Managing Study Roles

Vault CDMS offers a security model allowing users to have different roles in different studies. This model leverages the Study Role to define user access at the object level (in this case, the Study object), instead of at the account level. Your Study Role extends your permissions granted by your Security Profile. These combined represent the Study Role, a permission grouping that you can manage from Tools > System Tools > Role Management.

Users with the appropriate permissions can manage access to standard Vault CDMS functionality from Tools > EDC Tools and create custom study roles from Tools > System Tools > Role Management.

See Standard CDMS Security Profiles for a list of standard Security Profiles and Permissions Sets.

Prerequisites

Users with the Vault Owner security profile or the CDMS User Administrator study role can perform the actions described above by default. If your vault uses custom Study Roles, you must have the following permissions:

Type Permission Label Controls
Standard Tab System Tools Tab

Ability to access the Tools > System Tools tab

Functional Permission Manage Study Roles

Ability to create, edit, and delete custom Study Roles from Tools > System Tools > Role Management

If your Study contains restricted data, you must have the Restricted Data Access permission to view it.

Learn more about Study Roles.


Accessing Role Management

To access the Role Management area, click the Tools tab in the top navigation bar, and then click Role Management.

Tools > Role Management navigation tabs

Custom vs. Standard Study Roles

For your convenience, several standard Study Roles are available by default. You can assign these standard roles to users in your study, or you can assign your users custom roles. You can copy the standard Study Roles to use as a template when creating your custom roles as well.

Vault groups Study Roles in the role table by Custom and Standard. Standard Study Roles names start with “CDMS”. All other roles are custom Study Roles in your vault.

Custom and Standard Role Table Headers

Available Standard Study Roles

You can view a list of standard Study Roles and which permissions each role has here. The following standard Study Roles are available:

  • CDMS API Read Only: Users with this study role have read-only access to the CDMS API.
  • CDMS API Read Write: Users with this study role have read and write access to the CDMS API.
  • CDMS Assessment Editor: Users with this role are able to view and perform clinical assessments and view supplemental data related to those assessments.
  • CDMS Assessment Reader: Users with this role are able to view clinical assessments and supplemental data related to those assessments.
  • CDMS Auditor Read Only: Users with this role have read-only access to Vault EDC and can generate PDFs.
  • CDMS Clinical Coder: Users with the CDMS Clinical Coder study role can access and use Vault Coder, as well as send queries to and receive queries from site users in Vault EDC.
  • CDMS Clinical Coder Administrator: Users with the CDMS Clinical Coder Administrator study role can access and use Vault Coder, as well as use the Coder Tools administration area to manage application- and study-level settings for Vault Coder.
  • CDMS Clinical Coder Manager: Users with the CDMS Clinical Coder study role can access and use Vault Coder, and they can approve Code Requests coded by clinical coders.
  • CDMS Clinical Research Associate: Users the CDMS Clinical Research Associate study role can use Vault EDC to perform SDV, close queries, freeze data, access reports, and create PDFs.
  • CDMS Clinical Research Coordinator: Users with the CDMS Clinical Research Coordinator study role can use Vault EDC's to create Casebooks, fill and submit case report Forms, answer queries, access reports, and create PDFs.
  • CDMS Data Manager: Users with the CDMS Data Manager study role can use Vault EDC to perform data management review, view DMR, create PDFs, access reports, and lock data.
  • CDMS Deployment Administrator: Users with the CDMS Deployment Administrator role can create new study environments and deploy a study from one environment to another.
  • CDMS Labs Data Manager: Users with this role have access to all functions within the Labs tab.
  • CDMS Lead Data Manager: Users with this role have the ability to create and close queries, perform DMR, lock data, lock studies and sites, and generate PDFs. They can also interact with the EDC Tools area, with the ability to manage amendments, sites, study countries, query rules, and run ad hoc and schedule recurring jobs.
  • CDMS Librarian: Users with the CDMS Librarian role can create, manage, and test study designs within library _Collections_.
  • CDMS Principal Investigator: Users with this role can use Vault EDC to create Casebooks, fill and submit case report Forms, answer queries, access reports, provide signatures, and create PDFs.
  • CDMS Randomization Manager: Users with this role are able to configure Randomization and manage Randomization Lists.
  • CDMS Safety Administrator: Users with this role have access to EDC Tools > Safety Configuration to set up the Safety Clinical Data Link in their study.
  • CDMS Study Designer: Users with the CDMS Study Designer study role can use Vault EDC Studio to design their studies in non-production environments.
  • CDMS Study Designer Read Only: Users with the CDMS Study Designer Read Only study role can access Studio in read-only mode.
  • CDMS Sub Investigator: Users with the CDMS Sub Investigator study role can use Vault EDC to create Casebooks, fill and submit case report Forms, answer queries, access reports, and create PDFs.
  • CDMS Super User: Users with this study role can access all areas of the application and perform all actions within those areas. This role is only available in non-production environments.
  • CDMS User Administrator: Users with this role can manage user accounts and access within Vault CDMS.

Viewing Roles

In the Role Management tab, Vault CDMS displays Study Roles and their permissions as a table. Each column represents a Study Role, and each row in the table represents a functional permission.

Functional permissions are divided into three (3) sections: Standard Tabs, Permissions, and User Defined Objects. If multi-role security is enabled in your vault, then there is also a User Defined Permission Sets section. In the Standard Tabs section, there is a permission row for the ability to access each standard navigation tab. In the Permissions section, there is a row for each standard function, such as Data Entry or Add Casebook, that a user may perform in Vault CDMS. Lastly, in the User Defined Objects section, there is a row for each qualifying custom object, and three rows for the Read, Edit, and Delete permissions on that object. In the User Defined Permission Sets section, there is a row for each User Defined Permission Set configured for the vault, which can control the ability to access user defined objects and tabs.

Role Management role table

For each Study Role column, Vault displays the number of users that are assigned that Study Role in the Number of Users row.

Number of users row

You can click on the Number to view a list of those Users. From that dialog, you can filter the list by Study or search for a specific User.

Users with the CRA role dialog

Collapse & Expand Permission Sections

Vault groups functional permissions together. For easier viewing, you can collapse and expand sections as you scroll through the page.

Click the Collapse () or Expand () buttons to collapse and expand sections.

Exporting the Role & Permission Matrix to Excel™

You can export a list of Study Roles, both standard and custom, and the permissions assigned to them as an Excel™ spreadsheet.

To export role mappings:

  1. Navigate to Tools > System Tools > Role Management.
  2. Click Download. Download button

  3. Vault creates your export file (“Role Management {DateTime}.xlsx”) and the download begins right away. When finished, you can open the file in Excel™.

Creating & Editing Roles

You can create and edit custom Study Roles from Tools > Role Management. See details here.

Functional Permissions

The functional permissions listed in Role Management represent a combination of Application Role and Security Profile based permissions. In Tools > Role Management, each row represents either a functional permission or the ability to access a standard tab (such as Data Entry or Coder) in Vault CDMS. A selected (checked) permission indicates that a role has this permission.

This table lists each functional permission and a description of what it controls.

Standard Tabs

You can control access to the following standard tabs from the Standard Tabs section of the role table:

Field Controls
Assessments Tab

Ability to access the Assessments tab

Coder Tab

Ability to access the Coder tab

Coder Tools Tab

Ability to access the Coder Tools tab

Data Entry Tab

Ability to access the Data Entry tab

EDC Tools Tab

Ability to access the EDC Tools tab

Labs Tab

Ability to access the Labs tab

Library Tab

Ability to access the Library tab

Protocol Deviations Tab

Ability to access the Protocol Deviations tab

Randomization Tab

Ability to access the Randomization tab

Reports Dashboards Tab

Ability to access the Reports and Dashboards tabs

Review Tab

Ability to access the Review tab

Studio Tab

Ability to access the Studio tab

System Tools Tab

Ability to access the Tools > System Tools tab

Permissions

You can control access to various application functions from the Permissions section of the role table:

Field Controls
Workbench Tab

Ability to access and use the Data Workbench application, via the Workbench tab

View SDV

Ability to view SDV status

Edit SDV

Ability to perform SDV

View Query

Ability to view queries

Close Query

Ability to close queries

Close All Queries

Ability to close all queries, regardless of which query team created the query

Open Query

Ability to create new (open) queries

Answer Query

Ability to answer queries

View DMR

Ability to view DMR status

Edit DMR

Ability to perform DMR

Sign

Ability to provide an electronic signature on study data

Run Rules

Ability to run rules from EDC Tools > Rules

Manage Coding Lists

Ability to create, edit, import, and export Synonym Lists and Do Not Autocode Lists in Coder Tools

Data Entry

Ability to enter study execution data

Freeze Data

Ability to freeze and unfreeze data

Lock Data

Ability to lock and unlock data

Generate Detail PDF

Ability to export detail PDFs

Generate Blank PDF

Ability to export blank PDFs

Manage Study Lock

Ability to lock and unlock Studies and Sites from EDC Tools

Manage Jobs

Ability to create, edit, and delete scheduled jobs

Manage Amendments

Ability to initiate subject transfers, retrospective amendments, and prospective casebook amendments, from EDC Tools

Manage FTP

Ability to create and edit FTP Connections in EDC Tools

Manage Study Countries

Ability to create and edit Study Countries in EDC Tools

View Study Sites

Ability to view Sites in EDC Tools

Edit Study Sites

Ability to create and edit Sites from EDC Tools

Manage Coder Study Settings

Ability to edit Study Settings in Coder Tools

Add Casebook

Ability to add new Casebooks

Delete Casebook

Ability to delete subject Casebooks and related object records

View Clinical Assessments

Ability to view completed Assessments

Edit Clinical Assessments

Ability to perform (edit) Assessments

Manage Assessments

Ability to assign Study Roles to Assessment Definitions from EDC Tools > Assessments

Manage Review Plan Assignment

Ability to access EDC Tools > Review Plan Assignments and update the study- and site-level templates

Manage Learning

Ability to assign learning system Curriculums to Study Roles from EDC Tools

Manage Safety Configuration

Ability to set up the Safety Clinical Data Link for a Study and map Items to their E2B elements

View Casebook

Ability to view information about and from subject Casebooks (for reports, dashboards, and CDBs)

View Protocol Deviations

Ability to view Protocol Deviations

Create Protocol Deviations

Ability to create Protocol Deviations

Design Study

Ability to create study design definitions and a study schedule from Studio

View LIbrary

Ability to view library Collections and their designs from Studio > Library

Design Library

Ability to create study design definitions and a study schedule for a Collection from Studio > Library

Manage Data and Definition Export

Ability to schedule the Data and Definition Export job

Schedule Reports

Ability to create and schedule flash reports

View Form Linking

Ability to view Form Links

Edit Form Linking

Ability to edit Form Links

View Study Design

View-only access to Study Design

Manage Email Group Assignment

Ability to assign users to an Email Group from EDC Tools > Email Group Assignment

Manage Study Roles

Ability to create, edit, and delete custom Study Roles from Tools > System Tools > Role Management

View Users

Ability to view Users and their access

Edit Users

Ability to create and edit Users and their access

Restricted Data Access

Ability to view restricted (blinded) Forms

Manage Study Deployments

Ability to create and manage study Environments and deploy Studies from EDC Tools, as well as manage and deploy vault-level configuration from Tools > System Tools

View Lab Locations and Normals

Ability to view all Lab Locations and Normals

Edit Lab Locations and Normals

Ability to edit all Lab Locations and Normals. This permission can also see all Studies that are impacted, though they don’t have access to Clinical Data

Manage Site Lab Assignment

Ability to associate Sites with Lab locations

Manage Lab Units and Codelist

Ability to update Lab units and codelists

Manage Lab Study Settings

Ability to configure Study Settings in Labs

Lab Mass Updates

Ability to view and run mass update jobs

View All Lab Settings

Ability to view all Lab configuration

View Lab Analyte Library

Ability to view Analytes in the Analyte Library

Edit Lab Analyte Library

Ability to edit and update Analytes in the Analyte Library

API Access

Ability to access and use the Vault CDMS API. (This permission is also required to use CDB.)

Approve Lab Normals

Ability to approve Lab normals and add/merge Lab locations

View Integration Mappings

Ability to view Integration Mappings from EDC Tools > Integration Configuration

Edit Integration Mappings

Ability to edit Integration Mappings from EDC Tools > Integration Configuration

Edit Protocol Deviations

Ability to edit Protocol Deviations

Accept Closeout PDF

Ability to accept or reject Closeout PDFs

Generate Closeout PDF

Ability to generate the Closeout PDFs for a locked Site from EDC Tools > Sites

Notify Sites of Closeout PDF

Ability to set reminders and send a notification to a Site that the Closeout PDFs are ready for review

Review Closeout PDF

Ability to download the Closeout PDFs for a Site

Randomize Subject

Ability for a Site to Randomize a Subject

Emergency Unmasking

Ability for a Site to use Emergency Unmasking during adverse events to view treatment. Login credentials are required. Emergency unmasking will be logged in an unblinding report and notification emails (if configured) will go out.

Configure Randomization

Access to the Randomization tab to configure Randomization settings

Manage Randomization List

Ability to upload a Randomization List

View Randomization Enrollment

Ability to see a list of all Sites/Subjects as they are randomized

View Unmasked Data

Ability to see all unmasked Site/Subject data in the Randomization tab

View Randomization Kit/Device

Ability to view list to see what device/kit has been used and what’s available in the Randomization tab.

Reveal Treatment

Ability for a Site to see what treatment has been given to a subject. Login credentials are required. Not considered an emergency unmasking. Must have view data entry access.

Invalidate Randomization

Ability to invalidate the Randomization record in the Randomization tab

View Code

Ability to view coding progress

Assign Code

Ability to assign codes in Coder

Approve Code

Ability to approve or reject assigned codes in Coder

Edit CQL

Ability to edit the CQL statement for a listing in the CQL Editor

Modify Listing

Ability to edit the CQL statement and properties of private listings (Includes public and export listings when combined with the Public Access permission)

Create Listing

Ability to create private listings (Includes public and export listings when combined with the Public Access permission)

Delete Listing

Ability to delete a public listing

Generate CSV

Ability to generate a CSV for a listing

Public Access

Ability to create or modify a public listing, when combined with the Create Listing and Modify Listing permissions

View Listings

Ability to access the Listings page

View CDB Queries

Ability to access the Queries page and view Queries within Workbench

View Export

Ability to access the Export page

Create Export Definition

Ability to create and copy Export Definitions

Generate Export Package

Ability to generate a CSV or SAS export package

Delete Export Definition

Ability to delete an Export Definition

View Export Packages

Ability to access Export > Packages to view generated export packages

View Import

Ability to access the Import page

Download Import Package

Ability to download import packages

View Admin

Ability to access the Admin page

Standard Study Roles & Security Profiles

21R1 & Earlier

The following Study Roles are standard and available as part of the CDMS Role by Study feature.

Study Roles related to the CDMS Role by Study feature have “CDMS” in their name. Any roles without “CDMS” instead are custom Study Roles in your vault. Each standard Study Role has a standard Security Profile assigned. See details about standard Security Profiles here.

In vaults created after the 21R2 (August 2021) release, or vaults where multi-role security has been enabled, all Study Roles use the same Security Profile, CDMS All Access.

Role Security Profile Description
CDMS API Read Only CDMS API Read Only

Users with this study role have read-only access to the CDMS API.

CDMS API Read Write CDMS API Read Write

Users with this study role have read and write access to the CDMS API.

CDMS Assessment Editor CDMS Assessment Editor

Users with this role are able to view and perform clinical assessments and view supplemental data related to those assessments.

CDMS Assessment Reader CDMS Assessment Reader

Users with this role are able to view clinical assessments and supplemental data related to those assessments.

CDMS Auditor Read Only CDMS Auditor Read Only

Users with this role have read-only access to Vault EDC and can generate PDFs.

CDMS Clinical Coder CDMS Clinical Coder

Users with the CDMS Clinical Coder study role can access and use Vault Coder, as well as send queries to and receive queries from site users in Vault EDC.

CDMS Clinical Coder Administrator CDMS Clinical Coder Administrator

Users with the CDMS Clinical Coder Administrator study role can access and use Vault Coder, as well as use the Coder Tools administration area to manage application- and study-level settings for Vault Coder.

CDMS Clinical Coder Manager CDMS Clinical Coder Manager

Users with the CDMS Clinical Coder study role can access and use Vault Coder, and they can approve Code Requests coded by clinical coders.

CDMS Clinical Research Associate CDMS Clinical Research Associate

Users the CDMS Clinical Research Associate study role can use Vault EDC to perform SDV, close queries, freeze data, access reports, and create PDFs.

CDMS Clinical Research Coordinator CDMS Clinical Research Coordinator

Users with the CDMS Clinical Research Coordinator study role can use Vault EDC’s to create Casebooks, fill and submit case report Forms, answer queries, access reports, and create PDFs.

CDMS Data Manager CDMS Data Manager

Users with the CDMS Data Manager study role can use Vault EDC to perform data management review, view DMR, create PDFs, access reports, and lock data.

CDMS Deployment Administrator CDMS Deployment Administrator

Users with the CDMS Deployment Administrator role can create new study environments and deploy a study from one environment to another.

CDMS Labs Data Manager CDMS Labs Data Manager

Users with this role have access to all functions within the Labs tab.

CDMS Lead Data Manager CDMS Lead Data Manager

Users with this role have the ability to create and close queries, perform DMR, lock data, lock studies and sites, and generate PDFs. They can also interact with the EDC Tools area, with the ability to manage amendments, sites, study countries, query rules, and run ad hoc and schedule recurring jobs.

CDMS Librarian CDMS Librarian

Users with the CDMS Librarian role can create, manage, and test study designs within library Collections.

CDMS Principal Investigator CDMS Principal Investigator

Users with this role can use Vault EDC to create Casebooks, fill and submit case report Forms, answer queries, access reports, provide signatures, and create PDFs.

CDMS Randomization Manager CDMS Randomization Manager

Users with this role are able to configure Randomization and manage Randomization Lists.

CDMS Safety Administrator CDMS Safety Administrator

Users with this role have access to EDC Tools > Safety Configuration to set up the Safety Clinical Data Link in their study.

CDMS Study Designer CDMS Study Designer

Users with the CDMS Study Designer study role can use Vault EDC Studio to design their studies in non-production environments.

CDMS Study Designer Read Only CDMS Study Designer Read Only

Users with the CDMS Study Designer Read Only study role can access Studio in read-only mode.

CDMS Sub Investigator CDMS Sub Investigator

Users with the CDMS Sub Investigator study role can use Vault EDC to create Casebooks, fill and submit case report Forms, answer queries, access reports, and create PDFs.

CDMS Super User CDMS Super User

Users with this study role can access all areas of the application and perform all actions within those areas. This role is only available in non-production environments.

CDMS User Administrator CDMS User Administrator

Users with this role can manage user accounts and access within Vault CDMS.