Developers can write and deploy code on LabKey Server. This topic describes the roles that can be granted to developers.

Platform Developer

The Platform Developer role allows admins to grant developer access to trusted individuals who can then write and deploy code outside the LabKey security framework. By default, the Developer group is granted this role on a site-wide basis. When that code is executed by others, it may run with different permissions than the original developer user

The Platform Developer role is very powerful because:
  • Any Platform Developer can write code that changes data and server behavior.
  • This code can be executed by users with very high permissions, such as Site Administators and Full PHI Readers. This means that Platform Developers have lasting and amplified powers that go beyond their limited tenure as composers of code.
Administrators should (1) carefully consider which developers are given the Platform Developer role and (2) have an ongoing testing plan for the code they write.

Grant the Platform Developer Role

To grant the platform developer role, an administrator selects (Admin) > Site > Site Permissions. They can either add the user or group directly to the Platform Developer role, or if the Developers site group is already granted this role (as shown below) they can add the user to that group by clicking the "Developers" box, then adding the user or group there.

Platform Developer Capabilities

The capabilities granted to users with the Platform Developer role include the following. They must also have the Editor role in the folder to use many of these:

  • APIs:
    • View session logs
    • Turn logging on and off
  • Reports:
    • Create script reports, including JavaScript reports
    • Share private reports
    • Create R reports on data grids
  • Views:
    • Customize participant views
    • Access the Developer tab in the plot editor for including custom scripts in visualizations
    • Export chart scripts
  • Schemas and Queries:
    • Create/edit/delete custom queries in folders where they also have the Editor role
    • View raw JDBC metadata
  • JavaScript:
    • Create and edit announcements with JavaScript
    • Create and copy text/HTML documents with JavaScript
    • Create and edit wikis with JavaScript, using <script> and <style> tags
    • Create tours
  • Developer Tools:
    • More verbose display and logging
    • Developer Links options on the (Admin) menu
    • Use of the mini-profiler
    • etc.

Developer Site Group

One of the built in site groups is "Developer". This is not a role, but membership in this group was used to grant access to developers prior to the introduction of the platform developer role. By default, the Developers site group is granted the platform developer role.

Premium Feature — The Trusted Analyst and Analyst roles are only available in the Professional, Professional Plus and Enterprise Editions. Learn more or contact LabKey.

Trusted Analyst

The role Trusted Analyst grants the ability to write code that runs on the server in a sandbox.

Sandboxing is a software management strategy that isolates applications from critical system resources. It provides an extra layer of security to prevent harm from malware or other applications. Note that LabKey does not verify security of a configuration an administrator marks as "sandboxed".

Code written by trusted analysts may be shared with other users and is presumed to be trusted. Admins should assign users to this role with caution as they will have the ability to write scripts that will be run by other users under their own userIds.

To grant the Trusted Analyst role, the administrator selects (Admin) > Site > Site Permissions and adds users or groups to the roles as appropriate.

Trusted analysts also have the ability to create/edit/delete custom queries in folders where they also have the Editor role.

Analyst

The role Analyst grants the ability to write code that runs on the server, but not the ability to share that code for use by other users. For example, an analyst can use RStudio if it is configured, but may not write R scripts that will be run by other users under their own userIDs.

Related Topics

Discussion

Was this content helpful?

Log in or register an account to provide feedback


previousnext
 
expand all collapse all