of the group and is admin of the group ELN_SETTINGS space. So he has the rights of a space admin.

A space admin cannot create/delete spaces, and cannot create types. These rights only apply to instance admins.

I will clarify this in the documentation.

Unfortunately, at this stage, this is the biggest limitation for a multi-group openBIS instance.
We are aware of this and we will try to provide a solution to this in the future, but I am not able to give you a timeline for this.

relathman · 29 March 2023 15:16

Many thanks for the answer + explanation! We would certainly welcome the introduction of composite role between instance admins and group admins (with editing rights in the Admin UI but restricted/no access to Spaces of other groups). For now, we will probably work with group admins only.

Could you also elaborate on the meaning of the permissions listed above/clarify whether the are still up to date?

cbarillari · 17 April 2023 16:45

The permissions above are up to date

cbarillari · 26 April 2023 14:34

The documentation has been updated. Some if the permissions related to actions available only in the core UI. This has been fixed.

Topic		Replies	Views
Creating new Inventory Spaces from ELN-LIMS UI LIMS	1	227	31 March 2023
openBIS space named 'STORAGE' for each group in settings Data Management	1	145	4 September 2023
Default roles when creating users? Installation & maintenance	2	119	22 November 2023
Problems creating a group template in a multi group set up ELN multi-group	1	37	11 November 2024
Show Spaces directly in ELN - don't use others folder ELN	5	215	11 July 2023

Description of openBIS roles including group admins

Related topics