Roles and privileges
Test Services uses OpenLab Shared Services (OLSS) authentication. This page lists the roles Test Services creates, the privileges each role includes, and the additional privileges each test requires. The privilege requirements differ between standard OpenLab CDS deployments and OpenLab ECM 3.x deployments, which are listed separately. On a Workstation with authentication set to None, no login is required and roles and privileges do not apply. For how authentication is configured, see About authentication.
Roles created at first login
At the first login by an OLSS administrator after installation, Test Services creates two project roles and two OLSS privileges. Any user with the OLSS Everything role receives the new privileges automatically; other users need the Test Services User role added to their profile in the Control Panel.
Table 1. Roles created by Test Services
| Role | Description |
|---|---|
| Test Services User | Allows the user to log in to Test Services and, at a minimum, run the System Report and the OpenLab Software Installation Verification Test (SVT). |
| Test Services Administrator | Includes all privileges of the Test Services User role plus the Manage Test Services privilege. |
Table 2. Privileges created by Test Services
| Privilege | Granted by |
|---|---|
| Run Test Services | Test Services User and Test Services Administrator roles. |
| Manage Test Services | Test Services Administrator role only. |
Privileges included with each role
The two Test Services roles bundle a fixed set of OLSS privileges. The Manage Test Services privilege, which the Scheduling and Notifications features require, is the only difference between the two roles.
Table 3. Privileges included with each Test Services role
| Privilege | Test Services Administrator | Test Services User |
|---|---|---|
| View project or project group | Yes | Yes |
| Manage project or project group | Yes | Yes |
| Edit content of project | Yes | Yes |
| Run Test Services | Yes | Yes |
| Manage Test Services | Yes | No |
Privileges required per test (standard deployments)
Each test requires the Test Services User role plus, for some tests, additional OLSS privileges. The following requirements apply to Workstation, Workstation Plus, and standard client and server deployments that do not use OpenLab ECM. On a Workstation with authentication set to None, no privileges apply.
Table 4. Privileges required to run each test
| Privilege | SVT | System Report | Security Test | Storage System Test | Connectivity Test | Workflow Test |
|---|---|---|---|---|---|---|
| Test Services User role | Yes | Yes | Yes | Yes | Yes | Yes |
| Manage security | Yes | Yes¹ | ||||
| View Activity Log | Yes | Yes² | Yes | |||
| Delete content of project | Yes⁴ | |||||
| View instrument or location | Yes | Yes | ||||
| Manage instrument or location | Yes | Yes | ||||
| Create and modify sequence | Yes | |||||
| Run instrument | Yes | |||||
| Edit running sequences³ | Yes | |||||
| Edit method override parameters | Yes |
¹ Not required for the Storage System Test on a Workstation with Internal or Domain authentication.
² Not required for the Storage System Test on a Workstation with Internal or Domain authentication.
³ Either Edit users own running sequences or Edit any users running sequences.
⁴ Required only on the Secure Storage backend; not required on OpenLab ECM or Local File System.
View Activity Log is an administrative OLSS privilege and cannot be added to the project-level Test Services roles. A user who runs a test that needs activity log access must be granted this privilege through a separate administrative assignment.
Privileges required per test (OpenLab ECM 3.x)
OpenLab ECM 3.x deployments require additional ECM content and system privileges beyond the OLSS privileges listed above. To use Test Services with ECM 3.x, a user must exist in both OpenLab ECM and OLSS, with the Test Services User role assigned.
In OpenLab ECM 3.x, the Test Services User role includes the ECM privileges Content: File (View, Add), Content: Folder (View, Add), and Content: File Filtering (Edit). With these privileges a user can log in, view history, download reports, and run the SVT and System Report.
Table 5. Additional ECM 3.x privileges required to run each test
| Privilege | SVT | System Report | Security Test | Storage System Test | Connectivity Test | Workflow Test |
|---|---|---|---|---|---|---|
| System: Service Administration (Run) | Yes | |||||
| System: Audit Trail (View) | Yes | Yes | ||||
| System: Roles Configuration (View, Edit) | Yes | |||||
| System: Users/Groups Configuration (View, Edit) | Yes | Yes | ||||
| System: Filtering Configuration (Edit) | Yes | |||||
| System: Quick Search (Run) | Yes | |||||
| Content: File (Delete) | Yes | |||||
| Content: File Association (View, Add) | Yes | |||||
| Content: File Association (View) | Yes | |||||
| Content: File Revisions (View) | Yes | Yes | ||||
| Content: Folder (Edit, Delete) | Yes | |||||
| Content: Folder Access Properties (Edit) | Yes | |||||
| Content: Move File (Run) | Yes | |||||
| Content: Move Folder (Run) | Yes | |||||
| Content: Rekey File (Run) | Yes | |||||
| Manage Security (OLSS) | Yes | Yes | ||||
| View Activity Log (OLSS) | Yes | Yes | Yes | |||
| View instrument or location (OLSS) | Yes | Yes | ||||
| Manage instrument or location (OLSS) | Yes | Yes | ||||
| Run instrument (OLSS) | Yes | |||||
| Create and modify sequence (OLSS) | Yes | |||||
| Edit running sequences (OLSS)³ | Yes | |||||
| Edit method override parameters (OLSS) | Yes |
³ Either Edit users own running sequences or Edit any users running sequences.
Service user
A service user can be designated to run tests. When a service user is designated, any logged-in user can view results and start tests, but all tests run under the service user account. When no service user is designated, any logged-in user with the correct privileges runs tests under their own account. For how to set this up, see Set up run credentials.
See also
- Configure roles and privileges: assign the Test Services roles to users.
- About authentication: how Test Services authenticates through OLSS.
- Available tests: which tests run on each deployment type.
- Storage backends: the supported storage systems, including OpenLab ECM.