Tenant Admins have the ability to control who has access to specific applications found within Benchling. Application control can be managed at the org, team, or individual level.
If an application has been purchased and enabled for your tenant, tenant admins can assign the following access levels:
- "None" Access - User(s) cannot perform any actions within this application
- "Full" Access - User(s) will be able to perform normal actions within this application
Important Note: Tenant admins controls manage whether a user has access to an application as a whole, however users will still have controllable permissions at the project/registry level. For example, a tenant admin can give a user “Full Access” to the Molecular Biology application, but if that user only has read access to a project, then they will only be able to read sequences within that project.
How to change access for an individual user
Access the Tenant Admin Console by clicking on the avatar in the bottom left corner of your screen and navigate to the Users tab:
Find the user of interest and click on the “...” on the right-hand side of that user’s row. Select Manage application access:
Select the application(s) that you would like to change access to, and select Save to complete the process:
Note: Notebook access defaults to"Full Access" for all users and can not be altered. Changes in Notebook access can only be managed by project permissions .
If you do not see an application that you have purchased appear in the options list please contact firstname.lastname@example.org.
How to change the access for a team or organization
Access the Tenant Admin Console and navigate to the team/org tab:
- Select the “...” for the team/org of interest
- Select Manage application access
- Change the application access for that specific team/org
- Select Save to complete
Note: Changing application access for a team will apply to all current and future team members
What happens if an application depends on another application?
Benchling applications are all interconnected. As a best practice, we suggest giving users access to all applications by default. However, if you do need to manage access for different apps, keep in mind that some of the applications require others to be enabled. For example, a user needs full access to the Registry if they plan on using Inventory and/or Results. If you try to disable one application without the other dependent application, Benchling will provide a warning and ask you if you'd like to remove access to the dependent application as well. See how removing access notifies you of application dependencies below:
The same dependency applies when granting access to applications. For example, you will not be able to grant access to Results until you've granted "Full Access" to the Registry. See this application dependency below:
The order of access changes is important!
As stated in this article, any tenant admin can change application access at either the individual user, team, or org level. This means that the order of the changes is important for determining the resulting application access for a user/set of users..
- Grant Analytical Development team "No Access" to Inventory
- Navigate to the admin user on the Analytical Development team and give them "Full Access" to Inventory
The above scenario would mean that the Analytical Development team has No Access to Inventory except for their Admin user because the user's access was set after the team's access.
- Grant a user "Full Access" to Molecular Biology
- Navigate to the Analytical Development team and give them "No Access" to Molecular Biology
The above scenario would mean that all of the Analytical Development team would have "No Access" to Molecular Biology. That includes the user you set in step 1 because the team was set after the individual user.
What is the application access source of truth?
Since the order in which you grant access is important, it's helpful to know where you can find the source of truth for what access a user has. The user page on the Tenant Admin Console will always display the current application access for that user. The includes access that's set at the org or the team level. The user page will always display the source of truth.