Vault EDC Security Profiles


In Vault, each user has an assigned license type and security profile. Each security profile has one or more permission sets. The license type, either Full User or Read-only User  is the first level of access control that vault applies to a user. Permission sets, applied through the user’s security profile, are the second level of access control. Both the license type and permission set must grant access to a user in order for that user to access the functionality.

Security Profiles

Security profiles are how Vault applies permission sets to individual users. Each profile has one or more associated permission sets.

Standard Security Profiles with Role by Study

19R1 & Later

Vault EDC includes several security profiles that are added with the enablement of Roles by Study. You can click down into each of these security profiles from within Admin > Users & Groups > Security Profiles to view which permissions are associated with each security profile.

Security Profile Permission Sets Description Study Roles
CDMS Auditor Read Only
  • CDMS All Objects Read Only
  • Data Entry Tab Access
This security profile is intended for use by read-only users, such as auditors. This security profile grants read-only access to the Data Entry tab. CDMS Auditor Read Only
CDMS Clinical Assessment Editor
  • Assessments Tab Access
  • CDMS All Objects Read Only
  • CDMS Execution Objects Full Access
This security profile grants access to the Assessments tab for the purpose of performing clinical assessments. CDMS Clinical Assessment Editor
CDMS Clinical Assessment Reader
  • Assessments Tab Access
  • CDMS All Objects Read Only
  • CDMS Execution Objects Full Access
This security profile grants access to the Assessments tab for the purpose of viewing completed clinical assessments. CDMS Clinical Assessment Reader
CDMS Clinical Research Associate
  • CDMS All Objects Read Only
  • CDMS Execution Objects Full Access
  • Jobs Access
  • Reports Tab Access
  • Review Tab Access
This security profile grants access to the Review, Reports, and Dashboards tabs for the purpose of running jobs, viewing reports and dashboards, viewing study execution data, and performing various other review tasks. CDMS Clinical Research Associate
CDMS Clinical Research Coordinator
  • CDMS All Objects Read Only
  • CDMS Execution Objects Full Access
  • Data Entry Tab FUll Access
This security profile grants access to the Data Entry tab for the purpose of entering study execution data, and answering queries. CDMS Clinical Research Coordinator
CDMS Data Manager
  • CDMS All Objects Read Only
  • CDMS Execution Objects Full Access
  • Jobs Access
  • Reports Tab Access
  • Review Tab Access
This security profile grants access to the Review, Reports, and Dashboards tabs for the purpose of running jobs, viewing reports and dashboards, viewing study execution data, and performing various other data management tasks. CDMS Data Manager
CDMS Deployment Administrator
  • CDMS All Objects Read Only
  • CDMS Definition Objects Full Access
  • CDMS Deployment Objects Full Access
  • CDMS Execution Objects Full Access
  • EDC Tools Tab Access
  • Jobs Access
  • Job Schedule Access
  • Studio Tab Access
This security profile is intended for use by the deployment administrator. This security profile grants access to all objects and application areas required for managing automated deployments. CDMS Deployment Administrator
CDMS Lead Data Manager
  • CDMS All Objects Read Only
  • CDMS Execution Objects Full Access
  • EDC Tools Tab Access
  • Jobs Access
  • Job Schedule Access
  • Reports Tab Access
  • Review Tab Access
This security profile grants access to EDC Tools and the Review tab, to run and schedule jobs, view reports and dashboards, view study execution data, and to perform various other study administration and data management tasks. CDMS Data Manager
CDMS Principal Investigator
  • CDMS All Objects Read Only
  • CDMS Execution Objects Full Access
  • Data Entry Tab FUll Access
This security profile grants access to the Data Entry tab for the purpose of entering study execution data, answering queries, and providing signatures. CDMS Principal Investigator
CDMS Sub Investigator
  • CDMS All Objects Read Only
  • CDMS Execution Objects Full Access
  • Data Entry Tab FUll Access
This security profile grants access to the Data Entry tab for the purpose of entering study execution data, and answering queries. CDMS Sub Investigator
CDMS Study Designer
  • API Access
  • CDMS All Objects Read Only
  • CDMS Definition Objects Full Access
  • Jobs Access
  • Reports Tab Access
  • Studio Tab Access
This security profile grants access to EDC Studio with the ability to create and edit design objects, view reports and dashboards, initiate jobs from within Studio, and access the Vault CDMS API. CDMS Study Designer
CDMS Study Designer Read Only
  • CDMS All Objects Read Only
  • Studio Tab Access
This security profile grants read-only access to the Studio area. CDMS Study Designer Read Only
CDMS User Administrator
  • API Access
  • CDMS All Objects Read Only
  • CDMS Definition Objects Full Access
  • CDMS Execution Objects Full Access
  • Coder Tab Access
  • Coder Tools Tab Access
  • Data Entry Tab Access
  • EDC Tools Tab Access
  • Jobs Access
  • Job Schedule Access
  • Reports Tab Access
  • Review Tab Access
  • Studio Tab Access
  • User Access
This security profile is intended for use by dedicated user administrators, for the purpose of managing user accounts and study access only. This security profile grants total access to Vault CDMS. CDMS User Administrator
Data Entry
  • CDMS All Objects Read Only
  • CDMS Execution Objects Full Access
  • Data Entry Tab FUll Access
This security profile grants access to the Data Entry tab for the purpose of entering study execution data, answering queries, and providing signatures. This security profile is no longer mapped by default to any standard roles. Previously, it was mapped to:
  • CDMS Principal Investigator
  • CDMS Sub Investigator
  • CDMS Clinical Research Coordinator
Vault Owner
  • Business Administrator Actions
  • System Administrator Actions
  • Vault Owner Actions
In addition to the Vault platform Vault Owner permissions, Vault Owners in CDMS can perform any and all tasks available in Vault CDMS. This security profile can also access the Vault Admin area. N/A

There are several other standard security profiles available in your vault as part of the Vault Platform. We recommend that you only use the security profiles listed here or custom security profiles, as the other standard profiles may not have functional access to CDMS application functionality.

In some cases, you may want to create custom Security Profiles. For example, to create a profile that allows a user to access the Data Entry area, but not view the Reports tab. You can create a custom security profile and assign standard Permission Sets to it. See details about creating Security Profiles here.

Standard Security Profiles without Role by Study

Prior to 19R1

Vault EDC includes several standard security profiles:

Known Issue:
In the current release, users with the EDC Lead Data Manager and EDC Data Manager security profiles have access to the Vault Business Admin area by default.
To remove this access, [create a new security profile]({{ ‘/platform/security/managing-security-profiles-permission-sets/’ | prepend: site.baseurl }}) without the Study Jobs permission set, and assign it to your data manager users.
Security Profile Permission Sets Description Study Roles
EDC CRA
  • Base CRA Permissions
  • Base EDC User Permissions
  • Base Standard Template Report Permissions
This profile grants limited access to manage data. This profile provides the ability to perform SDV, close queries, freeze data, access reports, and create PDFs. EDC CRA
EDC Clinical Research Coordinator
  • Base EDC User Permissions
  • Base Site User Permissions
This profile grants full access to the data entry area. This profile provides the ability to answer queries, submit forms, and create blank PDFs. EDC Clinical Research Coordinator
EDC Data Manager
  • Base Data Manager Permissions
  • Base EDC User Permissions
  • Base Standard Template Report Permissions
  • Study Jobs
This profile grants full access to manage data. This profile provides the ability to perform data management review, view DMR, create PDFs, access reports, and lock data. EDC Data Manager
EDC Deployment Administrator
  • CDMS Definition Objects Read Only
  • CDMS Deployment Objects Full Access
  • EDC Tools Tab Access
  • Studio Tab Access
This security profile is intended for use by the deployment administrator. This security profile grants access to all objects and application areas required for managing automated deployments. EDC Deployment Administrator
EDC Investigator
  • Base EDC User Permissions
  • Base Site User Permissions
  • Base Standard Template Report Permissions
  • EDC Investigator Permission
This profile grants full access to the data entry area. This profile provides the ability to answer queries, submit forms, access reports, provide an eSignature, and create PDFs. EDC Investigator
EDC Lead CRA
  • Base CRA Permissions
  • Base EDC User Permissions
  • Base Standard Template Report Permissions
This profile grants limited access to manage data. This profile provides the ability to perform SDV, close queries, freeze data, access reports, and create PDFs. EDC Lead CRA
EDC Lead Data Manager
  • Base Data Manager Permissions
  • Base EDC User Permissions
  • Base Standard Template Report Permissions
  • EDC Study Tools Permissions
  • Jobs Access
  • Job Schedule Access
  • Study Jobs
  • User Access
This profile grants full access to manage data. This profile provides the ability to perform data management review, view DMR, create PDFs, access reports, and lock data. This profile also has access to the EDC Tools area by default. EDC Lead Data Manager
EDC Reviewer
  • Base EDC User Permissions
  • EDC Reviewer Permissions
This grants read-only access. This security profile provides the ability to create a PDF. EDC Reviewer
Vault Owner
  • Business Administrator Actions
  • System Administrator Actions
  • Vault Owner Actions
In addition to the Vault platform Vault Owner permissions, Vault Owners in CDMS can perform any and all tasks available in Vault CDMS. This security profile can also access the Vault Admin area. N/A