When starting the application, the installation wizard (see chapter C.2 Starting IUCLID 5: First steps wizard) prompts the user to go through the mandatory administrative settings.
In Step 6 of the installation wizard a new User can be immediately created. It is suggested to create a User with the "Administrative" Role regardless of whether a stand alone or a distributed version of IUCLID is set up.
Once a User has been created, the IUCLID Administrator (in case of a distributed version) can define different other User(s) and assign different Role(s) to them.
In general, a user account is the collection of information known about the User which includes an account name, an associated password and a set of access and execution permissions. A IUCLID user account defines the person within the Legal entity who operates and uses IUCLID. More than one user account can be created in each IUCLID application (both for stand alone and distributed version).
The User is the person responsible for the information entered in IUCLID. Whenever a modification is done on any dataset or record stored in the IUCLID database, the author (i.e. the User) of this modification is listed under the Modification history tab (see chapter D.4.9.2 Tab "Modification history"), in the Information window (see chapter D.4.9 How to use the Information window).
User information also appears under the Access tab in the Information window (see chapter D.4.9.3 Tab "Access"), from where it is possible to know which users are currently accessing the IUCLID resources.
Each user account must be associated with at least one Role. If no Role is assigned, the User cannot login and the following message appears.
The assignment of the Role to the User is done by the Administrator (i.e. a User having the Administrator role).
A User must be associated to at least one official Legal entity to be entitled to create any type of dataset, a Legal entity site or a Dossier. It means that the User is authorised to act on behalf of the associated Legal entity.
A User may be associated to several Legal entities. In the creation wizard of a dataset or a site, he will be prompted by the system to specify the name of the Legal entity he is representing. The User's access to the system is further controlled and validated by a password system.
Only the SuperUser or a User with the Administrator role can create/modify information under User management (see chapter D.16.3.1 Role management)
A Role defines the User"s access rights to the data, which ranges from the read-only possibility to the full possibility to read/insert/update/delete all resource types (i.e. Legal entity, Legal entity site, Reference substance, Substance, Mixture, Category, Template, Dossier, Annotation). It also defines the access privileges on operations (i.e. Administration role, Import/Export/Print functions).
By default, the application provides three pre-defined Roles:
Administrator
This role has been defined for administrators, and it gives the User the following rights:
read/update/create/delete all data.
update own User preferences and password.
access the User administration area (manage Users and Roles).
Full access
This role has been defined for full-access users, and it gives the User the following rights:
read/update/create/delete all data.
update own User preferences and password.
Read-only
This role has been defined for read-only users, and it gives the User the following rights:
read/update/create/delete all data.
update own User preferences and password.
It is possible to define access privileges on specific sections of the dataset (Sections 4-13). For example access is granted only for the Ecotoxicological information (Section 6 of the Substance or Mixture dataset). For more information see D.16.5.2 Tab "Disable data sections": Setting preferences for user interface and default directories.
It is recommended not to change the three default roles. In case the default setting needs to be changed, remember to modify the name of the role, so to avoid possible confusion (for example if you modify the "Read-only" access of resources giving it the possibility to read/update/create/delete, the name "Read-only" will be no longer adherent).
The Role management offers the option to define other "Role profiles" to which future Users will be assigned.
For example: a "Regulatory affairs" Role might have full rights on all datasets created for the substances produced and/or used in the Legal entity, while the "Marketing department" Role might be given only to User with consultation rights only.
The Role profile can be further defined by giving different access rights to certain sections of the datasets. For example a "Toxicologist" role might not have any right to modify Endpoint study records apart from those of the Toxicological section (i.e. Section 7 Toxicological information).
Depending on your needs, you can create several roles with several combinations.