Byosphere's User Type, Privileges and Roles define rights and permissions in Byosphere.
Only Byosphere Administrators can set these for the rest of Byosphere users as they are configured within the Byosphere Admin Portal. To access this portal as an Administrator, add /admin to the end of your Byosphere URL e.g., https://<your-byosphere-domain>.com/admin
User Types
(See the Users tab in the Byosphere Admin Portal)
Byosphere distinguishes three kinds of User types: End Users (all Users are End Users by default), Super Users and Administrators. Super User and/or Administrator privileges can be added to End Users.
- End Users who are not also Super Users or Administrators are the primary Users of the Byosphere Web Client and Byosphere Byos Client. They include scientists, analysts, and technicians. Any created account is automatically an End User.
- Super Users are Users of the Byosphere Web Client and Byosphere Byos Client with no restrictions on actions they can perform or folders they can access. Unlike End Users, Super Users can create folders at the root level. Super Users must first populate the new installation with folders at the root level and assign User Groups with Users and Privileges. Otherwise, users will log into an empty workspace with no available folders in which to manage data. Super Users who are not also Administrators cannot log into the Byosphere Admin Web Client. Note that the system requires at least one Super User to create the folders at the root level.
- Administrators can access the Byosphere Admin Web Client to manage User access and Privileges in the Byosphere Web Client and Byosphere Byos Client. This includes managing User accounts and User Privileges. Administrators do not automatically have special access to the Byosphere Web Client and Byosphere Byos Client. They can also be assigned as Super Users, or more narrowly as authorized Users by assigning themselves to User Groups with appropriate Privileges. Note that the system requires at least one Administrator to manage Users, User Groups and Deletions.
Privileges
(See the User Groups tab in the Byosphere Admin Portal)
There are four kinds of Privileges that Byosphere Users can be assigned that enable access to folders, files and their functions in the Byosphere Web Client and Byosphere Byos Client:
- Viewer - Users given Viewer Privileges to a folder can only view/download files in that folder and view/download reports for Protein Metrics project files. Viewers cannot edit, delete, move or download files or folders.
- File Editor - Users given File Editor Privileges to a folder can add, edit, move, delete (if they are also Advanced Viewer or Contributor) and download any file in that folder. However, they cannot manage the assigned folder or sub-folders. File Editors must also be given Viewer Privileges to the same folder so they can view the files they manage.
- Folder Editor - Users given Folder Editor Privileges to a folder can edit, move, and delete that folder, and add sub-folders under it. They cannot manage files in the folders unless they are also given File Editor Privileges. Folder Editors must also be given Viewer Privileges to the same folder so they can view the folders they manage.
- Analyst – Users given Analyst Privileges to a folder can process, or analyze, sample files to create Protein Metrics projects. This is only true if they are also granted a Contributor role with the appropriate license entitlements for the project type they are trying to create. Analysts must also be given Viewer and File Editor Privileges to the same folder so they can view and manage the source sample files and resulting project files.
Roles
(See the Licenses tab in the Byosphere Admin Portal.)
Basic Viewers:
- The Basic Viewer Privilege does not require a Role Entitlement, just having an account in Byosphere. Any Byosphere User who is a Viewer in a User Group (Privilege) assigned to a folder can view and download files and open project reports in that folder regardless of Entitlement assignments. However, project's inspection won't be allowed for this user with Byosphere clients (Desktop and Virtual) as this requires Contributor role and the appropriate license entitlements for the project type they are trying to inspect.
Contributors and Advanced Viewers:
- The Advanced Viewer role provides the assigned Users the File Editor Privilege in User Groups assigned to specific folders. Advanced Viewers can add, edit, delete, and move files in those folders. Advanced Viewers cannot be Folder Editors or Analysts and thus cannot generate analyses.
- The Contributor as with Advanced Viewer, this role provides the assigned Users the File Editor Privilege in User Groups assigned to specific folders. Advanced Viewers can add, edit, delete, and move files in those folders.
Additionally, Contributors could be Folder Editors (if their User Group allows them OR they are Super Users) and can generate analyses and reports for uploaded projects as long as the appropriate license entitlements for the project type they are trying to create, are assigned to them.
Caveats and examples:
- Advanced Viewer and Contributor roles assigned to same person – If the User is intended to have any Analyst and/or Folder Editor Privileges, or is intended to be a Super User, remove the Advanced Viewer Entitlement. If the User is a File Editor only, remove the Contributor Entitlement.
- Analyst privilege requires Contributor role – If the User will be generating analyses, add the Contributor Entitlement. If not, remove the User from any User Group that includes the Analyst Privilege.
- Contributor role required for products – If the User will be generating analyses in the specified products, add the Contributor Entitlement. If not, remove the User from the Product Entitlements.
- File Editor privilege requires Advanced Viewer or Contributor role – If the User is intended to have any Privileges beyond File Editor, add the Contributor Entitlement. If the User is intended to have only the File Editor Privilege, add the Advanced Viewer Entitlement. If the User is intended to be a Viewer only, remove the user from all User Groups that are not Viewer-only.
- Folder Editor privilege requires Contributor role - If the User will be editing folders, add the Contributor Entitlement. If not, remove the User from any User Group that includes the Folder Editor Privilege.
- Super User privilege requires Contributor role - If the User is intended to be a Super User, add the Contributor Entitlement. If not, edit the User record in the Users page to uncheck the Super User Privilege.