By default, every project in XNAT comes with three preassigned access groups - "Owner", "Member", and "Collaborator". These have varying degrees of access to data in the project, but these access levels affect all types of project data equally. In other words, if you have the ability to create, read, and update one type of experiment as a project Member, you have the same permissions to every other type of data in the project.
Project Owners may wish to create specialized access groups for specific types of data – for example, a QC Review role who can only access image sessions and their QC assessors. This can be done via the Access panel in the Project home page, by clicking on the Manage Groups button.
This brings up a simple dialog that contains an overview of group membership in the project.
Within this dialog, click the Create Custom Group button to be taken to the group creation screen.
Defining a Custom User Group
The Custom User Group configuration screen displays as a grid of available permissions that can be granted relative to every data type supported by your XNAT system.
There are known problems where custom user groups cannot access imaging datatypes in an XNAT where scan datatypes have been enabled. Notably: XNAT-6573
Only two permissions are granted by default, and cannot be revoked:
- The ability to view a project
- The ability to view subjects in that project
Without those permissions, no other data access could be granted. After that, all other read/write/delete data access can be toggled on or off. So, for our "QC Reviewer" example, we would want to give them "Read" access to every type of image session, and "Create/Edit" access to Manual QCs and Protocol Validations. (The Project Owner may also decide to grant "Delete" permissions to allow them to clean up their own work.)
Clicking on the "Read", "Create/Edit", or "Delete" table headers above each group of experiments will toggle all checkboxes within that group.
Granting "Create/Edit" permissions will automatically grant "Read" permissions if they have not already been granted. Likewise, granting "Delete" permissions will automatically grant all other permissions for that datatype.
The resulting group definition matrix would look like this:
Click Submit to save the user group to a project.
Adding Users to a Custom User Group
Once the custom group is enabled in a project, it becomes available as part of the typical avenues for adding users to a project. This includes:
- Inviting existing XNAT users to your project using the "Add Users From List" menu
- Inviting non-XNAT users via the "Add/Invite Users" by sending a Project Access Request to their email
- Adding existing XNAT users to projects as a site Administrator using the "Administer Users" menu
For example, here is how the new "QC Reviewer" group integrates into the "Add Users From List" dialog.