Permissions¶
The Gencove permissions system is a role-based access control (RBAC) system. This means that users are assigned roles (e.g., "Owner", "Manager", etc.) and each role is assigned a set of permissions.
Organization-level role permissions¶
| Member | Uploader | Viewer | Analyst | Explorer | Manager | Owner | |
|---|---|---|---|---|---|---|---|
| Update user profile | ➕ | ➕ | ➕ | ➕ | ➕ | ➕ | ➕ |
| Upload data | ➖ | ➕ | ➖ | ➕ | ➕ | ➕ | ➕ |
| View all projects | ➖ | ➖ | ➕ | ➕ | ➕ | ➕ | ➕ |
| Run sample analysis | ➖ | ➖ | ➖ | ➕ | ➕ | ➕ | ➕ |
| Access Explorer | ➖ | ➖ | ➖ | ➖ | ➕ | ➕ | ➕ |
| Create and edit projects | ➖ | ➖ | ➖ | ➖ | ➖ | ➕ | ➕ |
| Invite and manage users | ➖ | ➖ | ➖ | ➖ | ➖ | ➖ | ➕ |
| Access billing portal | ➖ | ➖ | ➖ | ➖ | ➖ | ➖ | ➕ |
Project-level role permissions¶
In addition to assigning roles to users at the organization level, a subset of the roles listed above may also be assigned to users at the project level as needed. This enables providing users with basic access to the organization via Member or Uploader roles and escalating privileges for a subset of projects as needed.
To assign a project-level role to a user, the user must have already joined the organization via the standard invitation process.
It is important to note that organization- and project-level permissions are additive, i.e., the resulting project-level permissions are a union of the user's organization-level permissions and their project-level permissions. One consequence of this is that organization-level permissions cannot be "downgraded" at the project level. For example, if a user has the Owner role at the organization level, their project-level permissions for project A will not be reduced by setting their project-level role to Manager for project A.
Escalating a user's role to Owner at the project level will enable that user to list all users in the organization when adding users to the project.