Managing Internal Users

Creating and assigning internal users grants them permissions to access and manage eCOA Vault data and eCOA functionality.

Understanding Permissions

User permissions are comprised of the security profile, add-on user role (if applicable), and study-specific application roles (if applicable).

Security Profiles: These profiles are assigned to the user when they are created in the Vault and are the potential set of actions a user can do in the Vault. This, combined with the user application role, determines the user’s complete permissions.
- A user can only have one security profile.
User Role: These roles are assigned as add-on roles for users with any security profile. Currently only one (1) add-on user role is available for Library Managers.
Application Role: These roles are intended to map to real-world study roles. The combination of the security profile and application role determines what a user is able to do for that study.
- A user can be assigned to multiple studies with different application roles for each study.

Security Profiles

The following security profiles are available for the eCOA Vault:

Vault Owner: This security profile enables full management access to all Vault records and settings. Veeva recommends assigning only one Vault Owner for each Vault.
System Administrator: This security profile enables full management access to all Vault records and settings, including the ability to add a new user to the Vault.
Clinical Administrator: This security profile enables the following for all studies:
- Can create and manage studies, study countries, and study sites
- Can assign internal users¹ and site users²
- Can access Veeva eCOA Studio or Study Home - only if assigned to the study with an application role that has appropriate permissions
Study Team User: This security profile enables the following for the study that the user is assigned to:
- Can create studies, study countries, and sites Note: If the user creates a study, they are automatically assigned to the study.
- Can manage study, study countries, and study sites
- Can assign internal users¹ and site users² to the study
- Can access Studio or Study Home if assigned with an application role that has appropriate permissions.
Read-Only User: This security profile enables the following for the study that the user is assigned to:
- Can view studies, study countries, study sites, internal users, site users
- Can access Study Home if assigned with an application role that has appropriate permissions.

User Roles

Add-on user roles are granted to users to extend their security profile permissions. The following user role is available:

Library Manager: This user role enables users to view and access the Library Manager and perform all actions to manage library surveys.

Application Roles

Application roles are intended to map to real-world study roles. The application roles you assign to users also determine whether they can access Study Home or Studio. See the following information to see which roles can access Study Home and Studio:

The following roles allow users to access Study Home to view study data:
- Data Manager
- Monitor
- Study Manager
- Study Viewer
The Study Builder role allows users to access Studio to build the study.

Creating a New User

Only Vault Owners and System Administrators can create new users. See How to Create New User Accounts on the Creating & Managing Users page for more information.

Assigning a User to a Study

Ensure that the user already exists in Vault.
Assign them to the study they are working on by creating an Internal Person record for that study and selecting the appropriate Application Role.
If the study has restricted data, ensure that you select the Access Restricted Data check box for any user who should be able to see the survey data that is restricted. If you select an incorrect value, you will need to inactivate the record and create a new one.

Note: Users with certain security profiles can create studies. When a user creates a study, they’re automatically added as an Internal Person with the Study Builder application role. If they need a different role, they must inactivate their Study Builder record and assign themselves to the new role.

Looking for site user assignment information? See Creating and Assigning Site Users.

Edit Restricted Data Access

You must inactivate an internal person record and create a new one any time you want to change their access status. This functionality ensures that the User Access report can accurately record the beginning and end of each user’s restriction access.

Inactivate Internal Users

To remove an internal user’s access to the study, select Change State to Inactive from the actions menu of the internal personnel record.

Assigning an Add-On User Role

Only Vault Owners and System Administrators can assign user roles.

Go to the user on the Users & Groups page.
Go to the User Roles section.
Select Add.
Select the user role, for example, Library Manager.
Select OK.

Removing an Add-On User Role

Only Vault Owners and System Administrators can remove user roles.

Go to the user on the Users & Groups page.
Go to the User Roles section.
Select the name of the Library Manager role.
Select Edit.
Change the Status to Inactive.
Select Save.

Limitations

Delegate access is not supported in eCOA Vault.

Internal users are Sponsor or CRO users that will have access to the eCOA Vault. They are created in the Vault and assigned a security profile. Once created in the Vault, users can be assigned to studies as an internal study person with an application role. ↩ ↩²
Site users are granted access to study sites and access Veeva eCOA using VeevaID. ↩ ↩²