User roles
In Opus 2 Platform, a user role is a collection of capabilities that have been turned on or off and then clustered into a named role. This means any user role may appear different and be named differently on separate instances of the application. For that reason this overview provides a detailed description of each capability that may be included in the configuration of a complete role, rather than a description of any specific roles.
A user role can be configured and allocated both on a system-wide basis and for specific projects, but the two types of role have some differences.
System wide roles
A system-wide role applies to individual users only. Roles may be allocated in bulk to multiple users, but not to Teams. Anything a user is able to access or do on the global instance is determined by the capabilities defined in this role. All users need to have a role allocated at the system level.
Project specific roles
Individual projects may have specific user roles configured for them. These roles apply to that project only. A project role can only be allocated to a user Group, not to an individual user. If a user is added to a project Group with a specific project role this will determine what they are able to do in that particular project, irrespective of their system role. Project roles supersede system roles.
A project user that has not been allocated to a project group will retain the capabilities defined by their system role. Templates, like projects, may have specific user roles configured for them. If this is the case, any project created from that template will have the group, but it will not have any associated users with it. These need to be added to the group for each new project.
Configuring a user role
To create a user role in Opus 2 Platform an operator or systems administrator needs to configure a combination of various capabilities. A 'role' is essentially a list of capabilities.
Each instance of Opus 2 Platform will come with a number of pre-configured roles, but it is possible to create new roles by combining a set of capabilities to suit a specific user purpose.
List of capabilities
The following tables provide a description of each capability in relation to which action it enables or gives access to when included in a role. The capabilities are conceptually divided into different functional areas of Opus 2 Platform, but this does not affect how they may be combined.
Certain capabilities are dependent on other capabilities. Where this is the case, the required capability is listed in the description.
Table 1. System Admin
| Capability | Description |
|---|---|
| System admin | Gives access to the 'cog' symbol in the top right hand corner of an instance, from where the main system administration menu is accessed |
| Manage system dashboards | Allows for the creation of new private and shared system dashboards, as well as the ability to edit existing dashboards. |
| Manage templates | This is an operator-only capability that gives access to the 'templates' tab of the system administration menu, as well as the ability to create a template from any project within an instance. This capability requires the following project administration capabilities: Project admin. |
| See all projects | Allows for the ability to see every project that has been created on an instance, irrespective of whether the relevant user created that project or has been added to that project. |
| Manage projects | Create and delete new projects from any template that the user has access to. This capability requires the following project administration capabilities: Project admin; Manage project groups; Manage project roles; Manage individual project users. Users with the 'operator-only' ability switched on are able to create new empty (bare) projects not based on a template. |
| Create Projects | Allows for the ability to only create a project. Deleting a project requires the Manage Projects permission. |
| See all users in the system | Allows for the ability to see all users registered in an instance, from within any part of the application the user has access to. |
| View billing | Redundant - now covered by the 'Usage stats' capability. Scheduled to be removed. |
| Usage stats | Gives access to content provided under the 'Usage' tab of the main system administration menu. |
Table 2. User Management
| Capability | Description |
|---|---|
| Add external users | Allows a user to add new users to an environment via the Users tab in the system administration menu. Users can be added individually, or multiple users may be imported in batch via a spreadsheet or .csv file. |
| Add internal users | NOTE: This capability is currently not in use within the software. It is intended for use with SSO-integrated environments, where a user may add an internal user from within the SSO-integrated organisation, but not any other external users to an environment. |
| Manage teams | Enables a user to create, edit and delete Teams, and add and remove users from Teams. |
| Manage global roles | Allows a user to name and configure new system roles from the list of available capabilities. |
Table 3. Dashboard
| Capability | Description |
|---|---|
| View system dashboard | Upon login, the full system dashboard with any additional configured widgets is visible to the user. |
| Default to project directory | Upon login, a simplified card view of all available projects is visible to the user. |
Table 4. Integrations
| Capability | Description |
|---|---|
| Manage application tokens | Create application tokens from within an instance to facilitate integration with third party software applications. |
| Receive documents by email | If an email integration has been configured on an instance, the user may email documents directly into the instance, and subsequently allocate them to any project. |
Table 5. Project Admin
| Capability | Description |
|---|---|
| Project admin | Gives access to the 'Project settings' page and menu option in the project drop down menu. |
| Manage project groups | Enables the ability to add, edit and delete groups from a project. This capability requires the following project administration capabilities: Project admin. |
| Manage project roles | Enables the ability to create new roles, configure and delete existing roles from a project. This capability requires the following project administration capabilities: Project admin. |
| Manage individual project users | Enables the ability to add users to groups, allocate and remove project roles and add and remove users from a project. This capability requires the following project administration capabilities: Project admin. |
| See all users in the project | Allows access to all users in a project whenever a list of users is provided. Without this capability, users will only see those who are in the same user group as themselves, or else no other users if not in a group. |
| Manage access control | Enables a project user to set access levels on any entity within the project where ACL is available. |
Table 6. Project content
| Capability | Description |
|---|---|
| View project dashboards | Allows a user to see any preconfigured dashboard that has been shared and choose this dashboard for their own display purposes. |
| Manage project dashboards | Enables a user to configure a new dashboard and share this with other users in the project if required. This capability requires the following project content capabilities: View project dashboards. |
| Manage tags | Enables a user to access the tag manager dialog from the Project button menu, add individual tags, edit and delete existing tags. This capability requires the following project content capabilities: View project dashboards. |
| Import and export tags | Allows a user to batch upload a set of tags from a spreadsheet or .csv file, including nested tags, and export a current tag set and structure to a spreadsheet or .csv file. This capability requires the following project content capabilities: View project dashboards; Manage tags. |
| Upload files | Allows a user to upload unpublished files and access the files page from the project settings menu to view and perform relevant actions on the unpublished files. Users with this capability switched on will see a toggle in the document upload dialog whenever performing an upload that will allow them to choose whether or not to publish the contained files on upload. This capability requires the following project content capabilities: View project dashboards. This capability requires the following documents capabilities: Access file manager. |
| Manage charts | Enables access to the datatables and charts management page via the project settings menu. Allows a user to create a new datatable based on quantifiable worksheet data accessible to the user. Also enables a user to create charts based on a datatable. This capability requires the following project content capabilities: View project dashboards. |
| View trash | Allows access to the 'trash' page from the main Project button menu and enables viewing and restoring items that have been moved to trash. This capability requires the following documents capabilities: View documents. |
| Delete trash | Allows a user to permanently delete trashed items from the trash page. |
| Full project access | Users without this capability are only able to access the portal(s) part of a project. Any other capabilities the role may have configured will still apply to the user, but they can only be performed from within a portal. |
Table 7. Documents
| Capability | Description |
|---|---|
| View documents | Allows a user to view a published document in either preview mode or in the document viewer. |
View collections | If collections has been enabled, allows a user to view collections, collection numbers and collection items. This capability requires the following documents capabilities: View documents. |
| Upload documents | Provides access to the upload facility from within the documents and files pages as well as the ability to upload documents directly to a project from within any metadata field where documents and document upload is enabled. This capability requires the following documents capabilities: View documents; Manage folders. |
| Work with documents | Gives access to the main 'Documents' and 'Search' pages in a project. This capability requires the following documents capabilities: View documents. |
| Autolinking | Enables a user to access the 'Autolinking' feature from the main Actions menu on the Documents page. |
| Redact documents | If redaction is enabled on a project, this capability will enable a user to redact text on any document in a project. |
| Manage folders | Allows a user to create new folders, delete existing folders and edit the description, title, colour and sort order of existing folders. This capability requires the following documents capabilities: View documents. |
| Manage Sub Folders | Allows a user to only create new sub folders, and not top-level folders. This allows for better user management in situations where users need to manage folders and document uploads within a specific branch, but not across a whole project. |
| Manage metadata fields | Enables a user to create new custom metadata fields, edit existing fields and initializations, delete fields and set or unset fields as principal id markers. This capability requires the following documents capabilities: View documents. |
| Manage metadata | Allows a user to edit the metadata fields of an individual document in the document details panel. This capability requires the following documents capabilities: View documents. |
| See Duplicate Metadata | A metadata field called “Duplicates” has been added. This field lists the ID of any documents which are duplicated. This is broken out into a separate permission because the Duplicates column will display the ID of documents which a user may not have access to due to access control limitations. A release notes video with further information can be found at this link. |
| Export documents | Allows a user to configure a document or selection of documents for specific export parameters, including title, inclusion of annotations, stamps and an index configured from selected metadata options. This capability requires the following documents capabilities: View documents; Download documents. |
| Download original files | Enables direct download of the original file that was uploaded to a project. This capability requires the following documents capabilities: View documents. |
| Download documents | Enables direct download of a single document that has been processed into pdf format on upload. If the original file was of a type that could not be processed into a pdf, a slipsheet will be downloaded instead. |
| Manage document stamps | Enables access to the stamp configuration dialog where new stamps may be created and existing stamps may be edited and deleted. This capability requires the following documents capabilities: View documents. |
Annotate documents | Allows a user to make annotations if the ability to create notes on highlighted text has been configured in a project. This capability requires the following documents capabilities: View documents. |
| Manage collections | Allows a user to create new collections, delete existing collections and edit the title, access level, color, numbering, stamp and annotation settings of existing collections. This capability requires the following documents capabilities: View documents; View collections. |
| Access file manager | Grants access to the 'files' page of a project and allows a user to work with these files. Also enables the ability to upload unpublished files. This capability requires the following project content capabilities: Access project dashboard. |
| Export search results | Allows a user to export the results of a search query, including metadata, as a .csv or .xlsx file, or exporting a full search report. This capability requires the following documents capabilities: View documents; Work with documents. |
| Manage transcripts | Allows a user to upload transcripts, adjust transcript preamble and page numbering and delete transcripts in a project where the transcripts feature is enabled. |
Table 8. Worksheets
| Capability | Description |
|---|---|
| View worksheets | Allows a user to view all available worksheets in a project. Without this capability the 'worksheets' tab and any pinned worksheets in the main menu will not view visible to the user. |
| View worksheet calendars | Enables the ability to view worksheet records of type 'date' in calendar view. This capability requires the following worksheets capabilities: View worksheets. |
| View worksheet cards | Enables the user to see the cards display view option for worksheets. This requires the worksheet to have a field of type 'choice' to be configured. This capability requires the following worksheets capabilities: View worksheets. |
| Manage worksheets | Enables the ability to edit the settings of an individual worksheet, including its properties, adding, editing and deleting specific metadata fields, configure dependencies and initializations between worksheet records, create new forms and cards to be used for different purposes in a project, and decide the use of forms and cards via the worksheet view mapping facility. This capability requires the following worksheets capabilities: View worksheets; Edit worksheet content. In operator mode, this capability allows a user to create new worksheets. |
| Import/export worksheets | Allows a user to export worksheet data as a spreadsheet or as a table in a document, as well as export the structure of a worksheet as a json object. Also allows a user to import records form a spreadsheet or .csv file into an existing worksheet. This capability requires the following worksheets capabilities: View worksheets; Edit worksheet content. In operator mode, this capability allows a user to create a new worksheet from a spreadsheet or csv file. |
| Edit worksheet content | Enables the ability to create new worksheet records, and edit and delete existing worksheet records. This capability requires the following worksheets capabilities: View worksheets. |
| Advanced worksheet fields | Enables access to the advanced metadata field types single remote record; multiple remote records; single sub-record; multiple sub-records; project. This capability requires the following worksheets capabilities: View worksheets; Manage worksheets; Edit worksheet content. |
| Lock/Unlock Worksheet Records | Enables the ability to lock worksheet records to prevent incidental or purposeful modifications. |
Table 9. AI Analysis
| Capability | Description |
|---|---|
| Single Document Analysis | Allows a user to view and run generative AI analysis on one document at a time. This includes chat on a single document and any other configured analysis options |
| Bulk Document Analysis | Allows users to add documents to a Canvas to be analyzed in bulk. Users may return later to view the completed summaries and/or generative AI analysis. |
Table 10. Portals
| Capability | Description |
|---|---|
| View portals | Enables access to any portal that may have been created in a project. |
| Manage portals | Allows access to the portal builder where, depending on project settings, new portals may be created, and existing portals may be edited and deleted. This capability requires the following portals capabilities: View portals. |
| Submit Documents | Allows a user to upload documents to a project via the portal interface. This capability requires the following portals capabilities: View portals. |
Table 11. Actions
| Capability | Description |
|---|---|
| Perform Baili searches | Allows a user to directly search the British and Irish Legal Information Institute (Baili) records from within a project. This capability requires the following documents capabilities: View documents; Work with documents. |
| Perform Federated search In Development | If an integration with an archive or library has been set up, a user is able to search through these records directly within a project. |
| Send and receive chat messages In Development | If the chat feature is switched on, users may send and receive chat messages to and from other users that they have access to. |