Configuring Access to Jobs based on Job Type
Although a user might have Create, Update and Delete permissions for jobs, there are times when these options might require restriction based on the type of job being processed.
In addition to standard security on classes, access to jobs can be secured based on job type, including:
- Org-scope template jobs
- Lab-scope template jobs
- Lab-scope production jobs
- Lab-scope proposal jobs
- Lab-scope internal jobs
- Lab-scope laboratory batch jobs.
Job Type Resources
CCLAS has a resource type called 'JT' which is used to secure the ability to create, update and delete jobs based on job type. These restrictions apply also to the related child entities (for example: sample, sample scheme, sample scheme analyte, job scheme and job scheme analyte).
The following resources, of resource type 'JT' correspond to the ability to create, update and delete jobs based on job type:
|
LAB_TEMPLATE_JOB_CREATE |
LAB_TEMPLATE_JOB_UPDATE |
LAB_TEMPLATE_JOB_DELETE |
|
ORG_TEMPLATE_JOB_CREATE |
ORG_TEMPLATE_JOB_UPDATE |
ORG_TEMPLATE_JOB_DELETE |
|
LAB_PROPOSAL_JOB_CREATE |
LAB_PROPOSAL_JOB_UPDATE |
LAB_PROPOSAL_JOB_DELETE |
|
LAB_PRODUCTION_JOB_CREATE |
LAB_PRODUCTION_JOB_UPDATE |
LAB_PRODUCTION_JOB_DELETE |
|
LAB_INTERNAL_JOB_CREATE |
LAB_INTERNAL_JOB_UPDATE |
LAB_INTERNAL_JOB_DELETE |
|
LAB_LAB_BATCH_JOB_CREATE |
LAB_LAB_BATCH_JOB_UPDATE |
LAB_LAB_BATCH_JOB_DELETE |
These resources have permissions which are similar to 'ME' (Method) resource types in that there is only full access or no access. In order for a user to be able to create jobs of a specific type they must be in a role which has rights that contain the resource type with 'full' access.
Example: For a user to be authorised to create a production job, they must have a role that has a right that has full access to the LAB_PRODUCTION_JOB_CREATE resource, otherwise a service-level security exception is thrown by the service. The same applies regardless of whether the user tries to perform this operation via the user interface or via the web service.
These resources have permissions which are similar to 'ME' (Method) resource type in that there is only full access or no access. Each of these methods (Create, Update and Delete) for each job type is made available to users via the specific security resources, which is then included in rights, and those rights included in the roles assigned to users. In order for a user to create jobs of a specific job type, the user must have a role which has rights that contain the resource type with full access.
For example, for a user to have permission to create a job with a job type of Production, the user must have a role that has a right that has full access to the LAB_PRODUCTION_JOB_CREATE resource, otherwise a service level security exception is thrown by the service. The same applies regardless of whether the user attempts to perform the operation via the user interface or the web service.
Note: Existing business rules apply to the registration (creation) of a laboratory batch job using the CCREGN—Job application. That is, these types of jobs can only be created using the CCBTCH—Job Batch application.
Related processes...
- Maintaining Users
- Maintaining Resources
- Maintaining Rights
- Maintaining Security Roles
- Working with Scope and Codes
- Maintaining Jobs
- Batching Samples for Analysis
- Locating Jobs for Analysis
- Loading a Workbook
- Releasing Results in a Workbook Session
- Releasing and Validating Results during Job and Sample Validation
- Maintaining Invoices
