User Roles & Permissions

VariantMiner implements a comprehensive Role-Based Access Control (RBAC) system with permissions at both organization and workspace levels. This ensures that users have appropriate access to data and functionality based on their responsibilities.

Permission Levels

VariantMiner operates on three permission levels:

  1. System Level: Superuser access (platform administrators)

  2. Organization Level: Controls access within an organization

  3. Workspace Level: Controls access to specific data and projects

System-Level Permissions

Superuser

Platform administrators with system-wide access

Admin DashboardAdmin dashboard showing system-wide controls and user management

Capabilities:

  • Manage all organizations and users

  • Access system-wide analytics and metrics

  • Configure global platform settings

  • Perform system maintenance tasks

  • Bootstrap new organizations

  • Access all data across the platform

Note: Superuser access is typically limited to platform administrators and is configured through environment variables.

Organization-Level Roles

Organization Owner

Complete control over the organization

Permissions:

  • User Management: Invite, modify, and remove all users

  • Role Assignment: Assign and modify organization and workspace roles

  • Workspace Management: Create, modify, and delete workspaces

  • Organization Settings: Configure organization-wide settings

  • Billing: Access billing information and usage reports

  • Analytics: View organization-wide analytics and reports

  • Integration: Configure external integrations and API access

Organization Admin

Administrative capabilities with some restrictions

Permissions:

  • User Management: Invite and manage users (except owners)

  • Role Assignment: Assign workspace roles and organization member roles

  • Workspace Management: Create and modify workspaces

  • Settings: Configure most organization settings

  • Analytics: View organization analytics

  • Integration: Configure integrations

Restrictions:

  • Cannot modify organization owners

  • Cannot delete the organization

  • Cannot access billing information

  • Cannot assign organization owner or admin roles

Organization Member

Standard organization membership

Permissions:

  • Profile Management: Manage own profile and settings

  • Workspace Access: Access assigned workspaces

  • Data Operations: Perform operations within authorized workspaces

  • Collaboration: Participate in workspace activities

Restrictions:

  • Cannot invite other users

  • Cannot create workspaces independently

  • Cannot access organization management features

  • Limited to workspace-level operations

Workspace-Level Roles

Workspace Owner

Complete control over workspace data and settings

Permissions:

  • Data Management: Upload, modify, and delete all files

  • User Management: Assign workspace roles to organization members

  • Order Management: Create, modify, and delete analysis orders

  • Report Management: Create, modify, and delete clinical reports

  • Variant Analysis: Full variant browsing and classification capabilities

  • Settings: Configure workspace settings and preferences

  • Collaboration: Manage sharing and collaboration features

Workspace Editor

Create and modify workspace content

Permissions:

  • File Operations: Upload and manage files

  • Sample Management: Create and modify samples and subjects

  • Order Creation: Create and manage analysis orders

  • Report Creation: Create and modify reports

  • Variant Analysis: Classify variants and add comments

  • Data Export: Export data and reports

Restrictions:

  • Cannot delete workspace or modify workspace settings

  • Cannot assign roles to other users

  • Cannot access workspace analytics

Workspace Analyst

Analyze data and create reports

Permissions:

  • Variant Analysis: Browse variants and apply filters

  • Classification: Classify variant pathogenicity

  • Reporting: Create clinical reports from analyzed variants

  • Comments: Add and view variant comments

  • Views: Create and save custom variant views

  • Export: Export analysis results and reports

Restrictions:

  • Cannot upload files or create orders

  • Cannot modify samples or subjects

  • Limited data modification capabilities

Workspace Viewer

Read-only access to workspace data

Permissions:

  • Browse Data: View files, samples, subjects, and orders

  • View Reports: Access existing reports and analysis results

  • Variant Browsing: Browse variants (read-only)

  • Export: Export viewed data (where permitted)

Restrictions:

  • Cannot create, modify, or delete any data

  • Cannot perform analysis operations

  • Cannot classify variants or add comments

  • No access to administrative functions

Permission Matrix

Action
Org Owner
Org Admin
Org Member
WS Owner
WS Editor
WS Analyst
WS Viewer

Invite users to organization

Create workspaces

Assign workspace roles

Upload files

*

Create orders

*

Classify variants

*

Create reports

*

View data

*

* Organization members inherit permissions based on their workspace roles

Role Assignment

Assigning Organization Roles

Organization owners and admins can assign roles:

  1. Navigate to Organizations > Members

  2. Select the user to modify

  3. Choose the appropriate organization role

  4. Confirm the role assignment

Assigning Workspace Roles

Workspace owners can assign workspace roles:

  1. Navigate to Workspaces > Settings > Members

  2. Select users from the organization

  3. Assign appropriate workspace roles

  4. Users gain immediate access based on their role

Bulk Role Management

For large organizations:

  • Import users from CSV files

  • Bulk role assignments

  • Template-based permissions

  • Integration with external directory services

Security Considerations

Principle of Least Privilege

  • Users should have minimum permissions necessary for their role

  • Regular review of user permissions

  • Time-limited access for temporary users

  • Separation of duties for sensitive operations

Access Auditing

  • All permission changes are logged

  • Regular access reviews are recommended

  • Inactive user account management

  • Compliance reporting capabilities

Data Protection

  • Workspace isolation ensures data security

  • Role-based access prevents unauthorized data access

  • Activity logging tracks all user actions

  • Secure authentication and session management

Best Practices

Role Design

  • Align roles with job functions

  • Create clear role definitions and responsibilities

  • Document permission requirements

  • Regular role effectiveness reviews

User Onboarding

  • Use invitation system for new users

  • Provide role-appropriate training

  • Document user access procedures

  • Monitor new user activity

Ongoing Management

  • Regular permission audits

  • Remove access for departed users

  • Update roles when responsibilities change

  • Monitor for privilege escalation

Common Role Scenarios

Clinical Laboratory

  • Lab Director: Organization Owner

  • Lab Manager: Organization Admin

  • Technologists: Workspace Editor

  • Genetic Counselors: Workspace Analyst

  • Physicians: Workspace Viewer (for reports)

Research Institution

  • PI (Principal Investigator): Workspace Owner

  • Research Coordinator: Workspace Editor

  • Research Analysts: Workspace Analyst

  • Students/Interns: Workspace Viewer

  • IT Administrator: Organization Admin

Need to manage your profile? Continue to Managing Your Profile to learn about user settings and preferences.

PreviousUnderstanding OrganizationsNextWorkspace Management

Last updated

Was this helpful?