User Roles and Permissions

Overview

In ChemCenter, all users are assigned one or more roles. These roles determine what the user can see and do in the system through a defined set of permissions.

A permission controls access to specific functionality, such as viewing data, creating records, approving workflows, or administering the system.

 

How Roles Work

• Each role contains a defined set of permissions.
• A user can be assigned multiple roles.
• The user’s effective access is the combined set of permissions from all assigned roles.
• If a permission is granted through any role, the user will have that access.

 

Role Assignment

Roles are typically managed and assigned by your organization’s IT or system administrators.

Depending on your setup, roles may be:

• Synchronized from an identity provider (e.g., Azure AD / Entra ID)
• Managed locally within ChemCenter

 

Permission Principles

Permissions in ChemCenter generally follow these patterns:

• View: Access to read data or open modules
• Create/Edit: Ability to add or modify data
• Admin: Full control within a functional area
• Approval: Ability to review and approve workflows
• Reporting: Access to analytics and exported data
• Sensitive access: Additional permissions for restricted data (e.g., personal data)

 

Summary of Permission Types

Location Management

Controls access to the organizational structure.

• Create new locations
• Edit location information
• Archive and restore locations

Typically used by administrators responsible for maintaining the organizational structure.

 

Exposure Management

Controls registration and visibility of chemical exposure.

• Register and view own exposures
• View exposure status
• Register exposures on behalf of:
• All users
• Specific users, roles, or departments

Typically used by employees, supervisors, and HSE personnel.

 

Substitution Management

Handles substitution assessments.

• Access and edit assigned substitution assessments
• Full administrative access to all substitution assessments
• Ability to delegate substitution responsibilities

 

Application and Approval Workflow

Controls chemical application processes and approvals.

• View applications (own or all)
• Access approval overview
• Approve applications within:
• Health
• Safety
• Environment
• Reactivate expired products

 

Reporting and Analytics

Provides access to reports and data exports.

• Exposure reports
• Sensitive exposure reports (including national ID numbers)
• Risk assessment reports
• Chemical overview reports
• Substitution reports

 

Risk Assessment

Controls access to risk evaluation functionality.

• View risk assessments
• Perform assessments within:
• Health
• Safety
• Environment

 

User Administration

Controls management of users and roles.

• Local administration:
• Manage users within own locations and roles
• Global administration:
• Manage users and roles across the entire organization

 

System Administration

Provides full system-level access.

• Access to all administrative functions
• Configuration of system-wide settings

Typically restricted to system administrators or system owners.

 

Key Points

• Access in ChemCenter is role-based and additive
• Users can have multiple roles, combining permissions
• Permissions are granular and function-specific
• Sensitive permissions should be restricted to relevant roles
• Role configuration should align with organizational structure, responsibilities, and compliance requirements