Standard CDMS Security Profiles

In Vault, each user has an assigned license type and security profile. Each security profile has one or more permission sets. The license type, either Full User or Read-only User  is the first level of access control that vault applies to a user. Permission sets, applied through the user’s security profile, are the second level of access control. Both the license type and permission set must grant access to a user in order for that user to access the functionality.

Security profiles are how Vault applies permission sets to individual users. Each profile has one or more associated permission sets.

Standard Security Profiles with Multi-role Security

21R2 & Later

With the Multi-Role Security feature, all users have one security profile.

Contact Veeva Support to enable Multi-Role Security in your vault.

Security Profile Permission Sets Description Study Roles
CDMS All Access
  • CDMS All Objects Read Only
This security profile, for use with multi-role security, is assigned to all users. User access is then controlled by Study Role. All

Standard Security Profiles with Role by Study

19R1 & Later

Vault CDMS includes several security profiles that are added with the enablement of Roles by Study. You can click down into each of these security profiles from within Admin > Users & Groups > Security Profiles to view which permissions are associated with each security profile.

Contact Veeva Support to enable CDMS Role by Study in your vault.

EDC Security Profiles

Security Profile Permission Sets Description Study Roles
CDMS Auditor Read Only
  • CDMS All Objects Read Only deprecated
  • Data Entry Tab Access
This security profile is intended for use by read-only users, such as auditors. This security profile grants read-only access to the Data Entry tab. CDMS Auditor Read Only
CDMS Clinical Coder Manager
  • CDMS All Objects Read Only deprecated
  • CDMS Execution Objects Full Access deprecated
  • Coder Tab Access
  • Reports Tab Access
  • Schedule Reports deprecated
This security profile grants access to the Coder tab, for the purpose of approving code requests. This security profile also grants the ability to view reports and dashboards.
CDMS Clinical Assessment Editor
  • Assessments Tab Access
  • CDMS All Objects Read Only deprecated
  • CDMS Execution Objects Full Access deprecated
This security profile grants access to the Assessments tab for the purpose of performing clinical assessments. CDMS Clinical Assessment Editor
CDMS Clinical Assessment Reader
  • Assessments Tab Access
  • CDMS All Objects Read Only deprecated
  • CDMS Execution Objects Full Access deprecated
This security profile grants access to the Assessments tab for the purpose of viewing completed clinical assessments. CDMS Clinical Assessment Reader
CDMS Clinical Research Associate
  • CDMS All Objects Read Only deprecated
  • CDMS Execution Objects Full Access deprecated
  • Jobs Access deprecated
  • Reports Tab Access
  • Review Tab Access
This security profile grants access to the Review, Reports, and Dashboards tabs for the purpose of running jobs, viewing reports and dashboards, viewing study execution data, and performing various other review tasks. CDMS Clinical Research Associate
CDMS Clinical Research Coordinator
  • CDMS All Objects Read Only deprecated
  • CDMS Execution Objects Full Access deprecated
  • Data Entry Tab Full Access
This security profile grants access to the Data Entry tab for the purpose of entering study execution data, and answering queries. CDMS Clinical Research Coordinator
CDMS Data Manager
  • CDMS All Objects Read Only deprecated
  • CDMS Execution Objects Full Access deprecated
  • Jobs Access deprecated
  • Reports Tab Access
  • Review Tab Access
This security profile grants access to the Review, Reports, and Dashboards tabs for the purpose of running jobs, viewing reports and dashboards, viewing study execution data, and performing various other data management tasks. CDMS Data Manager
CDMS Deployment Administrator
  • CDMS All Objects Read Only deprecated
  • CDMS Definition Objects Full Access deprecated
  • CDMS Deployment Objects Full Access deprecated
  • CDMS Execution Objects Full Access deprecated
  • EDC Tools Tab Access
  • Jobs Access deprecated
  • Job Schedule Access deprecated
  • Studio Tab Access
This security profile is intended for use by the deployment administrator. This security profile grants access to all objects and application areas required for managing automated deployments. CDMS Deployment Administrator
CDMS Lab Data Manager
  • API Access deprecated
  • CDMS All Objects Read Only deprecated
  • CDMS Definition Objects Full Access deprecated
  • CDMS Execution Objects Full Access deprecated
  • Job Schedule Access deprecated
  • Jobs Access deprecated
  • Labs Tab Access
This security profile grants access to the Labs tab for configuration of analytes and lab data management. CDMS Labs Data Manager
CDMS Lead Data Manager
  • CDMS All Objects Read Only deprecated
  • CDMS Execution Objects Full Access deprecated
  • EDC Tools Tab Access
  • Jobs Access deprecated
  • Job Schedule Access deprecated
  • Reports Tab Access
  • Review Tab Access
This security profile grants access to EDC Tools and the Review tab, to run and schedule jobs, view reports and dashboards, view study execution data, and to perform various other study administration and data management tasks. CDMS Lead Data Manager
CDMS Librarian
  • API Access deprecated
  • CDMS All Objects Read Only deprecated
  • CDMS Definition Objects Full Access deprecated
  • CDMS Execution Objects Full Access deprecated
  • Data Entry Tab Access
  • EDC Tools Tab Access
  • Job Schedule Access deprecated
  • Jobs Access deprecated
  • Reports Tab Access
  • Review Tab Access
  • Studio Tab Access
  • Labs Tab Access
  • Library Tab Access
This security profile grants access to the Library tab with the ability to create and edit design objects for a library collection and test the study design in the relevant application areas. CDMS Librarian
CDMS Principal Investigator
  • CDMS All Objects Read Only deprecated
  • CDMS Execution Objects Full Access deprecated
  • Data Entry Tab Full Access
This security profile grants access to the Data Entry tab for the purpose of entering study execution data, answering queries, and providing signatures. CDMS Principal Investigator
CDMS Sub Investigator
  • CDMS All Objects Read Only deprecated
  • CDMS Execution Objects Full Access deprecated
  • Data Entry Tab Full Access
This security profile grants access to the Data Entry tab for the purpose of entering study execution data, and answering queries. CDMS Sub Investigator
CDMS Study Designer
  • API Access deprecated
  • CDMS All Objects Read Only deprecated
  • CDMS Definition Objects Full Access deprecated
  • Jobs Access deprecated
  • Reports Tab Access
  • Studio Tab Access
  • Library Tab Access
This security profile grants access to EDC Studio with the ability to create and edit design objects, view reports and dashboards, initiate jobs from within Studio, and access the Vault CDMS API. CDMS Study Designer
CDMS Study Designer Read Only
  • CDMS All Objects Read Only deprecated
  • Studio Tab Access
This security profile grants read-only access to the Studio area. CDMS Study Designer Read Only
CDMS User Administrator
  • API Access deprecated
  • CDMS All Objects Read Only deprecated
  • CDMS Definition Objects Full Access deprecated
  • CDMS Execution Objects Full Access deprecated
  • Coder Tab Access
  • Coder Tools Tab Access
  • Data Entry Tab Access
  • EDC Tools Tab Access
  • Jobs Access deprecated
  • Job Schedule Access deprecated
  • Reports Tab Access
  • Review Tab Access
  • Studio Tab Access
  • User Access deprecated
This security profile is intended for use by dedicated user administrators, for the purpose of managing user accounts and study access only. This security profile grants total access to Vault CDMS. CDMS User Administrator
Data Entry
  • CDMS All Objects Read Only deprecated
  • CDMS Execution Objects Full Access deprecated
  • Data Entry Tab Full Access deprecated
This security profile grants access to the Data Entry tab for the purpose of entering study execution data, answering queries, and providing signatures. This security profile is no longer mapped by default to any standard roles. Previously, it was mapped to:
  • CDMS Principal Investigator
  • CDMS Sub Investigator
  • CDMS Clinical Research Coordinator
CDMS Super User
  • API Access
  • CDMS All Objects Read Only
  • CDMS Definition Objects Full Access
  • CDMS Execution Objects Full Access
  • Coder Tab Access
  • Coder Tools Tab Access
  • Data Entry Tab Access
  • Job Schedule Access
  • Jobs Access
  • Reports Tab Access
  • Review Tab Access
  • Studio Tab Access
  • User Access
  • Assessments Tab Access
  • Role Management Access
  • CDMS Deployment Objects Full Access
  • Schedule Reports
  • Workbench Tab Access
  • System Tools Tab Access
  • Randomization Tab Access
  • Labs Tab Access
  • Protocol Deviations Tab Access
  • Library Tab Access
This security profile grants access to all areas of Vault CDMS. CDMS Super User
CDMS API Read Only
  • API Access
  • CDMS All Objects Read Only
This security profile grants access the access required to use the CDMS API for read-only purposes. CDMS API Read Only
CDMS API Read Write
  • API Access
  • CDMS All Objects Read Only
  • CDMS Execution Objects Full Access
This security profile grants access the access required to use the CDMS API for read and write purposes. CDMS API Read Write
Vault Owner
  • Business Administrator Actions DEPRECATED
  • System Administrator Actions DEPRECATED
  • Vault Owner Actions
In addition to the Vault platform Vault Owner permissions, Vault Owners in CDMS can perform any and all tasks available in Vault CDMS. This security profile can also access the Vault Admin area. N/A

Coder Security Profiles

Security Profile Permission Sets Description Study Roles
CDMS Clinical Coder
  • CDMS All Objects Read Only deprecated
  • CDMS Execution Objects Full Access deprecated
  • Coder Tab Access
  • Reports Tab Access
This security profile grants access to the Coder tab, for the purpose of assigning codes, creating queries, and creating notes. This security profile also grants the ability to view reports and dashboards. CDMS Clinical Coder
CDMS Clinical Coder Administrator
  • CDMS All Objects Read Only deprecated
  • CDMS Execution Objects Full Access deprecated
  • Jobs Access deprecated
  • Reports Tab Access
  • Coder Tab Access
  • Coder Tools Tab Access
This security profile grants access to the Coder and Coder Tools tabs, with the purpose of managing the Coder application and its settings. This security profile also grants the ability to view reports and dashboards. In the current release, users with this security profile are unable to access jobs, even with those permission sets, because this profile does not grant access to the EDC Tools area. CDMS Clinical Coder Administrator
CDMS Deployment Administrator
  • CDMS All Objects Read Only deprecated
  • CDMS Definition Objects Full Access deprecated
  • CDMS Deployment Objects Full Access deprecated
  • CDMS Execution Objects Full Access deprecated
  • EDC Tools Tab Access
  • Jobs Access deprecated
  • Job Schedule Access deprecated
  • Studio Tab Access
This security profile is intended for use by the deployment administrator. This security profile grants access to all objects and application areas required for managing automated deployments. CDMS Deployment Administrator
CDMS User Administrator
  • API Access deprecated
  • CDMS All Objects Read Only deprecated
  • CDMS Definition Objects Full Access deprecated
  • CDMS Execution Objects Full Access deprecated
  • Coder Tab Access
  • Coder Tools Tab Access
  • Data Entry Tab Access
  • EDC Tools Tab Access
  • Jobs Access deprecated
  • Job Schedule Access deprecated
  • Reports Tab Access
  • Review Tab Access
  • Studio Tab Access
  • User Access deprecated
This security profile is intended for use by dedicated user administrators, for the purpose of managing user accounts and study access only. This security profile grants total access to Vault CDMS. CDMS User Administrator
CDMS Super User
  • API Access
  • CDMS All Objects Read Only
  • CDMS Definition Objects Full Access
  • CDMS Execution Objects Full Access
  • Coder Tab Access
  • Coder Tools Tab Access
  • Data Entry Tab Access
  • Job Schedule Access
  • Jobs Access
  • Reports Tab Access
  • Review Tab Access
  • Studio Tab Access
  • User Access
  • Assessments Tab Access
  • Role Management Access
  • CDMS Deployment Objects Full Access
  • Schedule Reports
  • Workbench Tab Access
  • System Tools Tab Access
  • Randomization Tab Access
  • Labs Tab Access
  • Protocol Deviations Tab Access
  • Library Tab Access
This security profile grants access to all areas of Vault CDMS. CDMS Super User
CDMS API Read Only
  • API Access
  • CDMS All Objects Read Only
This security profile grants access the access required to use the CDMS API for read-only purposes. CDMS API Read Only
CDMS API Read Write
  • API Access
  • CDMS All Objects Read Only
  • CDMS Execution Objects Full Access
This security profile grants access the access required to use the CDMS API for read and write purposes. CDMS API Read Write
Vault Owner
  • Business Administrator Actions DEPRECATED
  • System Administrator Actions DEPRECATED
  • Vault Owner Actions
In addition to the Vault platform Vault Owner permissions, Vault Owners in CDMS can perform any and all tasks available in Vault CDMS. This security profile can also access the Vault Admin area. N/A

There are several other standard security profiles available in your vault as part of the Vault Platform. We recommend that you only use the security profiles listed here or custom security profiles, as the other standard profiles may not have functional access to CDMS application functionality.

In some cases, you may want to create custom Security Profiles. For example, to create a profile that allows a user to access the Data Entry area, but not view the Reports tab. You can create a custom security profile and assign standard Permission Sets to it.

Standard Security Profiles without Role by Study

Prior to 19R1

Vault CDMS includes several standard security profiles:

Known Issue:
In the current release, users with the EDC Lead Data Manager and EDC Data Manager security profiles have access to the Vault Business Admin area by default.
To remove this access, [create a new security profile]({{ ‘/platform/security/managing-security-profiles-permission-sets/’ | prepend: site.baseurl }}) without the Study Jobs permission set, and assign it to your data manager users.

EDC Security Profiles

Security Profile Permission Sets Description Study Roles
EDC CRA
  • Base CRA Permissions DEPRECATED
  • Base EDC User Permissions DEPRECATED
  • Base Standard Template Report Permissions DEPRECATED
This profile grants limited access to manage data. This profile provides the ability to perform SDV, close queries, freeze data, access reports, and create PDFs. EDC CRA
EDC Clinical Research Coordinator
  • Base EDC User Permissions DEPRECATED
  • Base Site User Permissions DEPRECATED
This profile grants full access to the data entry area. This profile provides the ability to answer queries, submit forms, and create blank PDFs. EDC Clinical Research Coordinator
EDC Data Manager
  • Base Data Manager Permissions DEPRECATED
  • Base EDC User Permissions DEPRECATED
  • Base Standard Template Report Permissions DEPRECATED
  • Study Jobs
This profile grants full access to manage data. This profile provides the ability to perform data management review, view DMR, create PDFs, access reports, and lock data. EDC Data Manager
EDC Deployment Administrator
  • CDMS Definition Objects Read Only DEPRECATED
  • CDMS Deployment Objects Full Access
  • EDC Tools Tab Access
  • Studio Tab Access
This security profile is intended for use by the deployment administrator. This security profile grants access to all objects and application areas required for managing automated deployments. EDC Deployment Administrator
EDC Investigator
  • Base EDC User Permissions DEPRECATED
  • Base Site User Permissions DEPRECATED
  • Base Standard Template Report Permissions DEPRECATED
  • EDC Investigator Permission DEPRECATED
This profile grants full access to the data entry area. This profile provides the ability to answer queries, submit forms, access reports, provide an eSignature, and create PDFs. EDC Investigator
EDC Lead CRA
  • Base CRA Permissions DEPRECATED
  • Base EDC User Permissions DEPRECATED
  • Base Standard Template Report Permissions DEPRECATED
This profile grants limited access to manage data. This profile provides the ability to perform SDV, close queries, freeze data, access reports, and create PDFs. EDC Lead CRA
EDC Lead Data Manager
  • Base Data Manager Permissions DEPRECATED
  • Base EDC User Permissions DEPRECATED
  • Base Standard Template Report Permissions DEPRECATED
  • EDC Study Tools Permissions DEPRECATED
  • Jobs Access
  • Job Schedule Access
  • Study Jobs
  • User Access
This profile grants full access to manage data. This profile provides the ability to perform data management review, view DMR, create PDFs, access reports, and lock data. This profile also has access to the EDC Tools area by default. EDC Lead Data Manager
EDC Reviewer
  • Base EDC User Permissions DEPRECATED
  • EDC Reviewer Permissions DEPRECATED
This grants read-only access. This security profile provides the ability to create a PDF. EDC Reviewer
Vault Owner
  • Business Administrator Actions DEPRECATED
  • System Administrator Actions DEPRECATED
  • Vault Owner Actions
In addition to the Vault platform Vault Owner permissions, Vault Owners in CDMS can perform any and all tasks available in Vault CDMS. This security profile can also access the Vault Admin area. N/A

Coder Security Profiles

Security Profile Permission Sets Description Study Roles
EDC Clinical Coder
  • Base EDC User Permissions DEPRECATED
  • Base Standard Template Report Permissions DEPRECATED
  • EDC Clinical Coder DEPRECATED
This profile provides the ability to view the Coder tab, code, and to send, receive, respond, and close queries. EDC Clinical Coder
EDC Clinical Coder Administrator
  • Base EDC User Permissions DEPRECATED
  • Base Standard Template Report Permissions DEPRECATED
  • EDC Clinical Coder Administration DEPRECATED
This profile allows for managing upversioning and managing and assigning of synonym lists and stop lists. Coder Administrators can also set up and modify application and study settings. EDC Clinical Coder Administrator
EDC Deployment Administrator
  • CDMS Definition Objects Read Only DEPRECATED
  • CDMS Deployment Objects Full Access
  • EDC Tools Tab Access
  • Studio Tab Access
This security profile is intended for use by the deployment administrator. This security profile grants access to all objects and application areas required for managing automated deployments. EDC Deployment Administrator
Vault Owner
  • Business Administrator Actions DEPRECATED
  • System Administrator Actions DEPRECATED
  • Vault Owner Actions
In addition to the Vault platform Vault Owner permissions, Vault Owners in CDMS can perform any and all tasks available in Vault CDMS. This security profile can also access the Vault Admin area. N/A