Roles and Capabilities (for Enterprise)
The user roles in RSpace Enterprise are very similar to those in RSpace Community, with the addition of System Admin. The roles are listed here:
- PI (Primary Investigator)
- Lab Admin
- Lab Admin (with "view all LabGroup member’s work" permission)
- System Admin
Regular users of RSpace Enterprise have all the standard capabilities and permissions in RSpace: they can create and edit documents, and share them with their LabGroup. Documents created by user X are automatically viewable by the PI of the user X’s LabGroup, in addition to any other users that user X gives view and/or edit permissions.
PI users are in charge of LabGroups in RSpace, and as such they can view all the content created by members of their LabGroup, in addition to managing group membership and inviting new users. PI users can choose to delegate certain administrative tasks to Lab Admins. See The PI Role for more.
Lab Admins are regular users who get appointed to admin status by their PI, giving them additional group administration capabilities. The PI may choose whether to allow admins the ability to view content created by other users in the Lab Group.
LabAdmin with view permission
A Lab Admin with “view all” permission is sometimes called a “Senior Lab Admin”. By default the Senior Lab Admin has read-only access to the work of all LabGroup members, except the PI. The Senior Lab Admin can access a list of the Workspace folders of other LabGroup members by clicking the "Labgroup records" icon in the Workspace toolbar.
See The Lab Admin Role for more.
Finally, System Admins are in charge of managing the specific RSpace Enterprise deployment at a given institution. They can create new users (either individually or as a batch upload), configure institutional file store, manage LDAP and Single Sign On integration. See this section for more detailed information on system administration.
If you act as both a user or PI in RSpace, AND you are ALSO a Sysadmin or Community admin, then you will need TWO separate accounts and should only log in with the appropriate account when you need to perform tasks related to those different roles. Do not add production data when logged in as a Sysadmin, or Community Admin, do not add Admins to any LabGroups, and do not ever try to use sysadmin account to fill the PI or standard user role.
Communities are "groups of labgroups", and are useful in larger Enterprise deployments for spreading the admin load of the SysAdmin. The Community admin has similar powers to a SysAdmin, but restricted to the users and groups within the Community. As such, they will not have access to the system-wide Maintenance, Configuration, and Monitoring tabs. You can read more about Community management at Creating Communities (for System Admins) and Managing Users (for System Admins).