Roles and permissions
Trialflare uses role-based access control (RBAC) so you can decide exactly what each staff member can see and do. There is no single “role” enum baked into the product for every customer; instead, named roles (optional) bundle permissions, and you can also assign individual permissions at the right scope (whole trial, a site, or a participant group).
This page lists the permission keys the Trialflare web app uses when you configure collaborators, sites, and groups. The descriptions match the in-product permission chooser.
How it fits together
- Team — Users belong to your organisation’s team. Only team members can be added as trial collaborators. Team-level permissions (
users.*,trials.*,team.*) control invitations, trial creation, and account administration separately from trial scope. - Trial — Most capabilities are controlled with
trial.*permissions on that trial. - Sites — For multi-site studies,
site.*permissions can limit access to one site’s participants, files, and packs. - Groups — Study arms or cohorts can use
group.*permissions so someone only sees (or edits) participants in that group.
Roles are reusable bundles of these permissions (configured under trial personnel / roles). Assigning a role is a shortcut; the effective access is still expressed as a set of permission keys.
Baseline trial access
When someone is first added as a collaborator, the system may grant a minimal baseline such as trial.access so they can open the trial at all. That key is treated as a system-style gate and is not listed in the chooser alongside the fine-grained permissions below—but other permissions still govern what they can actually do once inside.
PII and sensitivity
Several descriptions call out PII (personally identifiable information) or restricted study fields. Trialflare separates “ordinary” study data from more sensitive views so you can comply with least-privilege and delegation norms (e.g. monitors who must not see direct identifiers).
Trial permissions (trial.*)
These apply to the trial as a whole (unless combined with site- or group-scoped grants).
| Permission | Description |
|---|---|
trial.admin |
Trial administrator (full access) (no-PII) |
trial.read |
Trial-wide admin view access (no-PII) |
trial.write |
Trial-wide admin write access |
trial.readParticipants |
List all participants in the trial |
trial.writeParticipants |
Update participant details |
trial.readParticipantPersonalInformation |
View participant personal profile and contact details (PII) |
trial.readParticipantConsent |
View a participant’s consent information (PII) |
trial.readTrialConsents |
List all trial consents (PII) |
trial.readParticipantNotes |
View participant notes and communication logs |
trial.writeParticipantNotes |
Add notes to participants |
trial.readParticipantStudyData |
View participant study data (excluding restricted and PII fields) |
trial.readParticipantStudyDataRestricted |
View restricted participant study data fields (restricted) |
trial.readParticipantStudyDataPii |
View PII participant study data fields (PII) |
trial.writeParticipantStudyData |
Create and update participant study data |
trial.readFiles |
View all files in the eTMF |
trial.readApprovedFiles |
View approved files only in the eTMF |
trial.readFileVersions |
View file versions in the eTMF |
trial.writeFiles |
Create new files and versions in the eTMF |
trial.deleteFiles |
Delete all files and versions in the eTMF |
trial.requestFileApproval |
Request eTMF file approval |
trial.approveFiles |
Approve all eTMF files |
trial.readUsers |
View trial users |
trial.support |
Send and receive support messages |
trial.readTasks |
List all trial tasks |
trial.writeTasks |
Create and manage trial tasks |
trial.readQueries |
List all trial queries |
trial.writeQueries |
Raise trial queries |
trial.readAutomaticQueries |
View automatic trial queries |
trial.writeAutomaticQueries |
Create automatic trial queries |
trial.readSites |
View trial sites |
trial.writeSites |
Create and update trial sites |
trial.listPacks |
List and view packs |
trial.writePacks |
Create and update packs |
trial.deletePacks |
Delete packs |
trial.assignPacks |
List and assign available packs to participants |
trial.createParticipantMeetings |
Create online video call meetings with participants |
trial.readParticipantMeetings |
View online video call meetings with participants |
trial.joinParticipantMeetings |
Join participant video call meetings |
trial.deleteParticipantMeetings |
Delete online video call meetings with participants |
trial.manageWallet |
Manage (view and top-up) the trial wallet |
trial.useAssistant |
Use the trial assistant |
trial.readInsights |
View trial and participant insights |
Site permissions (site.*)
Use these when someone should only operate within one site (participants, files, packs scoped to that site).
| Permission | Description |
|---|---|
site.access |
Be a site member (recommended for any site roles) |
site.read |
Site-wide admin view access |
site.write |
Site-wide admin write access |
site.readParticipants |
List all participants at the site |
site.readFiles |
Read site files |
site.readApprovedFiles |
View approved site files only |
site.readFileVersions |
View site file versions |
site.writeFiles |
Create new site files and versions |
site.deleteFiles |
Delete site files and versions |
site.requestFileApproval |
Request site file approval |
site.approveFiles |
Approve site files |
site.readUsers |
View site personnel |
site.listPacks |
List and view packs |
site.writePacks |
Create and update packs |
site.assignPacks |
List and assign available packs to participants |
Group permissions (group.*)
For study arms / groups of participants:
| Permission | Description |
|---|---|
group.read |
Read group participants and data |
group.write |
Read and change group participant data |
Practical tips
- Start narrow — Grant
trial.readParticipantStudyDatawithout PII/restricted keys until a user truly needs those layers. - Use sites — Combine
site.accesswith read/write participant and file permissions so local staff only see their own site’s cohort. - Separate approvers — Split
trial.writeFiles/trial.requestFileApprovalfromtrial.approveFileswhere regulations require independent QC. - Wallet and meetings —
trial.manageWalletand the participant-meeting permissions are distinct; a coordinator who runs visits need not be able to top up incentives (or vice versa).
For workflow context on adding collaborators and sites, see Part 10 — Team members, collaborators and sites.