LabLynx KB:SysAdmin - 4.1 security system setup
| This is an article specific to the Category:LabLynx knowledge base. Its context outside of LabLynx, Inc may not be apparent, thus why it appears inside the LabLynx KB namespace.
Security system setup
Managing security in installed LIMS software is a vital step, ensuring the integrity of the data collected, analyzed, and stored in your laboratory is maintained. This document continues to discuss security, addressing the concepts of menu groups, departments, and locations.
A menu group is a grouping of predefined menu items that exist in the Menu Management section of the system. Users are able to view their available menu groups above the menu itself in a drop-down list.
The menu group is designed to minimize and simplify the actual menu that appears to system users once they are logged in. The LabLynx enterprise server may consist of many screens and menu selections in the core system menu — so many, in fact, that daily users may be overwhelmed. In order to prevent "visual overload," the concept of menu groups exists. The administrator or user who has access to this section of the system may create and edit menu groups for their respective users.
The list appearing on the screen represents the total list of menu groups currently defined in the system. Users may select an existing menu group for editing by selecting the menu group name; this action will open an edit screen for the selected record. Alternatively, the user may select the New button which will open an edit screen for creating a new menu group.
Take for example a user who has daily responsibilities for the receipt of samples to the laboratory, requiring access to the receiving area of the menu. Say this person also handles the non-routine updating of some type of administration information, perhaps client address and billing information. Two separate menu groups could be created in this example, the first being a "Sample Receiving" menu group and the second being "Client Information." On a daily routine basis the user would select the "Sample Receiving" menu group which would then only display the sample receiving menu. On an as-needed basis, the user could select the "Client Information" menu group, and the actual menu would refresh with just the client editing menu selections.
The URL selection is derived from the existing screens in the system. The selected URL will appear in the main viewing area of the browser once the respective menu group is selected by the system user. The list of menu group items is derived from the master list of items from the core system menu. It is important to note that these are not from the screens list within the system. The user responsible for adding menu group items should be aware also that if an item is assigned that has sub-items (i.e. a menu with child menus), the system will by default bring over the sub-items to the menu group.
The security system will override the menu group, such that if a user has access to a screen in the system via an assigned user profile, they will see the menu group in the selection list. If a system user has only partial access to the contents of the menu group, they will have access to select the menu group, but the system will not allow entry to any screens that are not part of the user's profile. Finally, if a user has no access to any of the screens within the menu group, they will not see the menu group in the drop-down list once they are logged in.
A department is a definition for all work areas that exist within the scope of the system. Departments being defined in this area are not location-specific. Once departments are defined, they may be assigned to locations to form labs. Labs are the joining entity between departments and locations. By themselves departments provide little function; however, once they're defined and joined to a location, they create labs. These labs are then assigned to tests for processing by the respective areas. By defining a department once instead of multiple times (where there is then redundancy throughout the location network), the database design allows for querying data either specifically for a department in a location (lab) or by the general department across all locations.
There is, by default, a department that is used by the system and must not be deleted/modified: that is the Entire Location value. This value is added to a location automatically when the location is added to the system.
The locations listed here are the laboratories for the application. Locations are used by the system to filter, segregate, and display data to system users. When system users log into the system, LabLynx tracks not only who they are but also where they are (i.e. the location that the system user logged into). By knowing where the system user is logged into, the system can filter out various other defined items (such as samples, tests, available instrumentation, and storage areas) based on matching location assignments. This feature allows the single LabLynx enterprise server database to store data for all locations centrally and then filter it out to the system users based on location matches.
Clicking on the hyperlink of an existing location will take you to the Location Information screen, where you can edit information about the location, see the users assigned to the location, or delete the location. In addition to the specific values for the location, the screen also displays the list of assigned departments that exist at the respective location at the bottom of the screen. Within the assigned Department Assignments list, users will see two additional columns for each department. The first is a check box with a column header of A. When checked, all users defined in the system will have access to the department within the respective location. Alternatively, the user may define the actual assigned department users on a one-by-one basis.