Multi-Tenant Architecture and System Roles
Please find a visual overview at the end of this page.
eLabNext has a flexible, multi-tenant architecture to support use by multiple customers (tenants). These tenants can be distinct business divisions, departments, or research groups from within the same organization or across multiple different institutions.
To offer full system control to customers with a Private Cloud or On-Premises installation, 4 system roles can be assigned: System Administrator, Organisation Administrator, Group Administrator, and End-User.
The hierarchy of these roles are as such: Both the System Administrator and Organisation Administrator are Key-User roles that can perform actions on the system or organisation level. Within each organisation, groups are configured and managed by a Group Administrator. In these groups, End-Users can document and collaborate on different projects. In addition to these system roles, group members have a user role that defines their individual permissions in each group.
In the Private Cloud or On-Premises installation, one person within the customer organization is assigned as the System Administrator. The System Administrator has full access to configure or update technical settings that affect functionality on the system level, such as authentication (AD/LDAP), privacy settings, and system policies. The System Administrator also assigns the Organisation Administrator and has access to all organisation-specific functions such as user account management, license reporting, and organization sharing settings.
For an overview of all supported actions of a System Administrator, see the manual.
The Organisation Administrator role is assigned by the System Administrator and is typically the Key-User that performs functional system management on the organization level. The Organisation Administrator has access to user account management, license reporting, data recovery, and organization sharing but is restricted to only performing these actions within the context of their own organization. For customers with a Private Cloud that is used by multiple organisations, the Organisation Administrator role can be assigned to a user in each organisation.
For an overview of all supported actions of an Organisation Administrator, see the manual.
Within each organisation, groups can be defined based on which end-users have clearance to access and share certain data sets. Depending on how groups of end-users should be able to access and share data, groups can be set up. In each group, a Group Administrator is assigned to implement a group-specific configuration of the project, studies, experiment, storage units, equipment, sample types, and protocols. In addition, the Group Administrator can add or remove end-users in the group and assign user roles and permissions to each user in the group.
For an overview of all supported actions of a Group Administrator, see the manual.
The end-users in the system can be members of one or more groups within the system. In each group, a user has permissions based on their assigned user role for that group. A user can have a unique role within each group that provides them with full or limited access to data that belongs to a particular group.
Learn more about setting up roles and permissions.