Read this guide to learn how about all aspects of server management, including setting up email communication; managing users and user roles; and configuring site groups.
The various options contained within Application Settings allow Users to configure global preferences and settings for their system. These settings are only available for update by users with the Administrator role at the System project folder level.
NOTE: For all Application Settings, you may click on the higher level concept (e.g. “Email”) to see a list of settings for edit, or you may click on a sub-level concept such as “IMAP”. Once you have clicked on the left pane, clicking on the Edit App Setting icon on the right pane will bring up the edit frame for that Application.
Bounced Email Processing is utilized in Illume Email Jobs. This processing determines what should occur when an email sent to a participant is not successfully received. These settings are configurable for the entire system, but only affect Illume-only protocol, i.e. studies not utilizing Discovery. Studies using Discovery and email communications through Discovery are not affected by these settings.
Contains settings for:
This is an application that runs as a Windows Service which sends email for both Illume and Discovery and processes bounced back e-mail for Illume. This service connects to the SMTP server specified in Email Application Settings.
Users may turn on or off the Email service that is created at install by manipulating the Enable Email Service Application Setting.
The Internet Message Access Protocol (IMAP) is one of the Internet standard protocols for email retrieval. IMAP can be used to process bounced back email messages from the Illume system and can be accessed via TLS or SSL (use ‘Read Email Provider’ setting for ‘Version 2’ to utilize this functionality).
Contains settings for:
The Post Office Protocol (POP) is one of the Internet standard protocols for email retrieval. POP can be used to process bounced back e-mail messages from the Illume system and can be accessed via TLS or SSL (use ‘Read Email Provider’ setting for ‘Version 2’ to utilize this functionality).
Contains settings for:
The DatStat Email Service can read email inboxes to process bounced back e-mail messages.
Contains settings for:
Contains settings for:
Contains settings for:
These settings are used to determine whether or not the system should enforce account lockout security measures and to what extent those measures should be carried out. Administrators for the entire Discovery/Illume installation have the ability to set these settings.
Contains settings for:
LDAP authentication is used to validate users against your Active Directory infrastructure. Active Directory Authentication is for authentication only and does not use group memberships or other user attributes in any way.
Adding LDAP Information
Follow the steps below to LDAP information into Illume
Creating an LDAP User
DatStat’s LDAP integration allows management of the password used to access the system, however all DatStat users must still be a defined User in the DatStat system. The DatStat system controls access and privileges via user roles and user groups.
Follow the steps below to create an LDAP User
Administrators for the entire Discovery/Illume installation have the ability to set the password security restrictions for the installation. The restriction options include:
Password Minimum Length
If enabled, this setting allows the administrator to set the minimum number of characters required for User passwords.
Require Complex Password
If enabled, this setting requires each user of the system to use a strong password when accessing the system.
Strong Password requirements include:
See Microsoft Online Safety for additional information on best practices on password creation: http://www.microsoft.com/protect/fraud/passwords/create.aspx
Password Maximum Age
If enabled, this setting allows the Administrator to set the maximum number of days before the User password needs to be changed.
If enabled, this setting allows the Administrator to set the maximum number of times a different password must be used before a specific password can be repeated.
Settings for enabling SMS Messaging. Requires purchase of blocks of text messages from DatStat’s gateway provider 2SMS. Once those have been purchased, 2SMS provides the information that must be entered within this section of the interface in order to enable text messaging in the DatStat system. At present DatStat only supports SMS Messaging with one provider (http://www.2sms.com/). An account with this provider would need to be obtained to configure and use this functionality.
The functionality provided is One Way Text Messaging, with messages of up to 160 character. Bounce back monitoring/Provider is provided by the SMS Gateway Provider. There is no communication from/integration between the Gateway Provider and DatStat, i.e. the receipt status of a text message is not communicated to DatStat.
To enable SMS messaging, the SMS Account Settings in the Enterprise Manager will need to be updated.
Enable SMS Message Service – Yes/No
SMS Message Provider Account – Account purchased with supported provider
SMS Message Provider Password – Password associated with purchased Account
SMS Message Provider URL – http://www.2sms.com/xml/xml.jsp Currently the only supported URL
Users with the Administrator Role can set default system locality and timezone through the following options:
Default System Locale
Locale controls the language displayed on the system.
Default System Time Zone
Time Zone controls how dates and times are displayed and validated across the system.
The Background Task Handling feature gives users the ability to initiate bulk actions – such as bulk participant import, delete, and update – and have them process in the background, while continuing other administrative tasks. Progress can be monitored using the Task Indicator in the bottom right corner of the web interface of the Enterprise Manager, Discovery, or the Data Manager:
Once an action is complete, the Task Handler will display the successful completion of the task:
You may view and export a summary report of the task handling via the interface.
The Transaction Log is a permanent record of all transactions that have taken place within the system. The DatStat Billing Department uses this record for billing purposes when the systems is on a transaction based billing agreement with DatStat.
To view the details of the DatStat Transaction Log follow these steps:
By selecting Filter Transaction Log in the Take Action drop-down, the log can be filtered by Date Range and/or specific types of transactions.
NOTE: ‘Full Participant’ and ‘Test Participant’ will only be available for Discovery customers.
By selecting Export Transaction Log in the Take Action drop-down, it generates an encrypted XML File. This file will need to be transmitted to the “DatStat Billing Department” if the system is on a transaction based billing agreement with DatStat. That file contains an exact export of the counts displayed in the data grid to the User.
All Users across DatStat Illume and Discovery can be managed in the Enterprise Manager.
All Users are given access to various parts of the Survey Manager, Enterprise Manager, Data Manager, Data Change, and Discovery through combinations of Roles that give them access to various features and abilities and Projects they are given access to an User with the Administrator Role.
Association – A role is associated to a specific User of a Project or Survey. Currently, Users can only be associated to Projects and Surveys .
Privilege aggregation – A User can be given more than one role on the same Project or Survey. When this is done the resulting set of privileges is the sum or union of privileges from all roles.
Propagation – Giving a User one or more roles on a Project will cause these roles to propagate to all sub-projects and their contents.
Propagation override – Giving a User one or more roles on a sub-project will override ANY roles that have been propagated from the parent project. That is to say that giving a user the Designer role on a sub-project versus having Power User at the System level will grant them ONLY Designer privileges at that sub-project and any sub-projects below there. For example, a User that belongs to a User group that has User roles in the System project, these roles propagate to ALL projects. If roles are then added specifically for the User in sub-projects, the User will only utilize these roles in the sub-projects (Propagation override).
User Roles supersede User Group Roles – User roles specified for a User have higher precedence than that of a User Group. Therefore, if roles are specified for a User and User Group (in which that User is a member) at the same project level, the User roles will ONLY be used. In addition, these User roles will be propagated down with a higher precedence than any additional roles specified for a User Group in which this User is a member.
When first configuring an Illume/Discovery system, or when adding a new Department/Group or Study Project, the User must have sufficient privileges to do their necessary tasks.
Determine the needs of the User, and the corresponding role, as in the examples below:
Each of the listed actions will require a role be assigned to that User.
To Edit an existing User the Administrator can click the Edit icon in the List Users screen.
The Edit User Screen has all of the same functionality as the Add New User screen. After appropriate changes have been made click the Save button. Use the Cancel button at the bottom of the screen to cancel and return back to the List Users screen.
Users can only be deleted if they have not created a Survey, Query, Participant list or other Items in the Study. A User that has created any of these can only be disabled. Disabling will prevent any and all access to the system.
Deleting must be done as an Administrator in the Enterprise Manager. To Disable a User click Edit User and check the Disabled box.
Users can change their password from the DatStat Illume Survey Manager by choosing File Change Password. The user will type in the old password and the desired new password. Then the user will re-type the desired new password in the Confirmation field. Clicking OK makes the change.
Users can also change their password from within the Web Applications by clicking on the link for “Welcome, User Name”. This will open the User Preferences dialog and the user may change their password here.
If the Illume license includes the Software Development Kit (SDK), Translation Module or Remote Data Collection, these features must be enabled for each user who should use them. By default, these features are disabled for all Users, even if they are included in the license.
Data Import is a listed feature that is provided to all DatStat Customers and is not an additional cost, this feature can be given to specific users in the Features tab. Not all users should have the ability to upload/modify data.
By default all users can export data grids. Uncheck this box if this is not desired for a particular user, e.g. if there are concerns about protected information being exported and saved on local devices.
User Groups provide the ability to assign a Role or set of Roles to a Group instead of one-by-one to a number of individual users. Assigning Users to a User Group ensures that all users of that group have the same privileges.
NOTE: A user group can also contain a user group as a member. This gives an organization the ability to have deep hierarchies of privileges. User Group privileges are aggregated at the project level but, User-level privileges will trump all User Group privileges at the specified project.
Note: Any Role assigned to an individual User will supersede the Group Roles. For example if the Group Role gives a User the Power Analyst Role, yet the User was individually assigned the Analyst role for the same Project, the User would only have the Analyst role.
There are two types of roles in DatStat Illume and Discovery. First, there are 16 Default Roles for assignment to Users. These roles come with a set of defined privileges which control the features available to the Users within either DatStat Illume and/or DatStat Discovery. Second, Users may create Custom Roles, selecting from a list of Privileges to assign to each Custom Role. User Roles ensure that each User is displayed and has access to only those features relevant to their role. This is valuable both from an efficiency and data quality perspective.
A particular User can have as many User roles as necessary to accomplish their tasks. See Manage Users on assigning Roles to users.
There are 17 Default User Roles that can be assigned. Users can click on the Edit Role icon to see the list of Privileges given to a specific Default Role. See the section Default User Roles
Adding a custom role should be done with consultation of the DatStat Support Desk, as we do not have available documentation in DatStat Academy regarding the meaning of each individual privilege and the impact of selecting/de-selecting each privilege. There are two methods for adding a custom role: Cloning an existing role (preferred method), or creating a new role from scratch.
Cloning an Existing Role
Adding a New Role
TIP: After creating a new Custom User Role, create a Test User with the same role to verify that the correct Privileges were given.
NOTE: Only Custom Roles may be edited.
Description: This role is able to administer the enterprise, organize the project hierarchy and setup security but not able to see any data or configure studies (if Discovery is licensed).
What it cannot do:
Description: An analyst has access to the Data Manager only. Analysts can query and download data. They can also create and share queries with other analysts and viewers. An analyst cannot create Cross-Survey views.
Description: The Power Analyst has all of the same privileges as the Analyst, plus the ability to create cross survey views.
Description: A user needs the Data Changer role to use the functionality in the Data Change Module (an add-on module). This user must also have the Data Change feature enabled for a user.
Description: Able to launch surveys both online and offline (using remote data collection, an add-on module). In Discovery, this user can launch survey study tasks.
Description: Designers can create and edit surveys in the Illume Survey Designer desktop client. Designers cannot approve surveys–not even their own surveys. After a Designer creates a survey, it must be approved by a Publisher, Power User, or Administrator before it can be published. Designers can also submit items such as questions and Text/HTML objects to the repository. See the table below for a full listing of Designer privileges.
Description: The Designer-Analyst has the combined privileges of the Designer and the Analyst.
Description: Email Managers can only define and initiate email jobs (e.g. sending out email invitations to participants). They cannot work with surveys or view survey results or participant lists.
Description: This role has no privileges whatsoever. Generally, you assign this role within a limited realm. For example, one of your Users has Publisher privileges on all of your surveys. However, this User must not be allowed to access Survey X at all. Assign this User the “Excluded” role on Survey X, and he or she will be prevented from accessing the survey in any way. On all other surveys, the User’s normal role will continue to apply.
Description: The power User has all of the privileges of the Designer, Power Analyst, Email Manager. Users must have this role in order to configure Survey Submit and Survey Login Events.
Description: Publishers can create and edit surveys through the Survey Designer, and can approve and reject their own surveys, and the surveys of others. This is important, because surveys cannot be published until they are approved.
Publishers can also create, edit, and approve items in the survey repository.
Description: Survey Viewers cannot create or edit surveys. The only interface to which they have access is the Data Manager, where they can view and execute shared queries. They have no other privileges. The Viewer role is appropriate for an analyst who needs access only to a limited subset of data. (For example, a contractor or consultant.)
The following Roles are only available with a DatStat Discovery license.
Description: This role can do everything that the Enterprise Administrator can do but it will be allowed to configure studies and not be allowed to create them or create/modify User roles, which are a global resource.
Same privileges as Enterprise Administrator except for the following:
Additional notes: Currently Sites are a global resource and since this role will generally not be applied at the System Project level sites will not be able to be created/modified with this User Role.
Description: Able to view and edit Contact Info, Appointments, and Communications for all participants where the User is the Case Owner or additional Case Owner.
Description: This role can see all participants and do all things in Discovery related to participants.
What it cannot do:
Description: This role is similar to the Participant Manager role with the exception that it can only perform actions against participants in which they are the Case Owner or additional Case Owner.
What it cannot do:
Description: Able to view and edit all types of Study Tasks for all participants where the User is the Case Owner or additional Case Owner. Not able to edit participants and other study-related (non-study-item) data [eg notes, contact info, etc]
A Site is a defined location where study tasks occur, with Users and Participants belonging specifically to that Site. Defining study Sites gives researchers the ability to organize their Participants by Site, thus controlling which Participants are viewed by which Users.
For example, a User may be an administrator at Hospital A, or a physician at Hospital B. A participant may be a patient at Hospital A or a patient at Hospital B. Hospital A Users work with Hospital A patients. Hospital B Users work with Hospital B patients. Defining Sites in Discovery provides the ability to limit access to participants to only those Users belonging to that Site.
See Add New User
Users who need access to Participants across a number of Sites may be assigned to multiple individual Sites. Alternatively, a Site Group may be created containing multiple Sites, and the User may be assigned to the Site Group. Doing so gives the User access to all participants across the Sites in the Group.
Discovery allows Administrators to customize the following terms in the Discovery interface to fit the language customs of their organization:
Administrators may specify replacement terms for each of these words (and their plurals) at the Enterprise level. For each of these terms, if a replacement is specified, Discovery will display the replacement term in place of the original term in all pages, error messages, and page or element attributes (such as the title of an HTML page or element, and the alt-text of an HTML image element). If no replacement term is specified, Discovery will display the default term, which will be the literal term from the list above.
Individual studies can override these terms. If the study specifies a word to replace any of the above terms, Discovery will display that word. If the study does not specify a replacement, but the enterprise level does, Discovery will display the term defined at the enterprise level. If there is no replacement at either the study level or the enterprise level, Discovery will display the default term.
This page applies only to organizations that are self-hosted. It is important to note that although DatStat allows self-hosted users to configure multiple email from addresses, DatStat supports bounce-back email processing from a single mailbox.
A DatStat installation requires an email address to be designated as the “From” address for all email sent from the system. This From address is defined as an Application Setting specified in the Enterprise Manager. The DatStat Service will be prevented from starting up unless this setting is defined. In Self Hosted environments multiple From Addresses may be created. These From addresses can be designated for specific Projects or Studies. Each additional address must be set to forward to the default From address so that the Email Job logs will work correctly. Once this is done, the Email address can be added in the Enterprise Manager.
The User Agreement is a feature that allows a User with the Administrator Role at the System project security level, to create an agreement to which each User must agree before he or she will be allowed to access the various areas of the product.
NOTE: Accepting a User Agreement is typically a binding legal act and should be treated as such by the Administrator and all Users.
If Users log out of the system and then try to reenter it they will be asked to accept the User Agreement once this feature is enabled. Once Users have agreed they will not be asked to agree to it again until the Agreement Duration specified in step 4 has elapsed. Users will never be asked to reaccept if the User Agreement is set up to not require periodic reacceptance.
Upon login, the agreement will appear automatically. The user must click Agree or Disagree. If Agree is select, the user will proceed to the application. If Disagree is selected, the User will be returned to the login screen.
System extensions are compiled developer code (using the DatStat Software Developers Kit – SDK) that implement hook interfaces to perform custom tasks when various events occur, or display custom data in the “Custom Reports” section of Discovery. A hook developer will create a DLL that implements one or more interfaces exposed through the DatStat SDK. That DLL can then be registered in the system through the “System Extensions” section of the Enterprise Manager. When a user wants to upload a DatStat SDK DLL, they must choose a unique name to identify the System Extension, check whether the System Extension is enabled, and choose the projects to which the System Extension will be made available. When editing a System Extension, the User can choose to overwrite the existing DLL by choosing a new DLL to upload. This is not required when editing an existing System Extension and if none is selected, the existing DLL will not be changed.
Once registered in the system, various items within Studys can subscribe to hooks contained in that System Extension. When a User edits a Study, for example, that Study can make use of any hook in any System Extension that is made available to that Study’s project. These hooks will show up in two places: on the “System Extensions” tab when editing a Study, and when adding new actions to an event.
NOTE: System Extensions will only be available if the SDK and Discovery are included in the customer license.
The Extension will appear in the System Extensions Data Grid
Clicking on the Edit Custom Extension icon in the Data Grid will allow the User to Edit the information about the Extension and provide information about that Extension.
Once the System Extension has been registered within the Enterprise Manager and made available to the required Projects, it needs to be enabled within that Study.
NOTE: If an SDK User has not been created for this Extension, one must be created prior to enabling the extension.
NOTE: The System Extension can be disabled by unchecking the Custom Hook check box, see graphic below
System Extensions within the Study Details
API keys are used to authenticate external applications connecting to the DatStat API. Each key consists of two pieces, a Consumer Key and a Consumer Secret. These are analogous to the login and password for an application, and combined with the user’s login and password protect access to the resources provided by the DatStat API. External applications use this pair of tokens to sign their API requests, ensuring that only authorized applications can connect. The callback URL is a required parameter for web-based external applications, providing additional security by specifying the site the user should be redirected back to after authorizing an external application.
It is best practice to create an API key for each external application connecting to your system. This makes it easier to temporarily suspend or permanently revoke that application’s connection should the need arise. As with any password, the consumer secret should be protected.
NOTE: API Keys will only be available if the SDK is included in the customer license.
The API Key will appear in the API Key Data Grid
NOTE: Clicking on the Edit API Key icon in the Data Grid will allow the User to Edit the information about the Key.
The highest level of organization within your System is called a Project. All Projects are a sub project of the System project.
Projects are created and managed via the Enterprise Manager for both Illume only and Discovery/Illume customers as a way to secure and organize Surveys, Survey Data, Email Jobs, Participant Lists and Studies.
Projects can be organized in either a flat structure or a hierarchical structure. For example, your system can have a series of single, unrelated projects or one main Project that contains a set of sub-projects.
Users, surveys, participant lists and studies are assigned at the Project level. This means that you can restrict access for Users for all of these elements at the Project level.
Assigning a User a role at the System level will provide access across all Projects unless they are denied access to a specific sub-project using the Excluded Role.
If there are multiple groups that will be sharing the System installation, an Administrator can create a separate Project for each group and assign Users to the appropriate group. Doing so ensures the right people have access to the right data.
NOTE: Any User with the Administrator role will be able to create Projects, at or below the highest project they are Administrator to.
NOTE: To create a sub-project below the one just created, click on the Add Icon next to the Project that will be the new Project’s parent project.
To Edit an existing project click on the name of the Project on the list in the Enterprise Manager.
Users may change the Project Name and Parent Project.
Click Save when finished to commit the changes.
To delete a Project, click on the Parent Project to expand the tree.
Then, click on the Red “X” next to the Project to delete it.
NOTE: Users are not permitted to delete a project until it contains a) no sub-projects, b) no participant lists, c) no surveys and d) no studies. Users must delete all of these elements before the deletion of the Project is permitted.