Anyone with a user role of Data Manager can create and invite users to access his/her study(ies). As part of the invitation process, the Data Manager specifies what each user can have access to based on that user’s type and user role. For more information, see User Type.
When the user receives and accepts the email invitation, s/he is prompted to set a password:
Password requirements are as follows:
- Must be at least 8 characters in length
- Must contain at least one of each of the following types of characters:
- Lower case letters (a-z)
- Upper case letters (A-Z)
- Numbers (0-9)
- Special characters (!@#$%^&*)
- Cannot be the same as the previous password
- Passwords expire every 180 days and users are automatically prompted to create a new password.
- User accounts are locked after ten failed login attempts from the same IP address.
- After ten minutes the account is unlocked and the failed login attempts counter is reset to 0.
- If the user enters the correct password prior to 10 attempts (e.g., after 4 attempts), the failed login attempts counter is reset to 0.
- Users are automatically logged out of OpenClinica after one hour of inactivity.
- If a user requests a password reset action, the password reset link is available for 24 hours. The user would have to request another password reset if they did not access the original link within 24 hours.
- If a user is invited to a study, that invitation expires if it is not used within 14 days.
All login attempts and password reset requests are logged in the User Audit Log.
When a user is created, that user is assigned a user type and a user role.
- User type determines the user’s access level. For example, it defines whether the user can access data across all studies and sites (Admin), or only to specifically assigned studies or sites (User).
- User role determines the specific tasks the user can perform within that realm of the assigned user type.
Available user types are:
- Can create studies and can see all studies that exist in your test and production environments.
- Can assign him/her-self access to any study in your test and production environments.
- Can only view and access studies or sites assigned to the user account.
When assigning a user type, keep the following in mind:
- Because Administrators have overall access to all studies, this user type should be assigned sparingly. Most users should be assigned the user type of “user.”
- Site users should never be assigned a user type of Administrator – this would give them potential access to all data across all studies and sites in your test and production environments.
Each user only has only one user type, but may have different user roles in different studies or sites.
For example, you may be a user type of “user,” with a role of Data Manager on one study and a role of Monitor on another study.
Refer to the User Matrix for a table of permissions available to each of the OC4 user roles.
All users have access to updating their user profile and password at any time.
From the User Menu, selecet My Profile:
To edit your user information, click the Details edit link and update your information as needed:
Note that you cannot change the email address associated with your account. Please contact your Administrator if you need to change your email address.
To change your password, click the Change password link and update your password:
- To access the OpenClinica Support Team (contract-based, named users, only), from the User Menu, select Support:
And the support portal displays:
Data Managers can manage user accounts for studies to which they have access. To manage users for a study, go to My Studies and click the Share button for the study for which you want to manage users:
You can then invite, edit, or remove users as needed. You can also resend an invitation if the user has accidentally deleted the original invitation. Changes made on this page only apply to the current study.
Administrators have access to Central User Administration, where user accounts can be edited, deactivated, or re-activated across all environments. Administrators can also download the User and Role Audit Logs, which lists login attempts, role changes, profile changes, role changes, password reset requests, and more. To access Central User Administration, from the User Menu, select Administration (only Administrators have access to this menu option):
In the Administration window, Deactivate or Edit user accounts as needed. Changes made in this window apply to the user account across all studies and environments.
If a user account is deactivated, that user cannot log into OpenClinica.