If you are a Tenant Admin, you will be able to control who has access to all the applications found in Benchling. Application control can be done at the Org, Team, or individual level and can be used to help control who has access to specific applications found in Benchling.
If an application has been purchased and enabled for your tenant, tenant admins can assign the following access levels:
- None Access - User(s) cannot perform any actions within this application
- Full Access - User(s) will be able to perform normal actions within this application
Important Note: Users will still have controllable permissions at the project/registry level. For example, a tenant admin can give a user “Full Access” to the Molecular Biology Application, but if that user has read access to a project then they will only be able to read sequences within that project. This feature helps address if a user should have access at all to a particular application while permissions can help control what they have access to within that application.
How to change the access for an individual user
Access the Tenant Admin Console and navigate to the Users tab:
Find the user of interest and click on the “...” on the right-hand side of that user’s row. Select Manage application access:
Select the application(s) that you would like to change access to and select Save to complete the process:
Note: Notebook access is defaulted to "Full Access" for all users can not be altered. Any changes in Notebook access must be managed by project permissions only.
If you do not see an application, which you have purchased, appear in the options list please contact email@example.com.
How to change the access for a Team or Org
Access the Tenant Admin Console and navigate to the team/org tab:
- Select the “...” for the team/org of interest
- Select Manage application access
- Change the application access for that specific team/org
- [Optional] Select the checkbox if you automatically want anyone who joins that team/org to gain the same set of access
- Select Save to complete
What happens if an application depends on another application?
Benchling applications are all very interconnected. Some of the applications will actually require others to be enabled in order to properly use that specific application. For example, a user needs full access to the Registry if they plan on using Inventory and/or Results. If you try to disable one application without the other dependent application, Benchling will provide a warning and ask you if you'd like to remove access to the dependent application as well. See below to see how removing access is has application dependencies:
The same dependency applies to granting access to applications. For example, you will not be able to grant access to Results until you've granted "Full Access" to the Registry. See below to see this application dependency:
Order of application access changes is important!
As stated in this article, any tenant admin can change the application at either the individual user, team or entire Org level. This means that the order of the changes is important for determining the resulting application access for a user/set of users.
- Grant Analytical Development team "No Access" to Inventory
- Navigate to the Admin user of the Analytical Development team and give them "Full Access" to Inventory
The above scenario would mean that Analytical Development has No Access to Inventory except for their Admin user because the user's access was set after the team's access.
- Grant a user "Full Access" to Molecular biology
- Navigate to the Analytical Development team and give them "No Access" to Molecular biology
The above scenario would mean that all of the Analytical Development team would have "No Access" to Molecular Biology. That includes the user you set in step 1 because the team was set after the individual user.
What is the application access source of truth?
Since the order in which you grant access is important, it's helpful to know where you can find the source of truth for what access a user has. The user page on the Tenant Admin Console will always display the current application access for that user. The includes access that's set at the Org or the Team level. The user page will always display the source of truth.