Roles & Permissions

ActiveSLR uses a two-level role-based access control (RBAC) system. Every user has an organization role that governs what they can do across the organization, and a project role within each project they are added to that governs what they can do inside that project.

Both role types are fully customizable - you define role names and choose which permissions each role includes.

Two levels of access

Organization roles

Organization roles apply across the entire organization. They control administrative capabilities such as creating projects, inviting new members, managing billing, and viewing the activity log.

A user's organization role is assigned when they are invited and can be changed at any time by an organization administrator.

Project roles

Project roles apply within a specific project. They control research workflow capabilities such as screening studies, uploading reference files, managing PICO criteria, and running deduplication.

A user's project role is assigned when they are added to a project. A user can have different project roles in different projects.

Screenshot needed

Diagram showing the two-level RBAC structure with organization roles at the top and project roles nested within projects

How the two levels interact

A user must have an organization role to access the organization at all. Within a project, their project role further restricts what they can do. Neither role overrides the other - both must be satisfied for a user to perform a given action.

For example, a user with a broad organization role but a restricted project role can manage the organization but can only perform the specific project actions their project role permits.

Info

There is no concept of a "superadmin" that bypasses roles. Even organization owners operate through the role system, though they can always assign themselves any permission.

Default roles

ActiveSLR does not ship with locked-in default roles. When you set up your organization, you create the roles that fit your team's structure. This gives you full flexibility to model your team's hierarchy exactly.

Tip

A common setup is to create an Admin organization role with all permissions, a Member organization role with read-only access, and project roles for Screener, Reconciler, and Data Extractor based on the tasks each person performs.

Permission reference

For a full list of available permissions per level, see:

Organization roles - addProject, inviteUser, deleteUser, addRole, license, logs, and more.
Project roles - screening, reconciliation, fullTextScreening, dataExtraction, upload, managePICOS, and more.