Understanding User Roles and Permissions
By default, XNAT defines three common project roles: Owners, Members, and Collaborators. As a project owner, you have the ability to add specific users to your project within these roles. These users will then have the permissions associated with their defined role (which overrules the default accessibility permissions).
Role/Activity | Project Owners | Project Members | Project Collaborators |
|---|---|---|---|
| Create Data | C | C | |
| Read/Download Data | R | R | R |
| Update Data | U | U | |
| Delete Data | D |
The "CRUD" model of permissions
- Project Owners: If you define additional project owners, they will have all of the permissions on your project that you do. They can read, insert, modify, and delete anything (and everything) associated with your project. They can also add additional users to your project and modify the data types associated with your project.
- Project Members: Members have the ability to manage the data in your project. They can read, insert, and modify subjects and experiments in your project. They cannot modify the project users and data types.
- Project Collaborators: Collaborators have read-only access on all of the data in your project. They cannot insert or modify data owned by your project. They can download your data and use it within their projects.
Managing User Access
Users can be added to your project and assigned roles using the Manage User Access dialog.
Note for Public Projects
If you define a "Public" project, it in effect provides Member permissions to your project data for all logged in users of your XNAT instance.
Sharing Subject & Experiment Data into new projects
The model for sharing data and accessing shared data is a bit more complex than our default user permissions. For more details, see Understanding Data Sharing in XNAT's Security Structure.