Table of Contents
Roles
Roles are a set of Permissions grouped together under a name. Each Organization defines its own roles and the permissions they contain.
A User can only be associated with a single Role.
Permissions
| ID | Organization-Related | Description | Used In |
|---|---|---|---|
| list_organizations | No | Users with this permission can get a list of all organizations. | |
| read_organization | Yes | Users with this permission can request information of a specific organization. | |
| list_facilities | Yes | Users with this permission can get a list of all facilities within an organization. | |
| read_facility | Yes | Users with this permission can request information of a specific facility of an organization. | |
| list_workspaces | Yes | Users with this permission can get a list of all workspaces within an organization. | |
| read_workspace | Yes | Users with this permission can request information of a specific workspace of an organization. | |
| list_rooms | Yes | Users with this permission can get a list of all the rooms of any workspace in the organization. |
|
| read_room | Yes | Users with this permission can request information of a specific room of an organization. |
|
| list_roles | Yes | Users with this permission can get a list of all the roles within a specific organization. | |
| read_role | Yes | Users with this permission can request information of a specific role in an organization. |
|
| list_users | Yes | Users with this permission can get a list of all the users within a specific organization. | |
| list_users_from_all_organizations | No | Users with this permission can get a list of all the users from all the organizations. |
|
| read_user | Yes | Users with this permission can read information of users from the specified organization. | |
| delete_user | Yes | Users with this permission can delete users from the specified organization. | |
| modify_user | Yes | Users with this permission can modify information about users from the specified organization. | |
| modify_own_user | No | Users with this permission can modify his/her own user. A user with this permission can't modify either his/her Facility nor Role. | |
modify_user_nfc_tag | Yes | Users with this permission can modify users tag ids in the specified organization. A user can modify its own tag id even without having this permission: 'modify_own_user' is enough to do this (if the Facility allows this by having nfcSelfModificationEnabled = true). | |
| list_patients_from_all_organizations | No | Users with this permission can get a list of all the patients from all the organizations. This permission is also used when a patient is assigned to a user. A user can only be assigned to a patient he/she could list. | |
| list_patients_from_current_organization | No | Users with this permission can get a list of all the patients from the organizations where they belong. This permission is also used when a patient is assigned to a user. A user can only be assigned to a patient he/she could list. | |
| list_patients_from_current_facility | No | Users with this permission can get a list of all the patients from the facility where they belong. This permission is also used when a patient is assigned to a user. A user can only be assigned to a patient he/she could list. | |
| modify_patients_from_all_organizations | No | Users with this permission can modify patients (i.e. Admission Form) from all the organizations. |
|
| modify_patients_from_current_organization | No | Users with this permission can modify patients (i.e. Admission Form) from the organization where he/she belongs. |
|
| modify_patients_from_current_facility | No | Users with this permission can modify patients (i.e. Admission Form) from the facility where he/she belongs. |
|
| list_discharged_patients | No | Users with this permission will get discharged patients in the list returned by List Patient operation. | |
| discharge_patients | Yes | Users with this permission can submit the special 'discharge patient' form. | |
| final_discharge_patients | Yes | Users with this permission can submit the special 'discharge final patient' form. | |
| send_messages | No | Users with this permission can make use of the communication API | |
read_alerts_only_from_associated_patients | No | Users with this permission will only receive Alerts for the patients that he/she has currently assigned. Direct Alerts (sent to a specific user id) are still visible even without this permission. | |
read_alerts_from_entire_organization | No | Users with this permission will receive alerts from patients in the entire organization (as long as the alert is configured to be sent to the user's role). Without this permission, only alerts related to the same facility where the user belongs are returned. | |
| re_schedule_alerts_from_all_organizations | No | Users with this permission are allowed to trigger a re-schedule action for all the time based alerts configurations from ALL the organizations. | |
| re_schedule_alerts_from_organization | Yes | Users with this permission are allowed to trigger a re-schedule action for all the time based alerts configurations from a specific the organization. | |
| access_reports | No | UI permission. This permission is never used in the back-end. This permission is used in the UI to display or hide the Reporting section of the application. | N/A |
| access_inbox | No | UI permission. This permission is never used in the back-end. This permission is used in the UI to display or hide the Inbox section of the application. | N/A |
| access_forms | No | UI permission. This permission is never used in the back-end. This permission is used in the UI to display or hide the Surveys (aka Forms) section of the application. | N/A |
| modify_role | Yes | Users with this permission are allowed to create or edit roles from a specific the organization. | Create or Edit role |
| modify_room | Yes | Users with this permission are allowed to create or edit room from a specific the organization. | Create or Edit room |
| delete_room | Yes | Users with this permission are allowed to delete room from a specific the organization. | Delete room |
| delete_role | Yes | Users with this permission are allowed to delete role from a specific the organization. | Delete role |
| modify_facilities | Yes | Users with this permission are allowed to create or edit shift durations from a specific the organization. | Create or Edit shift durations |
| delete_facilities | Yes | Users with this permission are allowed to delete shift durations from a specific the organization. | Delete Shift Durations |
| list_progarms | Yes | Users with this permission are allowed to fetch programs from a specific the organization. | Fetch Programs |
| modify_role_permission | Yes | Users with this permission are allowed to edit role permissions from a specific the organization. | Edit role permissions |
| list_programs_forms | Yes | Users with this permission are allowed to fetch programs with associated forms from a specific the organization. | Fetch programs with forms |
| modify_forms | Yes | Users with this permission are allowed to edit forms from a specific the organization. | Edit forms |
| list_devices | Yes | Users with this permission are allowed to fetch devices by organization or facility or workspace. | Fetch devices |
| delete_devices | Yes | Users with this permission are allowed to delete devices. | Delete devices |
| modify_devices | Yes | Users with this permission are allowed to create or edit devices | Create or Edit devices |
| list_device_history | Yes | Users with this permission are allowed to fetch device history from a specific the organization. | Fetch device history |
User Statuses
Each user has an associated Status in the System. User Statuses are defined at a system level: all organizations share the same set of possible statuses.
The current supported statuses are:
| Status | Description | Used In |
|---|---|---|
| ACTIVE | This status is required for a User in order to log in into the application. |
|
| PENDING | The default status for newly created users. |
|
| SUSPENDED | Users may be suspended to avoid them to log in into the system for a period of time. |
|
| INACTIVE | Users are never deleted from the database. Instead, their status is changed to INACTIVE. |
|
Even if the API doesn't impose any limitation between the transition from one status to another, the UI implements the following state machine:
0 Comments