Welcome to the User Permissions Policy guide for the Rhino FCP. Here, you'll uncover the vital tools to master access control in collaborative settings. This guide empowers you to optimize data security and workflow efficiency through effective user permission management.
FCP User Personas
User Personas define a set of predefined privileges and access rights that are assigned to a particular category of users within the Rhino FCP. These roles streamline permission management by grouping users based on their responsibilities, ensuring that each user has appropriate access levels to perform their tasks while maintaining security and data integrity.
Persona | Description |
PLA - Project Lead, Admin | The workgroup admin for the workgroup that created the project |
PLM - Project Lead, Member | Every non-admin member of the workgroup that created the project |
MA - My site, Admin | The workgroup admin for your workgroup (relevant only to site-level permissions) |
MM - My site, Member | Every non-admin member from your workgroup (relevant only to site-level permissions) |
CA - Collaborator, Admin | The workgroup admin for a workgroup that has been invited to collaborate on a project |
CM - Collaborator, Member | Every non-admin member of a workgroup that has been invited to collaborate on a project |
Project Permissions
When defining a new project, you will also need to specify which user personas can perform actions at both the Project and Site.
Project-level Permissions
Project-level permissions define who has the ability to perform certain actions within the Project. The Project Lead can enable and limit access to certain functions for specific personas in the Project. Actions included under the Project-level Permissions Policy are:
Action | Description | Default Policy |
Differential Privacy Setting (None, Low, Medium, High) | (Privacy filter) - Control the level of noise (if any) is added to data when calculating metrics:
| 2 |
Manage Code Objects | Create, modify, and remove Code Objects in the project | PLA, PLM |
Manage Data Schemas | Create, modify, and remove Data Schemas in the project | CA, CM, PLA, PLM |
K-Anonymization Parameter | (Privacy filter) - Subgroups smaller than K will be excluded from summary statistics | 5 |
Run Code | Run code in the project | PLA, PLM |
Site-level Permissions
Site-level permissions define what project participants may do with your site's resources. When the Project Lead creates the project, they also set the Site-level permissions for their site. Each invited Collaborator will be presented with the Site-level Permissions Policy suggested by the Project Lead, but they may also change their Site-level permissions policy before accepting the invitation. Actions included under the Project-level Permissions Policy are:
Actions | Description | Default Policy |
Manage This Site's Datasets | Import, export, modify, and remove Datasets associated with this site | MA, MM |
Manage Secure Access Lists | Create, modify, and remove Secure Access Lists for Datasets from this site | MA, MM |
Manage This Site's Code Runs | Modify and remove Code Runs associated with this site | MA, MM |
Pre-approved Code Only | Only allow pre-approved code to be run on your site's data. You will be able to specify/update the pre-approved code on this page | No |
Run Code On This Site | Run code on Datasets from this site | MA, MM, PLA, PLM |
Share Secure Access Lists | Share Secure Access Lists for Datasets from this site | MA, MM |
View Client-Side Logs | View logs from code run on Datasets from this site | MA, MM, PLA, PLM |
View Dataset Analytics | View aggregated analytics and metrics for Datasets from this site | MA, MM, PLA, PLM |
View Datasets via Secure Access | Access data from this site via zero-footprint viewers (e.g. tabular data viewer, and interactive containers, OHIF) | MA, MM |
Data Schema Permissions
When defining a new Data Schema, you will have the ability to select the permissions for each variable defined within the Data Schema.
For each variable defined within a schema one of the following permission profiles can be applied:
Default
The variable's underlying data only persists on-prem, and aggregate statistics can be viewed in the cloud. This field can be viewed via secure access given the proper permissions.
No Aggregate Statistics
The variable's underlying data only persists on-prem, and no aggregate statistics can be viewed in the cloud. This field can be viewed via secure access given the proper permissions.
No Secure Access
The variable's underlying data only persists on-prem, and aggregate statistics can be viewed in the cloud. This field isn’t viewable via secure access.
Local Only
The variable's underlying data only persists on-prem, and no aggregate statistics can be viewed in the cloud. This field isn’t viewable via secure access.