Managing Study Roles

Vault CDMS offers a security model allowing users to have different roles in different studies. This model leverages the Study Role to define user access at the object level (in this case, the Study object), instead of at the account level. Your Study Role extends your permissions granted by your Security Profile. These combined represent the Study Role, a permission grouping that you can manage from Tools > System Tools > Role Management.

Users with the appropriate permissions can manage access to standard Vault CDMS functionality from Tools > EDC Tools and create custom study roles from Tools > System Tools > Role Management.

See Standard CDMS Security Profiles for a list of standard Security Profiles and Permissions Sets.

Prerequisites

Users with the Vault Owner security profile or the CDMS User Administrator study role can perform the actions described above by default. If your vault uses custom Study Roles, you must have the following permissions:

Type Permission Label Controls
Standard Tab System Tools Tab

Ability to access the Tools > System Tools tab

Functional Permission Manage Study Roles

Ability to create, edit, and delete custom Study Roles from Tools > System Tools > Role Management

If your Study contains restricted data, you must have the Restricted Data Access permission to view it.

Learn more about Study Roles.


Accessing Role Management

To access the Role Management area, click the Tools tab in the top navigation bar, and then click System Tools. By default, this opens the Role Management page.

Custom vs. Standard Study Roles

For your convenience, several standard Study Roles are available by default. You can assign these standard roles to users in your study, or you can assign your users custom roles. You can copy the standard Study Roles to use as a template when creating your custom roles as well.

Vault groups Study Roles in the role table by Custom and Standard. Standard Study Roles names start with “CDMS”. All other roles are custom Study Roles in your vault.

Custom and Standard Role Table Headers

Available Standard Study Roles

You can view a list of standard Study Roles and which permissions each role has here. The following standard Study Roles are available:

  • CDB API Read Write:

    Users with this study role have read and write access to the CDB API.

  • CDMS API Read Only:

    Users with this study role have read-only access to the CDMS API.

  • CDMS API Read Write:

    Users with this study role have read and write access to the CDMS API. This role requires All Sites access.

  • CDMS Auditor Read Only:

    Users with this role have read-only access to Vault EDC and can generate PDFs.

  • CDMS CDB Programmer:

    Users with this study role can create and manage listings, checks, and views in their Workbench test environments while having view access only in production environment. Users are able to schedule exports, manage key mappings, and access CDB Tools in both environment types.

  • CDMS CDB Read-only:

    CDB Read Only can access both the Workbench and Clinical Reporting applications, allowing a user to view listings, and import and export information, but without the ability to create or mark listings as reviewed, to create queries, or to create export definitions.

  • CDMS Clinical Coder:

    Users with the CDMS Clinical Coder study role can access and use Vault Coder, as well as send queries to and receive queries from site users in Vault EDC. This role requires All Sites access.

  • CDMS Clinical Coder Administrator:

    Users with the CDMS Clinical Coder Administrator study role can access and use Vault Coder, as well as use the Coder Tools administration area to manage application- and study-level settings for Vault Coder. This role requires All Sites access.

  • CDMS Clinical Coder Manager:

    Users with the CDMS Clinical Coder study role can access and use Vault Coder, and they can approve Code Requests coded by clinical coders. This role requires All Sites access.

  • CDMS Clinical Research Associate:

    Users the CDMS Clinical Research Associate study role can use Vault EDC to perform SDV, close queries, freeze data, access reports, and create PDFs.

  • CDMS Clinical Research Coordinator:

    Users with the CDMS Clinical Research Coordinator study role can use Vault EDC’s to create Casebooks, fill and submit case report Forms, answer queries, access reports, and create PDFs.

  • CDMS Data Loader:

    Users with this study role have permission to load third party data into Vault EDC via the Data Loader.

  • CDMS Data Manager:

    Users with the CDMS Data Manager study role can use Vault EDC to perform data management review, view DMR, create PDFs, access reports, and lock data.

  • CDMS Deployment Administrator:

    Users with the CDMS Deployment Administrator role can create new study environments and deploy a study from one environment to another.

  • CDMS Labs Data Manager:

    Users with this role have access to all functions within the Labs tab.

  • CDMS Lead Data Manager:

    Users with this role have the ability to create and close queries, perform DMR, lock data, lock studies and sites, and generate PDFs. They can also interact with the EDC Tools area, with the ability to manage amendments, sites, study countries, query rules, and run ad hoc and schedule recurring jobs.

  • CDMS Librarian:

    Users with the CDMS Librarian role can create, manage, and test study designs within library Collections.

  • CDMS Medical Assessment Editor:

    Users with this role are able to view and perform clinical assessments and view supplemental data related to those assessments.

  • CDMS Medical Assessment Reader:

    Users with this role are able to view clinical assessments and supplemental data related to those assessments.

  • CDMS Principal Investigator:

    Users with this role can use Vault EDC to create Casebooks, fill and submit case report Forms, answer queries, access reports, provide signatures, and create PDFs.

  • CDMS Randomization Manager:

    Users with this role are able to configure Randomization and manage Randomization Lists.

  • CDMS Safety Administrator:

    Users with this role have access to EDC Tools > Safety Configuration to set up the Safety Clinical Data Link in their study.

  • CDMS Study Designer:

    Users with the CDMS Study Designer study role can use Vault EDC Studio to create and design their studies in non-production environments.

  • CDMS Study Designer Read Only:

    Users with the CDMS Study Designer Read Only study role can access Studio in read-only mode.

  • CDMS Sub Investigator:

    Users with the CDMS Sub Investigator study role can use Vault EDC to create Casebooks, fill and submit case report Forms, answer queries, access reports, and create PDFs.

  • CDMS Super User:

    Users with this study role can access all areas of the application and perform all actions within those areas. This role is only available in non-production environments.

  • CDMS User Administrator:

    Users with this role can manage user accounts and access within Vault CDMS.

Viewing Roles

In the Role Management tab, Vault CDMS displays Study Roles and their permissions as a table. Each column represents a Study Role, and each row in the table represents a functional permission.

Functional permissions are divided into three (3) sections: Standard Tabs, Permissions, and User Defined Objects. If multi-role security is enabled in your vault, then there is also a User Defined Permission Sets section. In the Standard Tabs section, there is a permission row for the ability to access each standard navigation tab. In the Permissions section, there is a row for each standard function, such as Data Entry or Add Casebook, that a user may perform in Vault CDMS. Lastly, in the User Defined Objects section, there is a row for each qualifying custom object, and three rows for the Read, Edit, and Delete permissions on that object. In the User Defined Permission Sets section, there is a row for each User Defined Permission Set configured for the vault, which can control the ability to access user defined objects and tabs. Hover over a cell to display the related permission and role.

Role Management role table

For each Study Role column, Vault displays the number of users that are assigned that Study Role in the Number of User Assignments row.

Number of users row

You can click on the Number to view a list of those Users. From that dialog, you can filter the list by Study or search for a specific User.

Users with the CRA role dialog

Collapse & Expand Permission Sections

Vault groups functional permissions together. For easier viewing, you can collapse and expand sections as you scroll through the page.

Click the Collapse () or Expand () buttons to collapse and expand sections.

Exporting the Role & Permission Matrix to Excel™

You can export a list of Study Roles, both standard and custom, and the permissions assigned to them as an Excel™ spreadsheet.

To export role mappings:

  1. Navigate to Tools > System Tools > Role Management.
  2. Click Download. Download button

  3. Vault creates your export file (“Role Management {DateTime}.xlsx”) and the download begins right away. When finished, you can open the file in Excel™.

Creating & Editing Roles

You can create and edit custom Study Roles from Tools > Role Management. See details here.

Functional Permissions

The functional permissions listed in Role Management represent a combination of Application Role and Security Profile based permissions. In Tools > Role Management, each row represents either a functional permission or the ability to access a standard tab (such as Data Entry or Coder) in Vault CDMS. A selected (checked) permission indicates that a role has this permission.

This table lists each functional permission and a description of what it controls.

Standard Tabs

You can control access to the following standard tabs from the Standard Tabs section of the role table:

Field Controls
Assessments Tab

Ability to access the Assessments tab

Coder Tab

Ability to access the Coder tab

Coder Tools Tab

Ability to access the Coder Tools tab

Data Entry Tab

Ability to access the Data Entry tab

Data Loader Tab

Ability to access the Data Loader tab

EDC Tools Tab

Ability to access the EDC Tools tab

Labs Tab

Ability to access the Labs tab

Library Tab

Ability to access the Library tab

Protocol Deviations Tab

Ability to access the Protocol Deviations tab

Randomization Tab

Ability to access the Randomization tab

Reports Dashboards Tab

Ability to access the Reports and Dashboards tabs

Review Tab

Ability to access the Review tab

Studio Tab

Ability to access the Studio tab

Study Grade Tab

Ability to access the Study Grade tab

System Tools Tab

Ability to access the Tools > System Tools tab

Safety Integrations Tab

Ability to access the Tools > Safety Integrations tab

Permissions

You can control access to various application functions from the Permissions section of the role table:

Field Controls
Clinical Reporting Tab

Ability to access EDC Clinical Reporting via the Clinical Reporting tab. Note that EDC Clinical Reporting is only available in production environments.

Workbench Tab

Ability to access and use the Data Workbench application, via the Workbench tab

View SDV

Ability to view SDV status

Edit SDV

Ability to perform SDV

View Query

Ability to view queries

Close Query

Ability to close queries

Close All Queries

Ability to close all queries, regardless of which query team created the query

Open Query

Ability to create new (open) queries and comment on queries without moving them into the Answered status

Answer Query

Ability to answer queries, moving them into the Answered status. This permission doesn’t provide the ability to open queries.

View DMR

Ability to view DMR status

Edit DMR

Ability to perform DMR

Sign

Ability to provide an electronic signature on study data

Run Rules

Ability to run rules from EDC Tools > Rules

View Import History

Ability to access the Import History subtab within the Data Loader tab

Load Data

Ability to access the Import subtab within the Data Loader tab. Ability to edit the fields on the Import page and to run the Preview and Import jobs

Manage Coding Lists

Ability to create, edit, import, and export Synonym Lists and Do Not Autocode Lists in Coder Tools

Data Entry

Ability to enter study execution data

Freeze Data

Ability to freeze and unfreeze data

Lock Data

Ability to lock and unlock data

Generate Detail PDF

Ability to export detail PDFs

Generate Blank PDF

Ability to export blank PDFs

Manage Study Milestones

Ability to lock and unlock Studies and Sites, as well as set the Billing Status for study environments from EDC Tools

Manage Study Priority

Ability to mark a study as a priority or remove priority from a study

View Classification

Ability to view Classifications in a library collection

Edit Classification

Ability to create and edit Classifications and their Values in a library collection

Edit Study Settings

Ability to edit the Study Settings available in EDC Tools

Configure Queries

This permission was added to support features in a future release.

Manage Jobs

Ability to create, edit, and delete scheduled jobs

Manage Amendments

Ability to initiate subject transfers and retrospective amendments from EDC Tools

Manage FTP

Ability to create and edit FTP Connections in EDC Tools

Manage Study Countries

Ability to create and edit Study Countries in EDC Tools

View Study Sites

Ability to view Sites in EDC Tools

Edit Study Sites

Ability to create and edit Sites from EDC Tools

Manage Coder Study Settings

Ability to edit Study Settings in Coder Tools

Add Casebook

Ability to add new Casebooks

Delete Casebook

Ability to delete subject Casebooks with or without data and related object records

View Clinical Assessments

Ability to view completed Assessments

Edit Clinical Assessments

Ability to perform (edit) Assessments

Manage Assessments

Ability to assign Study Roles to Assessment Definitions from EDC Tools > Assessments

Manage Review Plan Assignment

Ability to access EDC Tools > Review Plan Assignments and update the study- and site-level templates

Manage Review Plan Assignment Criteria

Ability to access EDC Tools > Review Plan Assignment Criteria and update study- and site-level templates for assignment

Manage Review Plan Manual Assignment

Ability to access EDC Tools > Review Plan Manual Assignment and manually assign Review Plans

Manage Learning

Ability to assign learning system Curriculums to Study Roles from EDC Tools

View Safety Cases

Ability to view Safety Case banners

Manage Safety Configuration

Ability to set up the Safety Clinical Data Link for a Study and map Items to their E2B elements

View Safety Integrations

Ability to view the safety configurations available for a Study in Tools > Safety Integrations in read-only mode

Manage Safety Integrations

Ability to modify the safety configurations available for a Study in Tools > Safety Integrations

View Casebook

Ability to view information about and from subject Casebooks (for reports, dashboards, and CDBs)

View Protocol Deviations

Ability to view Protocol Deviations

Create Protocol Deviations

Ability to create Protocol Deviations

Design Study

Ability to create study design definitions and a study schedule from Studio

View Study Grade

Ability to view Study Grade records

View Library

Ability to view library Collections and their designs from Studio > Library

Design Library

Ability to create study design definitions and a study schedule for a Collection from Studio > Library

Manage Data and Definition Export

Ability to schedule the Data and Definition Export job

Schedule Reports

Ability to create and schedule flash reports

View Form Linking

Ability to view Form Links

Edit Form Linking

Ability to edit Form Links

View Study Design

View-only access to Study Design

Manage Email Group Assignment

Ability to assign users to an Email Group from EDC Tools > Email Group Assignment

Manage Study Roles

Ability to create, edit, and delete custom Study Roles from Tools > System Tools > Role Management

View Users

Ability to view Users and their access

Edit Users

Ability to create and edit Users and their access

Vault Configuration Report

Ability to generate a Vault Configuration Report

Restricted Data Access

Ability to view restricted (blinded) Forms and Studies that contain restricted data

Manage Deployments

Ability to create and manage study Environments and deploy Studies from EDC Tools, manage and deploy vault-level configuration from Tools > System Tools, and manage and deploy listings, checks, and views in CDB

View Lab Locations and Normals

Ability to view all Lab Locations and Normals

Edit Lab Locations and Normals

Ability to edit all Lab Locations and Normals. This permission can also see all Studies that are impacted, though they don’t have access to Clinical Data

Manage Site Lab Assignment

Ability to associate Sites with Lab locations

Manage Lab Units and Codelist

Ability to update Lab units and codelists

Manage Lab Study Settings

Ability to configure Study Settings in Labs

Lab Mass Updates

Ability to view and run mass update jobs

View All Lab Settings

Ability to view all Lab configuration

View Lab Analyte Library

Ability to view Analytes in the Analyte Library

Edit Lab Analyte Library

Ability to edit and update Analytes in the Analyte Library

API Access

Ability to access and use the Vault CDMS API. (This permission is also required to use CDB.)

Approve Lab Normals

Ability to approve Lab normals and add/merge Lab locations

View Integration Mappings

Ability to view Integration Mappings from EDC Tools > Integration Configuration

Edit Integration Mappings

Ability to edit Integration Mappings from EDC Tools > Integration Configuration

Edit Protocol Deviations

Ability to edit Protocol Deviations

View Snapshots

Ability to view Snapshots.

Manage Snapshots

Ability to create, edit, and overall manage Snapshots.

Accept Closeout PDF

Ability to accept or reject Closeout PDFs

Generate Closeout PDF

Ability to generate the Closeout PDFs for a locked Site from EDC Tools > Sites

Notify Sites of Closeout PDF

Ability to set reminders and send a notification to a Site that the Closeout PDFs are ready for review

Review Closeout PDF

Ability to download the Closeout PDFs for a Site

Randomize Subject

Ability for a Site to Randomize a Subject

Emergency Unmasking

Ability for a Site to use Emergency Unmasking during adverse events to view treatment. Login credentials are required. Emergency unmasking will be logged in an unblinding report and notification emails (if configured) will go out. Note that this is only applicable to grandfathered studies.

Configure Randomization

Access to the Randomization tab to configure Randomization settings

Manage Randomization List

Ability to upload a Randomization List

View Randomization Enrollment

Ability to see a list of all Sites/Subjects as they are randomized

View Unmasked Data

Ability to see all unmasked Site/Subject data in the Randomization tab

View Randomization Kit/Device

Ability to view list to see what device/kit has been used and what’s available in the Randomization tab.

Reveal Treatment

Ability for a Site to see what treatment has been given to a subject. Login credentials are required. Not considered an emergency unmasking. Must have view data entry access. Note that this is only applicable for grandfathered studies.

Invalidate Randomization

Ability to invalidate the Randomization record in the Randomization tab

Copy Study Data to PPT

Ability to copy study data to PPT environment

View Code

Ability to view coding progress

Assign Code

Ability to assign codes in Coder

Approve Code

Ability to approve or reject assigned codes in Coder

Answer 3rd Party Queries

Ability to answer queries on third party data items in Workbench

Edit CQL

Ability to edit the CQL statement for a listing in the CQL Editor

Modify Listing

Ability to edit the CQL statement and properties of private listings (includes public listings, export listings, and check listings when combined with the Public Access permission)

Create Listing

Ability to create private listings (includes public listings, export listings, and check listings when combined with the Public Access permission)

Delete Listing

Ability to delete a public listing or check

Generate CSV

Ability to generate a CSV for a listing, view, or check

Public Access

Ability to create or modify a public listing, when combined with the Create Listing and Modify Listing permissions

View Selected Listings

Ability to view selected listings (selected in Workbench > Admin > Users) in CDB

Manage Sources

Abiltiy to view and manage Sources from the import of third party data in CDB

Manage Unblinding Rules

Abiltiy to create and manage Unblinding Rules for the conditional unblinding of data in CDB

View All Listings

Ability to view all listings

View Selected CDB Query Listings

Ability to view selected query listings (selected in Workbench > Admin > Users) in CDB

View All CDB Query Listings

Ability to view all query listings

View Export

Ability to access the Export page

Create Export Definition

Ability to create and copy Export Definitions

Generate Export Package

Ability to generate a CSV or SAS export package

Delete Export Definition

Ability to delete an Export Definition

View Export Packages

Ability to access Export > Packages to view generated export packages

View Import

Ability to access the Import page

Download Import Package

Ability to download import packages

Approve Import

Ability to approve or reject an import package that contains configuration changes

View Admin

Ability to access the Admin page

Manage Key Mappings

Ability to create and manage key mappings for import

Browse View

Ability to access the Views tab within Workbench and browse Views. Ability to save a View as a Check

Create View

Ability to create new Views in Workbench

Modify View

Ability to edit (modify) existing Views in Workbench

Delete View

Ability to delete Views in Workbench

CDB Tools

Ability to access the CDB Tools area of Workbench

Configure CDB

Ability to configure settings for Core Listings in Workbench

Migrate Reviews

This permission was added in support of a feature in a future release.

Set Reviews

This permission was added in support of a feature in a future release.

Delete Data Sources

This permission was added in support of a feature in a future release.

Standard Study Roles & Security Profiles

21R1 & Earlier

The following Study Roles are standard and available as part of the CDMS Role by Study feature.

Study Roles related to the CDMS Role by Study feature have “CDMS” in their name. Any roles without “CDMS” instead are custom Study Roles in your vault. Each standard Study Role has a standard Security Profile assigned. See details about standard Security Profiles here.

In vaults created after the 21R2 (August 2021) release, or vaults where multi-role security has been enabled, all Study Roles use the same Security Profile, CDMS All Access.

Role Security Profile Description
CDB API Read Write CDB API Read Write

Users with this study role have read and write access to the CDB API.

CDMS API Read Only CDMS API Read Only

Users with this study role have read-only access to the CDMS API.

CDMS API Read Write CDMS API Read Write

Users with this study role have read and write access to the CDMS API. This role requires All Sites access.

CDMS Auditor Read Only CDMS Auditor Read Only

Users with this role have read-only access to Vault EDC and can generate PDFs.

CDMS CDB Programmer CDMS CDB Programmer

Users with this study role can create and manage listings, checks, and views in their Workbench test environments while having view access only in production environment. Users are able to schedule exports, manage key mappings, and access CDB Tools in both environment types.

CDMS CDB Read-only CDMS CDB Read-only

CDB Read Only can access both the Workbench and Clinical Reporting applications, allowing a user to view listings, and import and export information, but without the ability to create or mark listings as reviewed, to create queries, or to create export definitions.

CDMS Clinical Coder CDMS Clinical Coder

Users with the CDMS Clinical Coder study role can access and use Vault Coder, as well as send queries to and receive queries from site users in Vault EDC. This role requires All Sites access.

CDMS Clinical Coder Administrator CDMS Clinical Coder Administrator

Users with the CDMS Clinical Coder Administrator study role can access and use Vault Coder, as well as use the Coder Tools administration area to manage application- and study-level settings for Vault Coder. This role requires All Sites access.

CDMS Clinical Coder Manager CDMS Clinical Coder Manager

Users with the CDMS Clinical Coder study role can access and use Vault Coder, and they can approve Code Requests coded by clinical coders. This role requires All Sites access.

CDMS Clinical Research Associate CDMS Clinical Research Associate

Users the CDMS Clinical Research Associate study role can use Vault EDC to perform SDV, close queries, freeze data, access reports, and create PDFs.

CDMS Clinical Research Coordinator CDMS Clinical Research Coordinator

Users with the CDMS Clinical Research Coordinator study role can use Vault EDC’s to create Casebooks, fill and submit case report Forms, answer queries, access reports, and create PDFs.

CDMS Data Loader CDMS Data Loader

Users with this study role have permission to load third party data into Vault EDC via the Data Loader.

CDMS Data Manager CDMS Data Manager

Users with the CDMS Data Manager study role can use Vault EDC to perform data management review, view DMR, create PDFs, access reports, and lock data.

CDMS Deployment Administrator CDMS Deployment Administrator

Users with the CDMS Deployment Administrator role can create new study environments and deploy a study from one environment to another.

CDMS Labs Data Manager CDMS Labs Data Manager

Users with this role have access to all functions within the Labs tab.

CDMS Lead Data Manager CDMS Lead Data Manager

Users with this role have the ability to create and close queries, perform DMR, lock data, lock studies and sites, and generate PDFs. They can also interact with the EDC Tools area, with the ability to manage amendments, sites, study countries, query rules, and run ad hoc and schedule recurring jobs.

CDMS Librarian CDMS Librarian

Users with the CDMS Librarian role can create, manage, and test study designs within library Collections.

CDMS Medical Assessment Editor CDMS Medical Assessment Editor

Users with this role are able to view and perform clinical assessments and view supplemental data related to those assessments.

CDMS Medical Assessment Reader CDMS Medical Assessment Reader

Users with this role are able to view clinical assessments and supplemental data related to those assessments.

CDMS Principal Investigator CDMS Principal Investigator

Users with this role can use Vault EDC to create Casebooks, fill and submit case report Forms, answer queries, access reports, provide signatures, and create PDFs.

CDMS Randomization Manager CDMS Randomization Manager

Users with this role are able to configure Randomization and manage Randomization Lists.

CDMS Safety Administrator CDMS Safety Administrator

Users with this role have access to EDC Tools > Safety Configuration to set up the Safety Clinical Data Link in their study.

CDMS Study Designer CDMS Study Designer

Users with the CDMS Study Designer study role can use Vault EDC Studio to create and design their studies in non-production environments.

CDMS Study Designer Read Only CDMS Study Designer Read Only

Users with the CDMS Study Designer Read Only study role can access Studio in read-only mode.

CDMS Sub Investigator CDMS Sub Investigator

Users with the CDMS Sub Investigator study role can use Vault EDC to create Casebooks, fill and submit case report Forms, answer queries, access reports, and create PDFs.

CDMS Super User CDMS Super User

Users with this study role can access all areas of the application and perform all actions within those areas. This role is only available in non-production environments.

CDMS User Administrator CDMS User Administrator

Users with this role can manage user accounts and access within Vault CDMS.