Overview #
Permission Management gives administrators fine-grained control over what users can see and do across the DnXT Suite. It provides two distinct views — Module Access and Resource Access — that together define both feature-level permissions (what actions a role can perform) and data-level permissions (which dossiers, submissions, and modules a group can access).
Permission Management works in tandem with User Management. Roles and groups are defined in User Management; their permissions are configured here.
Module Access answers the question: “What can users with this role do?” (e.g., can they create submissions, export reports, manage workflows?).
Resource Access answers the question: “What data can users in this group see?” (e.g., which specific dossiers and submission modules are visible?).
Accessing Permission Management #
- Log in to DnXT Administrator.
- Click Permission Management in the left sidebar.
- The view opens with two tabs: Module Access and Resource Access.
Module Access Tab #
The Module Access tab lets you configure feature-level permissions for each user role. It uses a master-detail layout with a role list on the left and a permission tree on the right.
Role List (Left Sidebar) #
The left panel displays all defined user roles. Click a role name to load its permission configuration in the right panel. Roles are defined in User Management > User Roles — you cannot create or delete roles from this view.
Permission Tree (Right Panel) #
When you select a role, the right panel displays a hierarchical permission tree organized by application and feature area. The tree uses nested checkboxes to represent permissions at multiple levels.
Tree Structure #
The permission tree is organized as follows:
- Level 1: Application — Publisher, Reviewer, Admin
- Level 2: Module — e.g., Dossier Library, TOC Editor, User Management
- Level 3: Feature — e.g., Create Submission, Delete Document, Export Report
- Level 4: Action — e.g., View, Create, Edit, Delete
Checkbox Behavior #
| State | Visual | Meaning |
|---|---|---|
| Checked | Filled checkbox | Permission is granted for this item and all children |
| Unchecked | Empty checkbox | Permission is denied for this item and all children |
| Indeterminate | Partially filled checkbox | Some children are granted, some are denied |
Setting Permissions #
- Select a role from the left sidebar.
- Expand the permission tree nodes to navigate to the desired feature.
- Check or uncheck the checkboxes to grant or revoke permissions.
- Checking a parent node automatically checks all child nodes.
- Unchecking a parent node automatically unchecks all child nodes.
- Click Apply at the bottom of the permission tree to save the changes.
Example: Configuring a “Document Specialist” Role #
Suppose you want a role that can manage documents but not create or delete submissions:
- Select the Document Specialist role from the left sidebar.
- Expand Publisher > TOC Editor.
- Check Add Document, Edit Document, Replace Document, View Document.
- Leave Delete Document unchecked.
- Expand Publisher > Dossier Library.
- Check View but leave Create Submission and Delete Submission unchecked.
- Click Apply.
Resource Access Tab #
The Resource Access tab lets you control which specific data resources (dossiers, submissions, and CTD modules) are visible to each user group. It uses a master-detail layout with a group list on the left and a resource tree on the right.
Group List (Left Sidebar) #
The left panel displays all defined user groups. Click a group name to load its resource access configuration in the right panel. Groups are defined in User Management > User Groups.
Resource Tree (Right Panel) #
When you select a group, the right panel displays a hierarchical resource tree that represents your organization’s data structure:
- Level 1: Module — The DnXT application (Publisher, Reviewer)
- Level 2: Region — The regulatory region (US, EU, JP, etc.)
- Level 3: Application — A specific regulatory application (e.g., NDA, BLA, MAA)
- Level 4: Submission — An individual submission sequence within the application
- Level 5: CTD Modules — The eCTD modules (Module 1-5) within the submission
Setting Resource Access #
- Select a group from the left sidebar.
- Expand the resource tree to locate the desired dossiers, submissions, or modules.
- Check the checkboxes to grant the group access to specific resources.
- Checking a parent node grants access to all children (e.g., checking a Region grants access to all Applications within that region).
- Click Apply to save the changes.
Example: Restricting Access to US Submissions Only #
- Select the US Regulatory Team group from the left sidebar.
- In the resource tree, expand Publisher.
- Check the US region checkbox. This grants access to all US applications and submissions.
- Leave all other regions (EU, JP, etc.) unchecked.
- Click Apply.
How Module Access and Resource Access Work Together #
A user’s effective permissions are determined by the intersection of their role permissions (Module Access) and their group permissions (Resource Access):
| Scenario | Module Access (Role) | Resource Access (Group) | Result |
|---|---|---|---|
| User can edit documents in US dossiers | Edit Document = checked | US region = checked | Allowed |
| User can view but not edit EU dossiers | Edit Document = unchecked; View = checked | EU region = checked | View only |
| User has edit permission but no JP access | Edit Document = checked | JP region = unchecked | Denied — resource not visible |
Best Practices #
Use Roles for Feature Access, Groups for Data Access #
Keep a clean separation: roles define what users can do (create, edit, delete, export), and groups define where they can do it (which dossiers and regions). This makes permission changes predictable and auditable.
Start Restrictive, Then Expand #
When creating new roles, start with minimal permissions and add capabilities as needed. This follows the principle of least privilege and reduces the risk of accidental data exposure.
Review Permissions Regularly #
Use the Audit Trail to monitor permission-related events. Periodically review role configurations to ensure they still match your organization’s requirements, especially after staff changes or organizational restructuring.
Document Your Permission Model #
Maintain a spreadsheet or document that maps roles to their intended purpose and the permission settings applied. This makes onboarding new administrators and troubleshooting access issues much easier.
FAQ #
Why can a user see a dossier but not edit it? #
The user’s group grants Resource Access to the dossier, but their role’s Module Access does not include Edit permissions. Check both the Module Access permissions for the user’s role and the Resource Access settings for the user’s groups.
Can I assign different permissions for Publisher and Reviewer separately? #
Yes. The Module Access permission tree has separate branches for Publisher, Reviewer, and Admin. You can grant full Publisher access while restricting Reviewer access (or vice versa) within the same role.
What happens if a user is in multiple groups with different resource access? #
Resource access is additive. The user will have access to the union of all resources from all their groups. For example, if Group A grants access to US dossiers and Group B grants access to EU dossiers, the user will see both US and EU dossiers.
Do permission changes take effect immediately? #
Yes. After clicking Apply, permission changes take effect on the user’s next page load or action. Users who are currently logged in do not need to log out and back in — the new permissions are enforced on their next request.
Can I export the permission configuration? #
The permission tree does not have a direct export function. However, you can view permission-related changes in the Audit Trail, and the user and role tables in User Management support CSV export.
