User Roles and Permissions

  • Updated

Flywheel roles and permissions give you granular control over what data users have permission to view and edit.

This article explains:

  • An overview of the roles and permissions structure in Flywheel.

  • The how to edit a user's Site, Group, or Project role

  • What actions a user can take with each role

See our other article to learn how to create your own custom role.

Overview

Flywheel users can see, edit, or delete data based on their roles and permissions.

  • Permission: Enables or disables the ability to perform a specific action in Flywheel. For example, adding notes to a Project is a specific permission.

  • Role: A group of permissions that are assigned to a user. For some roles you can edit the permissions.

The 3 levels of the hierarchy in Flywheel where you can assign a role are at the Site, Group, and Project level. All users have a role assigned at each of these levels:

  • Site role: These roles are broad and assigned when you create a new user. In general, these roles match what the user is doing in Flywheel at a high level. Site roles are Site Admin, Developer, and User. Pair these basic site roles with the more granular roles assigned at the Group and Project level.

  • Group role: Group roles give users broad permissions for what they can do within a Group. For example, do you want users to be able to add other users to the Group? Should the user be limited to just viewing information about the Group? Group roles are Admin, read-write, and read. .

    Assigning a Group role does not automatically add users to Projects in that Group.

  • Project role: By default, Projects have Admin, read-write, and read-only permissions. However, Site Admins can create customized project roles for each project. Custom project roles give you the flexibility to only give users access to the data they need. included with the default Project role. Go to our other article to learn how to create custom roles.

    If you only want a user to see certain projects under a Group, you can assign the user a role in the Project without giving the user a Group role. To give the user access to a Project, but not the Group associated with the Project, add them from the Permissions screen of the Project.

     

Edit site roles

You must be a Site Admin to assign site roles to users. You assign the site role when you create a user in Flywheel, but you can edit site roles. To edit:

  1. Go to Users > choose a user.

  2. Select the Information tab.

    15ed5665002f7f.png

  3. Next to Role, select a role from the dropdown.

Site Admin

The Site Admin has the highest site-level permissions. Site Admins can create new Users and Groups, and modify user roles and permissions site-wide. You can think of this as a superuser role.

Developer

Developers have site-wide permission to upload gears. Admins must assign Developers permissions to Groups and Projects to be able to see data.

User

The User role does not carry any special permissions. Admins must assign Users permissions to specific Groups and Projects to be able to see data.

Assign and edit Group roles

These permissions apply to Flywheel Groups. By default, Group permissions also apply to Projects within that Group (you can configure this setting so projects do not automatically inherit Group permissions).

Note

Assigning a Group role does not automatically add users to Projects in that Group.

To give a user permission to a Group:

  1. Go to Users > choose a user.

  2. Select the Permissions tab, and click Add.

    15ed566500af26.png

  3. From the dropdown menu, select a Group and select either Admin, Read-Write, Read. .

Role overview

Below is some highlights for what each role can do in Flywheel. See the table below for more information on the permissions included with these roles

Admin:

  • Manage Group Permissions

  • Create New Project

  • Delete Project

  • Add Users to Group

Read-Write:

  • Manage Group Permissions

  • Create new Projects

  • Delete Projects

Read:

  • View Projects

Assign and edit Project roles

Project roles allow you to control who can view, edit, and delete data within your Project. You must be an Admin for the Project or a Site Admin to edit Project roles.

Note

If you only want a user to see certain projects under a Group, you can assign the user a role in the Project without giving the user a Group role. To give the user access to a Project, but not the Group associated with the Project, add them from the Permissions screen of the Project.

Custom roles: You can also create custom roles.

To give users permissions to a Project:

  1. Navigate to the Project

  2. Select the Permissions tab.

    15ed566501212d.png

  3. From the dropdown menu, select user.

Select a permission level for the user. See the table below for more information on the permissions.

Tip

Create a project template to standardize roles and permissions

Project templates allow Site Admins to manage the project's default roles and permissions when creating a new project. See our article to learn more about how to create project template.

Compare project roles and permissions

Table 1. Compare project roles and permissions

Permission

Read-only

Read-Write

Admin

Required

Container Hierarchy (Subject/Session/Acquisition)

View Subject, Session, And Acquisition Metadata

x

x

x

x

Create new Subject, Sessions, and Acquisitions

Required if the user is importing data. This does not give user ability to create a Project or copy subjects, sessions, or acquisitions into another project.

  

x

x

  

Modify Metadata

Includes Project metadata

  

x

x

  

Delete Subject, Sessions, and Acquisitions

This includes:

Files

Moving Subjects, Sessions, Acquisitions from a project

There are special considerations for deleting Device data. See the considerations below for more detail.

  

x

x

  

Delete Project

    

x

  

Analyses

View Analyses Metadata

x

x

x

  

Create Analyses

“Ad-hoc Analyses”

Upload files to Analysis

  

x

x

  

Create Analyses via Job

  

x

x

  

Modify Analyses Metadata

  

x

x

  

Delete Analyses

Includes Files

  

x

x

  

Files

View file metadata

x

x

x

x

View file contents

x

x

x

  

Download files

x

x

x

  

Create and upload files

  

x

x

  

Modify file metadata

  

x

x

  

Delete non-device files

For example, data that originated from running a gear. .

  

x

x

  

Delete device data

For example, deleting images uploaded directly from an MR scanner. .

  

x

x

  

Tags

View Tags

x

x

x

x

Create, modify, and delete Tags

  

x

x

  

Notes

View Notes

x

x

x

x

Create, modify, and delete Notes

  

x

x

  

Project Permissions

View Project permissions

x

x

x

x

Create, modify, and delete Project permissions

  

x

x

  

Data views

View Data View and results

x

x

x

x

Create, Modify, and Delete Data Views

  

x

x

  

Session Templates

View Session Templates and results

x

x

x

x

Create, modify, and delete Session Templates

  

x

x

  

Gear rules

View Gear Rules

x

x

x

x

Create, modify, and delete gear rules

    

x

  

Jobs- Gear runs

View jobs

Includes job metadata, configuration, and logs

x

x

x

x

Run and cancel jobs (utility)

  

x

x

  

Cancel other users and system jobs

    

x

  

Group Administration- Projects

Create Projects

    

x

  

Delete Projects

    

x