Protocols - Managing Protocol Roles – Kuali Research

Overview

The Kuali Protocols system has a variety of access options available. Protocol permissions are managed through Roles in the Kuali Groups Service, and allow institutions to assign Protocol Administration, Creation, and Viewer rights at various levels of their Hierarchy.

Please note, this article covers granting global access to all protocols or all protocols under a given unit. Granting access to a specific protocol can be managed within each protocol document itself and is described in the Protocols - Document Permissions article.

Also, all permissions in Protocols are derived from the Lead Unit field specified in the Protocol. The Lead Unit field is required in the Protocol template with field key of 'leadUnitNumber' and cannot be removed from the template. Whatever Lead Unit is entered in this field of the protocol will then drive access depending on if the user has the appropriate role at that level unit or below.

Navigate to Kuali Groups

Next navigate to http://{Your School's Kuali domain}/groups.

Example http://miskatonic.kuali.co/groups

This will display all the groups in your institution's hierarchy. If any groups are missing, and you need to update the hierarchy see the System Admin - Push Units to Kuali Groups article.

To assign permissions first click on the group within the hierarchy you want to assign permissions to. Users will inherit permissions for all groups that report up to groups they are assigned to. If you want to assign them to have rights on all records you need to assign at the top Level 1 unit that all other units roll up.

Once you click on a group you will see a read only display of all roles in the group, and the members of those roles. There may be several roles listed in your groups in addition to the roles that drive Kuali Protocols permissions.

The roles that drive Kuali Protocols permissions are:

IRB Admin: This is the role used typically for IRB office users so they can review protocols. They can see, edit, submit, and take administrative actions on IRB Protocols in all groups that report up to the groups they are assigned this role in. They will also receive notifications when certain actions are taken in the system depending on your institution's configurations. Also, access to Protocol Reports for IRB protocols with lead unit in their unit and below. They will also be able to filter by all fields in the form and all default filters available on the Manage Protocol screen.
IRB Auditor: This role gives admin level view access to protocols without the ability to take actions which could be used to grant auditors (or similar roles) protocol view access. This includes the ability to view the protocol, full Activity Log (including viewing content limited to the admin like Notifications, Assigned Reviewers, etc.), any Action Item marked as visible to the Researcher, Action Item Summary, all Notes and Attachments, all Reportable Events linked to the Protocol, all Ancillary Review comments, and the ability to filter protocols by all fields in the form and all built in fields available to the Admin on the Manage Protocol screen.
IRB Triage: This role is used typically for intake in an IRB office so a user can review and access incoming protocols but don't have full rights to take review or admin functions. They can view protocols in their Manage Protocols list, add/edit/view Review Assignments, Print, view Admin Attachments, view Reportable Events (add/edit/view Review Assignments, and view activity log.
IRB User: These users have permission to create IRB Protocols in the system. The group this permission is assigned to does not impact which Units the user can create Protocols in.
IRB Viewer: These users have permission to view IRB Protocols in all groups that report up to the groups they are assigned this role in. Also, access to Protocol Reports but limited to IRB and to the unit(s) they are members of and those units below.
IRB DEPARTMENT LEAD: These users receive all the same viewing permissions as IRB Viewer, and can be included as recipients on Protocol notifications based on the lead unit of the Protocol.
IRB System Configurer: These users have permission to make changes to the IRB Protocol templates, configurations, and external data options.
IRB Report Viewer: Access to Protocol Reports limited to IRB and the unit(s) they are members of and those units below.
IACUC Admin: This is the role used typically for IACUC office users so they can review protocols. They can see, edit, submit, and take administrative actions on IACUC protocols in all groups that report up to the groups they are assigned this role in. They will also receive notifications when certain actions are taken in the system depending on your institution's configurations. Also, access to Protocol Reports for IACUC protocols with lead unit in their unit and below. They will also be able to filter by all fields in the form and all default filters available on the Manage Protocol screen.
IACUC Auditor: This role gives admin level view access to protocols without the ability to take actions which could be used to grant auditors (or similar roles) protocol view access. This includes the ability to view the protocol, full Activity Log (including viewing content limited to the admin like Notifications, Assigned Reviewers, etc.), any Action Item marked as visible to the Researcher, Action Item Summary, all Notes and Attachments, all Reportable Events linked to the Protocol, all Ancillary Review comments, and the ability to filter protocols by all fields in the form and all built in fields available to the Admin on the Manage Protocol screen.
IACUC Triage: This role is used typically for intake in an IACUC office so a user can review and access incoming protocols but don't have full rights to take review or admin functions. They can view protocols in their Manage Protocols list, add/edit/view Review Assignments, Print, view Admin Attachments, view Reportable Events (add/edit/view Review Assignments, and view activity log.
IACUC User: These users have permission to create IACUC Protocols in the system. The group this permission is assigned to does not impact which Units the user can create Protocols in.
IACUC Viewer: These users have permission to view IACUC Protocols in all groups that report up to the groups they are assigned this role in. Also, access to Protocol Reports but limited to IACUC and to the unit(s) they are members of and those units below.
IACUC DEPARTMENT LEAD: These users receive all the same viewing permissions as IACUC Viewer, and can be included as recipients on Protocol notifications based on the lead unit of the Protocol.
IACUC System Configurer: These users have permission to make changes to the IACUC Protocol templates, configurations, and external data options.
IACUC Report Viewer: Access to Protocol Reports limited to IACUC and the unit(s) they are members of and those units below.
IBC Admin: This is the role used typically for IACUC office users so they can review protocols. They can see, edit, submit, and take administrative actions on IACUC protocols in all groups that report up to the groups they are assigned this role in. They will also receive notifications when certain actions are taken in the system depending on your institution's configurations. Also, access to Protocol Reports for IACUC protocols with lead unit in their unit and below. They will also be able to filter by all fields in the form and all default filters available on the Manage Protocol screen.
IBC Auditor: This role gives admin level view access to protocols without the ability to take actions which could be used to grant auditors (or similar roles) protocol view access. This includes the ability to view the protocol, full Activity Log (including viewing content limited to the admin like Notifications, Assigned Reviewers, etc.), any Action Item marked as visible to the Researcher, Action Item Summary, all Notes and Attachments, all Reportable Events linked to the Protocol, all Ancillary Review comments, and the ability to filter protocols by all fields in the form and all built in fields available to the Admin on the Manage Protocol screen.
IBC Triage: This role is used typically for intake in an IBC office so a user can review and access incoming protocols but don't have full rights to take review or admin functions. They can view protocols in their Manage Protocols list, add/edit/view Review Assignments, Print, view Admin Attachments, view Reportable Events (add/edit/view Review Assignments, and view activity log.
IBC User: These users have permission to create IBC Protocols in the system. The group this permission is assigned to does not impact which Units the user can create Protocols in.
IBC Viewer: These users have permission to view IBC Protocols in all groups that report up to the groups they are assigned this role in. Also, access to Protocol Reports but limited to IBC and to the unit(s) they are members of and those units below.
IBC DEPARTMENT LEAD: These users receive all the same viewing permissions as IBC Viewer, and can be included as recipients on Protocol notifications based on the lead unit of the Protocol.
IBC System Configurer: These users have permission to make changes to the IBC Protocol templates, configurations, and external data options.
IBC Report Viewer: Access to Protocol Reports limited to IBC and the unit(s) they are members of and those units below.

To make changes to the roles described above press the Edit Group button on the right hand side of the screen.

This will open an editable view of the Group. Click on the role you need to assign members to and begin typing a search for them. You can search by username, first name, or last name. The field will immediately display possible matches to your search. As soon as you see the user you need to add click on them and they will be added to the role.