Topics Map > User Guides
Topics Map > REDCap

REDCap: User Rights Management

REDCap Accounts versus Project Users:


REDCap Account: When a person is set up with an SMPH REDCap account, they are given access to the overall SMPH REDCap system. They can create their own projects or their account can be added to projects.

Project Users: Each REDCap project has users. These are the specific users with REDCap accounts that can access the project. In order for someone to be a added as a user to a project, they first need an SMPH REDCap account. When a user account is added to a project, the user must be assigned a role or given a set of custom permissions. The role or permissions given to a user account is determined at the project-level settings, and determines a user's access to data and ability to make changes in that specific project. For a detailed review of the user rights settings that can be granted or restricted, please see: REDCap: User Rights Definitions

User Roles: Each project can have pre-defined user roles. Then individual users can be assigned to a role. This is helpful, for instance, if a project will have a number of data entry staff who only need access to certain parts of the project, or a statistician who may need to export data but not enter data. By setting up a pre-defined user role, it streamlines the process for adding new users to a project.  Please see: REDCap: Recommended User Roles for recommended access based on a role.

User Rights Management: User rights management is the responsibility of the project owner (the person who creates the project) and/or the users they add to the project with User Rights access. User roles and individual user access rights should be set appropriately and reviewed periodically.


Summary of Best Practices for User Rights Management in REDCap:

  • ONLY provide needed access rights: Only provide user rights that a person actually needs.  DO NOT just check all possible options in the User Rights section in REDCap.  This is especially important for the high level roles of "Project Design & Setup" and "User Rights".  Additionally, DO NOT select "REDCap Mobile App" rights if you are not using the Mobile App as this complicates changes to your project.
  • Set expiration dates for users: If you are adding a user to a project who you know will need access to the project for a limited amount of time, set an expiration date for their access at the time you add them to the project.
  • Review your User Access Dashboard periodically: The User Access Dashboard will show all of the users for each project you have User Rights access on. Review it every month to ensure that all users have the appropriate level of access to the projects they are on. Set an expiration date for any users that have left/are leaving your project.
  • Create and utilize User Roles in your project: A User Role has a pre-defined level of access. For instance, you might create a user role for Data Entry, that allows a user to enter data but not change project settings or delete records. 
  • Consolidate sensitive information in one instrument: If there are users who should not see identifiable information in the project, the best solution is to keep all of the sensitive information on one instrument and restrict read access to it.
  • Make use of Data Access Groups (DAGs) (for multi-site projects): Data Access Groups allow users to be assigned to a group (for instance, a study site) and then only have access to records from that particular DAG. Please see: REDCap: Data Access Groups (DAGS) for more information.
  • Have a process for when study team members leave their role: If you have a study team member who is departing, make sure their access to your REDCap project is expired. It is also important to ensure that their account is not tied to any project settings (for instance, API tokens or automated survey invitations) that will need to be transferred over to another study team member.

   

To the top



Keywords:
REDCap, user rights, project management, REDCap accounts, new, add, remove, dashboard
Doc ID:
96693
Owned by:
Amy S. in SMPH Research Applications
Created:
2019-12-17
Updated:
2025-03-05
Sites:
SMPH Research Applications, SMPH Research Informatics TEST