Generalities

Lexicon

Let’s define a few terms first:

Instance: a running eLabFTW service, for example: https://eln.example.org
Team: the main way to compartimentalize users
Sysadmin: a user with Sysadmin rights can modify the Instance configuration and create Teams, it is generally the same person that installed the Instance
Admin: a user with Admin rights for a given team has access to the Admin Panel and can manage settings related to their Team
User: a user with an account on the Instance, belonging to at least one Team

General principles

One eLabFTW instance can host several Teams. They are created by a Sysadmin user.

Every User needs to belong to at least one Team. Every team must have at least one Admin user.

  ┌────────────────────────┐
  │                        │
  │    eLabFTW Instance    │
  │                        │
  └────┬───────────┬─────┬─┘       ┌──────────┐
       │           │     │         │  Team C  │
       │           │     │         ├──────────┤
       │           │     └──────►  │ Admin 1  │
       │           │               │ User 1   │
       ▼           ▼               │ User 2   │
┌──────────┐    ┌──────────┐       │ User 3   │
│  Team A  │    │  Team B  │       │ User 4   │
├──────────┤    ├──────────┤       └──────────┘
│ Admin 1  │    │ Admin 1  │
│ User 1   │    │ Admin 2  │
│ User 2   │    │ Admin 3  │
│ User 3   │    │ User 1   │
└──────────┘    │ User 2   │
                │ User 3   │
                └──────────┘

Teams

A Team generally correspond to a real life research group or service. It is not advisable to use Teams as Projects as this doesn’t scale well (and Teamgroups can be used instead for that purpose). A User can belong to several teams if needed, they will then need to select a team upon login.

Every Team has one or several Admin, who can change many settings affecting users in the team, such as the default experimental template, categories for database items (Items Types), experiments Status, Tags, etc…

Teams are created by the Sysadmin from the Sysconfig page (see documentation).

Entities and permissions

An Entity is an entry, which can be an Experiment, a Database Item or an experiment Template.

By default, Experiments and Database Items are restricted to a team. But users can choose to extend this to all registered users or even anonymous users if enabled by the Sysadmin.

Experiments belong to a user (owner), while Database Items are common to the team and can be edited by anyone from the team (with default permissions).

User accounts

New users need to register an account on the register page (/register.php), accessible from the login page. They need to select a team from the list.

By default, newly created accounts are disabled. The admin of the team needs to validate them by going into the admin panel and activate new users.

It is also possible to provision users or use an external authentication service such as SAML2 or LDAP.