Skip to content

User Administration

LabKey uses a role-based access control system. Project administrators can assign users to roles such as Reader, Editor, or Administrator to define their privileges. Users are organized into groups to manage permissions efficiently – for example, Project Groups (specific to a single project) versus Site-wide Groups (span across the entire server)​. Permissions set for a Project Group apply only within that project’s folders, whereas Site Group membership can grant broader access across multiple projects​. This hierarchy allows fine-grained control over who can view or edit data.

Project Group and Project Users

Definition

Project Groups are user-defined groups specific to a particular project and its subfolders within LabKey Server. Permissions and roles assigned to these groups are confined to the respective project, facilitating streamlined management of user roles and actions for teams performing similar tasks. Users can belong to multiple Project Groups.

Creating project groups

Prior to creating a new project group, ensure that you have administrative priviledges to perform this action.

To create a new Project Group:

  • Step 1: Navigate to Gear icon on top right of the window > Folder > Permissions.
  • Step 2: Click on the Project Groups tab.
  • Step 3: Enter the desired group name in the provided field e.g. “New group Example”.
  • Step 4: Click “Create New Group” button.

Create Project Group

Managing memberships

1. Add Users to a Project Group

In order to add users:

  • Step 1: Navigate to Gear icon on top right of the window > Folder > Permissions.
  • Step 2: Click on the Project Groups tab.
  • Step 3: Click on the corresponding project group to open a pop-up window, e.g. “Lab A Group”.
  • Step 4: On the pop-up window, click on “MANAGE GROUP”.

new_user_1

  • Step 5: In the input box “Add New Members” enter the e-mail address of the new user or users to create.
  • Step 6: Click on the “Update Group Membership” button.

new_user_2

2. Test a new user or group

A site or project administrator can test security settings by impersonating a user, group, or role.

  • Step 1: Select the “User icon –> Impersonate” on the top right-hand side of the page.

impersonate_start

  • Step 2: Choose a user, group or role to test for security settings.
  • Step 3: Once finished with testing, stop impersonating by clicking on the button “Stop Impersonating” on the top right-hand side of the page.

impersonate_stop

3. Add/Remove permissions to users or a group

  • Step 1: Navigate to Gear icon on top right of the window > Folder > Permissions.
  • Step 2: Select the tab “Permissions”.
  • Step 3: On the left-hand side “Folders” tree, select the folder where to apply the permissions

Tip

Since sub-folders can be set to inherit the permissions of its parent folder, it is practical to set common permissions for all folders from the root / parent folder, and then adapt them in each sub-folder.

select_folder

Adding permissions

  • Step 1: Select in the corresponding role dropbox, the users and /or groups to whom the role (set of permissions) is to be granted.
  • Step 2: Save the changes using the “Save And Finish” or “Save” button.

role_grant

Removing permissions

  • Step 1: Click on the cross icon next to the user or group from whom the role (set of permissions) is to be revoked.
  • Step 2: Save the changes using the “Save And Finish” or “Save” button.

role_revoke

Additional References