Security»User Roles and Role Level Secu…
  • RSS Feed

Last modified on 1/27/2010 8:45 AM by User.

Tags:

User Roles and Role Level Security

Roles

Role based security in DiaWEB is limited to the following roles and the associated access rights:

Restricted Admin
User’s access is limited to locking and unlocking user accounts and resetting user passwords.

System Administrator
User has access to all features and functionalities of DiaWEB including the ability to
manage and report on all aspects of the disease management program for all Education Centers.

Center Administrator
User has access to most features and functionalities of DiaWEB. Management and reporting capabilities are restricted to the Education Center(s) to which they are assigned.

Educator
User’s access is limited to documenting and managing the Patient Record at their assigned Education Center(s) and managing their own user profile (except Role).

Data Entry
User’s access is limited to documenting patent records at their assigned Education Center(s) and managing their own user profile (except Role). The key distinction between the Educator and Data Entry roles is in the documentation of the education record…data entry personnel cannot be recorded as the Educator.

 

DiaWEB Role Characteristics

  • Each user can only be assigned a single role.
  • Roles apply across all sites to which a user is assigned.
  • Restricted Admin and System Administrator do not require site assignment; they automatically have rights to all assigned sites.

Implementation Details 

Role level security is implemented by restricting access to controllers and controller functions based on Role.  In certain circumnstances, such as in the Center Administrator role, some controller access is still available for the role, but the user's assigned sites are used to filter the data that they see (See Example A). In other cases, a Role will not have access to the controller at all (See Example B).

Example A: Role with Controller Access with Data Filtered By Site
User1 is a Center Administrator for Site A in a Health Care System with three sites (A, B, and C.)  Since the User1 only has permission to see the users for Site A, User1 will still be given access to the Education Centers controller, but the users available for him to view will be limited to site A users only.

Example B: Role with Controller Access Denied
User2 is a Center Administrator for Site B.  As a center administrator, User2 does not have access to the Health Care System controller, so even if User2 were to add the Health Care System controller URL directly to his browser, he would be redirected back to his home page.