After configuring the necessary Registry schemas, you can configure permissions and access policies for users, teams, and organizations to ensure everyone has appropriate access.

This article explains:

  • Higher-level Registry settings

  • Schema-level permissions

Getting started

Permissions can be set through Registry settings.

To navigate to Registry settings, please click on your avatar (bottom-left of the Navigation Bar) and select Feature Settings->Registry Settings.

image.png

Alternatively, Registry settings can also be accessed by navigating to the Registry application, and clicking on the gear icon located just to the right of organization name.

image.png

Configure Higher Level Registry Permissions

Permissions configured at the registry level will control who can view, access, and modify registry configurations and settings.

Please note: you can only edit Registry permissions if your account has ADMIN permissions to the Registry. Please contact your Registry Admin if you need this permission


How to Set Permissions

To set access policies for Registry:

  1. Navigate to Registry settings, and click on the General Tab, a Permissions modal should appear

  2. Within this modal, you can search for users, teams or organizations in the Manage Collaborators search bar and add them using the Add Collaborator button to allow Registry access

image.png

3. Once Registry collaborators have been added, permissions can be assigned by clicking on the drop down menu within the Permissions column and selecting an access policy. Please see below for the default actions granted for each access policy.

image.png


Admin


Write


Append


Read


None


View Registered entities

Granted

Granted

Granted

Granted


Not Granted


Register new entities

Granted

Granted

Granted


Not Granted


Not Granted


Edit Registered entities

Granted

Granted


Not Granted


Not Granted


Not Granted


Unregister Entities

Granted

Granted


Not Granted


Not Granted


Not Granted


Create/edit schemas

Granted*


Not Granted


Not Granted


Not Granted


Not Granted

*Result and Request schemas can only be edited by org admins or specifically configured teams

To configure custom Access Policies, please check out our “Configure Access Policies for Complex Permissions” Article linked below.

Configure Schema Level Permissions

Schema level Access Policies provide granular control over how users interact with schema definitions and their objects. Schema Access Policies work in conjunction with Registry and Project permissions to provide specific control over the information to which users have access.

At this time, schema level access policies are applicable to entry and entity schemas.

How to use

To set access policies for a given schema:

  1. Navigate to a specific schema within Registry settings, and click on the Access Policies Tab

image.png

2. Here a modal similar to the Registry permission modal will appear

image.png

3. Within this modal, you can search for users, teams or organizations in the Manage Collaborators search bar and add them using the Add Collaborator button to allow Schema access

image.png

4. Once Schema collaborators have been added, permissions can be assigned by clicking on the drop down menu within the Permissions column and selecting an access policy. Please see below for the default actions granted for each access policy.

Action Granted

Action Definition

Admin

Create

Read

View Schema Definition

View schema configuration in Registry settings

Granted

Granted

Granted

List Schema Definition

Controls where schemas are actively listed for a user to read. When granted, schemas are actively listed in: - Schema listing in the registry settings - Schema dropdown when linking from a different schema - Schema dropdowns in notebook templates - Search filters - APIs to list schemas

Granted

Granted

Granted

Edit Schema Definition

Edit schema configuration in Registry settings

Granted

Not Granted

Not Granted

View Schema Objects

View entities for a given schema

Granted

Granted

Granted

Create Schema Objects

Create entities of a given schema type

Granted

Granted

Not Granted

Registry Schema Objects

Access entities of a given schema type in Registry

Granted

Granted

Not Granted

If there are overlapping access policies for a given user, team or organization, Benchling will assign the most permissive access policy.

By default, only Admins can create schemas and once schemas are created, the schema creator Admin will be the only default admin on that schema. Once the schema has been created, there will be an access policy option to add additional users, teams and organizations as well as permissions for these user groups.

To summarize the behavior above, the following will occur during creation of a new schema:

  1. The user who creates the schema will become Admin of the created schema

  2. Admins of the Organization associated with the Registry in which the schema is located, will also by default be Admin of the schema

  3. Members of the org associated with the registry the schema belongs to will get Read permissions

  4. Once the schema is created, permissions can be modified and additional users, teams, organizations can be added and provisioned Admin, Create or Read permissions.

As a reminder, Drop downs and General Registry Permissions are only controllable by Registry Admins NOT Schema ADMINs.

Please note: a user with an ADMIN Policy on a schema can edit, add, or remove collaborators, to see how project based Registry permissions will be impacted please see related topics below.


Related topics

Configure Access Policies for Complex Permissions
Schema Permissions Overview
Configure Registry Schemas

Did this answer your question?