Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Proposal #1: Multiple Roles per User and separation between Permissions and Access Scopes

This design tries to address two of the missing features of the current implementation:

  1. Multiple Roles per User
  2. Separation between Access Scopes (Organization, Facility, Workspace, Room) and Permissions

Multiple Roles per User

Allowing a User to have more than 1 Role give us the possibility to define very specific Roles and then compose them in different ways to create different logical roles. This composition of Roles also makes possible to reuse already defined Roles simplifying their configuration.

In the application, when a permission needs to be enforced, the group of all the Permissions from all the Roles the User has is going to be used. Permissions are always added when creating the group of all the Permissions a User has.

Access Scopes

In the current implementation, some Permissions are associated to an Organization and some of them are not. This tightly-coupled relationship between Permissions and Organizations makes impossible (or very cumbersome) to create a more fine-grained and friendly way of defining Permissions.

The new approach is to define different Access Scopes. An Access Scope grants access to one or more Organization, Facility, Workspace and/or Room. The Access Scope is defined by the Role/s a User has and all the Permissions are evaluated in this scope.  

All the Permissions a User has are evaluated in the same Access Scope

The proposed solution sacrifices the possibility of having different Access Scopes for different Permissions in order to gain simplicity both in the implementation and in the configuration of the Roles. 

Proposed EM

Each organizational unit (Organization, Facility, Workspace and Role) now has a corresponding table that grants access to individual roles. In this way, we could have a granularity up to the Room level.

In this new approach, the table RolePermission doesn't have the column OrganizationId anymore. The scope where a permission is applied is given by the join of all the *Access tables where the Role is present.

Access Scopes are inclusive

A Role that has access to Organization 'A' also has access to any organizational unit below it. 

Permission Mappings

The application currently supports 31 different permissions. The new design will reduce the number of permissions to 14. Some of the old permissions had a 'list' and 'read' version (i.e. read_users and list_users) that were actually never used in reality. The new design will merge those 2 kind of permissions into a single 'read' one.

The current implementation also has some permissions of the form *_from_all_organizations (i.e. list_users_from_all_organizations) that are no longer needed given the new Access Scopes. Same thing happens to the permissions of the form *_from_current_organization and *_from_current_facility.

Some other permissions like list_organizations, list_facilities, list_workspaces and list_rooms are no longer explicit permissions. They can now be related to a particular Access Scope.

The mappings between the current permissions and the proposed ones are:

Current Permission
New Permission
Used In
Comment
list_organizations 

This permissions has no counterpart in the new design. List Organizations operation will return all the Organizations that are in the Access Scope of the user that is invoking the operation. Read Organization operation will fail if the invoker doesn't has access to the requested Organization.

read_organization
list_facilities This permissions has no counterpart in the new design. List Facilities operation will return all the Facilities that are in the Access Scope of the user that is invoking the operation. Read Facility operation will fail if the invoker doesn't has access to the requested Facility.
read_facility
list_workspaces This permissions has no counterpart in the new design. List Workspaces operation will return all the Workspaces that are in the Access Scope of the user that is invoking the operation. Read Workspace operation will fail if the invoker doesn't has access to the requested Workspace.
read_workspace
list_rooms This permissions has no counterpart in the new design. List Rooms operation will return all the Rooms that are in the Access Scope of the user that is invoking the operation. Read Room operation will fail if the invoker doesn't has access to the requested Room.
read_room
list_roles  
read_role 
  • Read Organization's Role
 
list_users  
list_users_from_all_organizations 
  • List Users (if 'location' is not specified, this permission is required)
 
read_user  
delete_user  
modify_user  
modify_own_user  

modify_user_nfc_tag

  
list_patients_from_all_organizations  
list_patients_from_current_organization  
list_patients_from_current_facility  
modify_patients_from_all_organizations  
modify_patients_from_current_organization  
modify_patients_from_current_facility  
list_discharged_patients  
discharge_patients  
final_discharge_patients  
send_messages  

read_alerts_only_from_associated_patients

  

read_alerts_from_entire_organization

  
re_schedule_alerts_from_all_organizations  
re_schedule_alerts_from_organization  
  • No labels