Once you have built and designed your study, you can share it with users. You can assign different User Types and User Roles to users to specify their access level within the Study Build System and each study environment.

User Type

When a user is created, that user is assigned a User Type and User Role. There are two User Types: Admin and User. Only Admins have access to the Administration page.

User Type determines the tasks that the user has permission to perform globally throughout the system. For example, only Admins can create studies or view the Administration screen.

User Role determines study-level access and specific tasks the user can perform based on the assigned User Type in the Test or Production environments.

For example, a user might have a User Type of Admin and a User Role of Data Manager or a User Type of User and a User Role of Investigator.

Available User Types are:

  • Admin:
    • Can create studies.
    • Can see all studies.
    • Can assign their own access to any study.
  • User:
    • Can only view and access assigned studies or sites.

Best Practice:

  • The Admin User Type should be assigned sparingly because administrators have access to all studies. Most users should be assigned the User Type of User. Site users should never be assigned a User Type of Admin, as this would give them potential access to all data across all studies and sites in your Test and Production environments.
  • Each user only has one User Type but can have different User Roles in different studies or sites. For example, one can have a User Type of User, with a User Role of Data Manager in one study environment and a User Role of Study Monitor in another study environment. 

User Roles

Refer to the User Matrix for a table of permissions available to each of the OC4 User Roles.

User Roles Include:

Study-level User Roles:

 User Role Basic Permissions
Data Manager
  • Add, Remove, Restore, and Reassign Participants
  • Schedule, View, Add, Remove, Restore, and Lock Events
  • View, Enter, Edit, Clear, Remove, and Restore Form Data
  • Add, Update, and Close Queries
  • Verify and Unverify Forms
  • Extract and Import Data

*In addition, when the Manage Study permission is enabled:

  • *Edit Study Settings
  • *Edit Study Design
  • *Publish a Study
  • *Add Sites
  • *Invite Users
Data Specialist
  • Add, Remove, Restore, and Sign Participants
  • Schedule, View, Add, Remove, Restore, and Sign Events
  • View, Enter, Edit, Clear, Remove, and Restore Form Data
  • Add and Update Queries
  • Extract and Import Data
Data Entry Person
  • Add and View Participants
  • Schedule, View, Add, Remove and Restore Events
  • View, Enter, Edit, Clear, Remove, and Restore Form Data
  • Add and Update Queries
  • Import Data
Monitor
  • Add, Remove, and Restore Participants
  • View Events
  • View Form Data
  • Add, Update, and Close Queries
  • Verify and Unverify Forms
Viewer
  • View Participants, Events and Form Data

*Viewers have read-only access to Study Runner. They cannot enter or edit data, create queries, perform SDV, or run extracts.

Site-Level User Roles:

 User Role Basic Permissions
Data Manager
  • Add, Remove, Restore, and Reassign Participants
  • Schedule, View, Add, Remove, Restore, and Lock Events
  • View, Enter, Edit, Clear, Remove, and Restore Form Data
  • Add, Update, and Close Queries
  • Verify and Unverify Forms
  • Extract and Import Data
Investigator
  • Add, View, Remove, Restore, and Sign Participants
  • View, Add, Remove, Restore, and Sign Events
  • View, Enter, Edit, Remove, and Restore Form Data
  • Add and Update Queries
  • Extract and Import Data
Clinical Research Coordinator
  • Add and View Participants
  • View, Add, Remove, and Restore Events
  • View, Enter, Edit, Clear, Remove, and Restore Form Data
  • Add and Update Queries
  • Import Data
Monitor
  • View Participants
  • View Events
  • View Form Data
  • Add, Update, and Close Queries
  • Verify and Unverify Forms
  • Extract Data
Viewer
  • View Participants, Events and Form Data

*Viewers have read-only access to Study Runner. They cannot enter or edit data, create queries, perform SDV, or run extracts.

Note: Site-level users can only see Participants at the sites they have been assigned to and cannot see study-level Participants.

To Access the User Roles screen:

From the My Studies screen, click the Settings icon on the Study Card, then select User Roles.

User Roles Page with descriptions of each role

The Access column displays Permission Tags (white background) and General Permissions (green background). This can be updated when creating or editing a user role.

To Create a New User Role:

  1. On the User Roles screen, click the Create button.
  2. The Create New Role window appears. Enter information in each field:
    1. Name the User Role.
    2. Select a standard User Role to base the new User Role on. (The base User Role provides core permissions of the custom User Role.)
    3. Enter a description for the User Role. (The default User Role description appears to the right/below the User Role in the Based On field.)
    4. Assign Permission Tags.
  3. Click the Save button.

Create New Role Window

Note: When a User Role is saved, it becomes available to users in both Test and Production environments for the current study.

To Edit a User Role:

  1. On the User Roles screen, click the Edit button to the right of the role you want to edit. The Edit Role screen appears.
  2. Edit information in one or more of the following fields:
    1. Name
    2. Based On
    3. Description
    4. Permission Tags
    5. General Permissions (when applicable)
  3. Click the Save button.

Edit Role Window

General Permissions

General Permissions is a section that allows you to customize the permissions for a user role. This section varies by role and only appears for some roles. For example, when selecting “Data Manager” in the Based On field, the General Permissions section is available and shows the Manage Study permission. General Permissions can be selected or deselected as needed to grant or restrict access to OpenClinica features for the role being configured.

The Manage Study permission will be available for all user roles that are “based on Data Manager” and can be configured from the Edit Role window within the User Roles page. If checked, this permission will grant access to Study Manager and Study Designer. All roles based on Data Manager will have this permission enabled by default.

Keep the Following in Mind:

  • User Roles are defined per study.
  • Custom User Roles have the same access as the User Roles they were based on.
  • Changes to User Roles take effect upon saving and it is not necessary to re-publish the study.
    • Changes to roles assigned to users, user role definitions, and permission tags assigned to user roles take effect for users based on whether they are logged in at the time of the change.
    • For users who are not logged in at the time of the change, they will see the changes at their next login.
    • For users who are logged in at the time the change was made, the change will be active in their session when they do any of the following:
      • Click the Go button from Study Designer
      • Access the Change Study page in Study Runner
      • Navigate to any other Study Runner page (may not take effect for up to five minutes from when the change was saved)
      • Log Out and Log In
  • If you want a user to have access in one environment but not another, you must use a different User Role in each environment. For example, the User Roles might be Clinical Research Coordinator 1 in Test and Clinical Research Coordinator 2 in Production. In this case, Clinical Research Coordinator 1 in Test might have access to a Form, but Clinical Research Coordinator 2 in Production might not have access to that Form (based on the permission tags assigned to it).

5.2.1 Using the Share Screen

Share screen features allow you to add sites and invite users to access your study.

You can access the Share screen from either the My Studies screen, Study Designer, or the Settings screen.

The Share button is on the bottom of the study card on the My Studies screen. Select Test or Production to share your study.

The Share button is also in the header bar in Study Designer. Select Test or Production to share your study.

5.2.2 Adding Sites

Before you invite users to your study, add at least one site. This applies even if your study is only collecting data from a single site.

To Add a Site:

  1. On the Share screen, scroll down to Sites, and click the Add button.

  1. On the Add Site screen, begin to type the site name.
    1. If the site already exists in another environment, select that site from the list. Fields are prefilled with site information.
    2. If you need to make a new site, type the name of the site, and enter information in the appropriate fields.
      1. Although the Expected Number of Participants field is required, this will not limit the number of participants at the site. Limiting the number of participants can only be done at the Study level. View the Create a Study page for detail on limiting participants in a study.

Note: Sites are global, meaning if you use a site in Study A you don’t need to recreate that site for Study B. When adding an existing site to a study, values appear in the Site Name, City, State/Province, Zip, and Country fields automatically.

  1. Click the Save button.

5.2.3 Inviting Users

To Invite a User:

  1. Click the Share button under the Study Card of your study on the My Studies screen or in the header of the Settings screen or Study Designer.
  2. Select your study environment (Test or Production).
  3. Under the People header, on the right, click the Invite button.
  4. Begin typing, and click Invite a new user, or select an existing user from the drop-down list.
    1. If you select Invite a new user, the Add User screen appears, and you can enter values for each field. Then click the Create User button.

    1. If you select an existing user from the drop-down list, the system sends a new email invitation.

Note: The username and email of each user in the system must be unique.

  1. When prompted, select a role for the user from the list of available roles:

Note: To provide access to another site, for example for a Monitor who is responsible for montoring two sites, click in the Site box again and select additional site(s) as needed.

  1. When finished granting the appropriate access, click Invite. An email is sent to the user, and they are listed in the People table on the Share screen.

Before a User can Access a Study, They Must Create a Password that Meets the Following Criteria:

  • Must be at least 8 characters in length
  • Must contain at least one of each of the following types of characters:
    • Lower case letters (a-z)
    • Upper case letters (A-Z)
    • Numbers (0-9)
    • Special characters (!@#$%^&*)

5.2.4 Publish History

The Share screen tracks the publication history for each environment (Test and Production). Scroll to the bottom of the Share screen to see the publication history.

To View a Previously Published Version of the Study:

Click the View Study Design link to the right of the version you’d like to view.

A read-only version of the previously published study design displays:

Though no changes can be made to this version of the study, you can:

  • View form and event settings
  • Download form versions,
  • Preview forms

etc.

The header clearly indicates this is a read-only version, and includes a link to quickly access the current version of the study, which is fully editable.

Note: Some Form attributes (checklists, tags, and labels) show the values that they have in the current design, regardless of their state in the previously published version. In the Test environment, if a Form version was overwritten after a previous publication, only the newest version of that Form is available for preview and download. This is not a concern in the Production environment, since Form versions cannot be overwritten.

5.2.5 Editing Study Settings

To Edit Study Settings:

  1. To the right of Study Settings, click Edit.
    1. The Study ID field has a limit of 30 characters.
  2. Edit the study settings as needed, and click Save.

Note: The changes take effect immediately in both the Test and Production environments for that study.

Adding and Editing Participant IDs

Participant IDs can be created with:

  • Manual Entry: The user must enter the ID for each Participant.
  • System-generated: The system will auto-generate the ID based on an ID Template that you specify.

To Change the Method of Creation to Allow Automatic Entry:

  1. From the My Studies screen, click the Settings (gear) icon under the study name, and select Settings.
  2. Click the Edit link next to the Participant ID Settings header.
  3. Click the radio button next to System-generated.

Note: If Method of Creation is set to System-generated, only Data Managers can edit the Participant ID. Data Managers can always edit IDs, even ones that are system-generated.

System Generated IDs

If you choose System-generated, you must specify the template for the system-generated ID.

You Can Generate Participant IDs by the Following Methods:

  • The Participant Count Method: Generate Participant IDs sequentially.
  • The Random Number Method: Generate Participant IDs using random numbers.

You Can Build Your ID Template Using One or More of the Following Components:

  1. ${siteId}: The unique identifier for the site the Participant is being added to.
  2. ${siteParticipantCount}: The current number of Participants at the site. This is generally used like ${(siteParticipantCount+1)} to have the ID increment the Participant count for each new Participant added.
  3. ${helper.random(n)}: Generates a random number with up to n digits each time a Participant ID is generated.
  4. ?string[000]: Added to the resulting values to pad them with leading zeros to equal the number of digits specified, for example, ${(siteParticipantCount+1)?string[000]} or ${(helper.random(5))?string[00000]}.
  5. Prefixes, suffixes, separators – Include other text (such as or a Study-specific prefix) to include standard content in each ID.

Note: Each ID Template must include #2 or #3.

Examples: The Participant Count Method template, ${siteId}-${(siteParticipantCount+1)?string[000]}, for site University Hospital (Site ID = UH) would produce the IDs, UH-001, UH-002, UH-003, etc. For site Central Hospital (Site ID = CH) would produce CH-001, CH-002, CH-003, etc.

The Random Number Method template, P-${(helper.random(5))?string[00000]}, would produce IDs with a fixed prefix of P- followed by a 5-digit random number (including leading zeros), for example P-00362, P-82394, P-35070.

Notes About the Template:

  • The template cannot exceed 255 characters, and the resulting Participant ID cannot exceed 30 characters.
  • ${siteId} and ${siteParticipantCount} are both required but can be in any order.
  • Static text can be added to any portion of the template, but cannot include the following characters:
    • Slash (/)
    • Backslash (\)
    • Less Than (<)
    • Greater Than (>)
    • Ampersand (&)
    • Quotation Marks {“)
    • Apostrophe (‘)

Best Practice: There is no restriction for going beyond the minimum, but it is best practice to set up the minimum length to match the length of the maximum number of expected Participants.

If the template is invalid for any reason, the system uses a default template of ${siteOID} followed by a dash and a six-digit random number.

5.2.6 Using Multifactor Authentication

You can enable multi-factor authentication (MFA) for your OpenClinica domain with an API or contact the OpenClinica Customer Service team.

When you enable multi-factor authentication, users are prompted to:

  1. Download either the FreeOTP app or the Google Authenticator app to your smartphone.
  2. Scan a barcode.
  3. Enter the access code from their device.

Initial User Sign-up:

Subsequent Logins:

Note: Once you have enabled multi-factor authentication, you no longer need to scan a barcode. Only username, password, and an access code are required to sign in. The barcode should be treated as your password and should not be shared with anyone (including via screenshare). 

If This Feature is Enabled:

  • All Study and Site Users are required to login with username, password, and an additional code.
  • Data Specialists and Investigators will still sign participant records with only their username and password.
  • Participant users logging into Participate are still only required to enter access codes.
  • You cannot enable multi-factor authentication for a specific study, site, or user. It must be enabled per OpenClinica domain.

Additional Information:

There is no link between a user’s authenticator app/device and the authentication server: Authenticator apps do not communicate with a server in any capacity. If a user deletes an MFA entry in their app, the server is not informed in any way and the user will still be expected to enter their One Time Password (OTP) upon login.

Troubleshoot syncing the device clock to the server time: We suggest the user compare their MFA device time to something official (e.g. https://www.time.gov/) – ensure that the users understand that MFA is sensitive down to the second. Some mobile devices fetch the time from their local Wi-Fi device and may be inaccurate.

If a user loses their MFA device or authenticator entries: they will have to make a request to the support team to reset their MFA credentials, which will prompt them to re-configure MFA and give them a new QR code to scan.

Note: Our current implementation of MFA/OTP requires a second device such as a phone or tablet running iOS or Android and using one of the apps listed above.