How can you limit the rights of the Administrator in MassLynx 4.1 Security? - WKB16575

ENVIRONMENT

• MassLynx 4.1 Full Security, any SCN
• User wants to be able to stop the administrator from overwriting raw data files when running samples or deleting raw data files via the Chromatogram file browser.

ANSWER

There are two workarounds:

1. Assuming that the administrator is not a user who runs samples and generally works in the MassLynx sample list, the Administrators group should not have MassLynx directory access (MSM > Policies > Directory Policy) to the folder that contains the MassLynx projects (and this folder must be located outside of C:\MassLynx). The function of the MassLynx administrator is to configure and maintain the MassLynx Security Manager and keep the audit trail backed up, not to run samples.

Alternatively

2. The Windows desktop user (the account used for Windows login) should not have the delete permissions to the MassLynx projects folder (which again should be outside of C:\MassLynx). This prevents all MassLynx users, including administrators, from deleting or overwriting data files located in the MassLynx projects. The Windows permissions are set up by the local administrator—in the permissions entry. They need to click the "Deny" boxes next to "Delete subfolders and files" and "Delete". One drawback of this setup is that, if they use IntelliStart to create tune files and MS Methods, they must create the new files in a different folder (not the MassLynx projects folder)—i.e., a folder where the desktop user does have the Windows Delete permissions.

ADDITIONAL INFORMATION