Skip to main content

Roles and privileges

Test Services uses OpenLab Shared Services (OLSS) authentication. This page lists the roles Test Services creates, the privileges each role includes, and the additional privileges each test requires. The privilege requirements differ between standard OpenLab CDS deployments and OpenLab ECM 3.x deployments, which are listed separately. On a Workstation with authentication set to None, no login is required and roles and privileges do not apply. For how authentication is configured, see About authentication.

Roles created at first login

At the first login by an OLSS administrator after installation, Test Services creates two project roles and two OLSS privileges. Any user with the OLSS Everything role receives the new privileges automatically; other users need the Test Services User role added to their profile in the Control Panel.

Table 1. Roles created by Test Services

RoleDescription
Test Services UserAllows the user to log in to Test Services and, at a minimum, run the System Report and the OpenLab Software Installation Verification Test (SVT).
Test Services AdministratorIncludes all privileges of the Test Services User role plus the Manage Test Services privilege.

Table 2. Privileges created by Test Services

PrivilegeGranted by
Run Test ServicesTest Services User and Test Services Administrator roles.
Manage Test ServicesTest Services Administrator role only.

Privileges included with each role

The two Test Services roles bundle a fixed set of OLSS privileges. The Manage Test Services privilege, which the Scheduling and Notifications features require, is the only difference between the two roles.

Table 3. Privileges included with each Test Services role

PrivilegeTest Services AdministratorTest Services User
View project or project groupYesYes
Manage project or project groupYesYes
Edit content of projectYesYes
Run Test ServicesYesYes
Manage Test ServicesYesNo

Privileges required per test (standard deployments)

Each test requires the Test Services User role plus, for some tests, additional OLSS privileges. The following requirements apply to Workstation, Workstation Plus, and standard client and server deployments that do not use OpenLab ECM. On a Workstation with authentication set to None, no privileges apply.

Table 4. Privileges required to run each test

PrivilegeSVTSystem ReportSecurity TestStorage System TestConnectivity TestWorkflow Test
Test Services User roleYesYesYesYesYesYes
Manage securityYesYes¹
View Activity LogYesYes²Yes
Delete content of projectYes⁴
View instrument or locationYesYes
Manage instrument or locationYesYes
Create and modify sequenceYes
Run instrumentYes
Edit running sequences³Yes
Edit method override parametersYes

¹ Not required for the Storage System Test on a Workstation with Internal or Domain authentication.

² Not required for the Storage System Test on a Workstation with Internal or Domain authentication.

³ Either Edit users own running sequences or Edit any users running sequences.

⁴ Required only on the Secure Storage backend; not required on OpenLab ECM or Local File System.

note

View Activity Log is an administrative OLSS privilege and cannot be added to the project-level Test Services roles. A user who runs a test that needs activity log access must be granted this privilege through a separate administrative assignment.

Privileges required per test (OpenLab ECM 3.x)

OpenLab ECM 3.x deployments require additional ECM content and system privileges beyond the OLSS privileges listed above. To use Test Services with ECM 3.x, a user must exist in both OpenLab ECM and OLSS, with the Test Services User role assigned.

In OpenLab ECM 3.x, the Test Services User role includes the ECM privileges Content: File (View, Add), Content: Folder (View, Add), and Content: File Filtering (Edit). With these privileges a user can log in, view history, download reports, and run the SVT and System Report.

Table 5. Additional ECM 3.x privileges required to run each test

PrivilegeSVTSystem ReportSecurity TestStorage System TestConnectivity TestWorkflow Test
System: Service Administration (Run)Yes
System: Audit Trail (View)YesYes
System: Roles Configuration (View, Edit)Yes
System: Users/Groups Configuration (View, Edit)YesYes
System: Filtering Configuration (Edit)Yes
System: Quick Search (Run)Yes
Content: File (Delete)Yes
Content: File Association (View, Add)Yes
Content: File Association (View)Yes
Content: File Revisions (View)YesYes
Content: Folder (Edit, Delete)Yes
Content: Folder Access Properties (Edit)Yes
Content: Move File (Run)Yes
Content: Move Folder (Run)Yes
Content: Rekey File (Run)Yes
Manage Security (OLSS)YesYes
View Activity Log (OLSS)YesYesYes
View instrument or location (OLSS)YesYes
Manage instrument or location (OLSS)YesYes
Run instrument (OLSS)Yes
Create and modify sequence (OLSS)Yes
Edit running sequences (OLSS)³Yes
Edit method override parameters (OLSS)Yes

³ Either Edit users own running sequences or Edit any users running sequences.

Service user

A service user can be designated to run tests. When a service user is designated, any logged-in user can view results and start tests, but all tests run under the service user account. When no service user is designated, any logged-in user with the correct privileges runs tests under their own account. For how to set this up, see Set up run credentials.

See also