How permissions apply to items in Projects, the Registry, and Inventory depends on things like what the items are, whether or not they’re registered, settings on the schema, and other factors. This article will help explain how these pieces come together to determine which permissions apply under what circumstances.
While some objects might be shown in both the Registry and a Project, or in the Inventory and a Project simultaneously, the permissions for simple actions such as viewing or editing that object will only be derived from one of those locations. More complicated actions such as using a registration table to create new entities might check multiple permissions to cover all the actions involved, as laid out below in the Creating new objects section. Furthermore, permissions only depend on the current state; it doesn’t matter how an object got to a particular location or the history of being registered or unregistered, all that matters is the object’s current state when determining what permissions apply now.
Objects in the Inventory
Inventory objects like containers, plates, and boxes can be put into Projects and sometimes Project Folders, but they can also just exist in the Inventory with no association with any Project at all. Whether or not an Inventory object is in a Project or Folder determines which permissions are used:
- If the Inventory object is in a Project or Folder, the Inventory object will use the permissions applied to that Project or Folder where the Inventory object is located
- If the Inventory object is not in any Project or Folder (in other words, it is only in the Inventory) then the Inventory object will use the permissions set on the Registry
- This includes Locations, which cannot be put into a Project or Folder so they will always use the permissions set on the Registry
However, Inventory objects that are in an Inventory Location (which is true for most Inventory objects) also require the user to be able to view that parent Location, which typically requires the user to have at least View access to the Registry in order to view and use Inventory objects.
Objects in Projects and Registries
For non-Inventory objects in Projects and Registries like notebook entries, entities (ex: sequences, oligos), and insights dashboards, the permissions behavior depends on the object’s type and location, whether the object is registered, and settings on the object’s schema:
- If the object can’t be registered at all (ex: notebook entries, insights dashboards, or files) then it will always use the permissions from the Project or Folder where it’s located
- Likewise, if the object could be registered (ex: entities) but is not currently registered then it will use the permissions from the Project or Folder where it’s located
- If the object is registered, settings on the schema determine where the object’s permissions come from:
- If the schema uses Registry permissions (which is the default setting) then the registered objects will use the permissions from the Registry
- If the schema uses Project permissions, then the registered object will continue to use the permissions from the Project or Folder where it’s located
- If a registered object is not in a Project at all, it will then use the permissions from the Registry even if the schema is set to use Project permissions
Note: you can check if your schema is using Registry or Project based permissions by navigating to the schema in Feature Settings and viewing the Access Policies tab. If you’d like to change this setting on a schema, please reach out to your account team or Benchling Support.
Creating new objects
The permission to create new objects is determined by where the object is being created and whether there are additional actions such as registration happening simultaneously.
To create a new object in a Project or Folder, the user must have “Add other items” granted in the location where the object is being created. If the user is creating an entity, they must also have “Create Schema Objects” granted on the schema of the type of entity they’re trying to create. If the entity is also being registered at the same time (for example, when creating entities in a registration table) the user must also have “Register Schema Objects” on the schema, “Register Entities” on the Registry, and "Entities > Edit other data" on the Project or Folder.
To create a new object in the Registry or Inventory without placing the object in a Project or Folder location, the user will need to have “Create Schema Objects” and “Register Schema Objects” on the schema itself and “Register Entities” on the Registry.