Role Access is a critical part of the overall Access Control mechanism.
A number of roles like Doctors, Reception, Nursing Assistant, Back Office,
Transcription, Admin, and Patient can be defined in the application.
For each type of role, the following access checks can be configured:
- No Access Rights: If this checkbox is checked, then the role is shown in the
Roles (No Access Rights) section of the User Role screen.
- Include in Mailing List:
Messages from PrognoCIS can be sent to a role defined in PrognoCIS by selecting the Roles radio button in the To
field on the Message → Compose screen. When the user creates a
message, selects the Roles radio button, and then clicks on Role Search, then all the roles that have the
Include in Mailing List checkbox checked can be seen in the Role Search popup. The user can select the role and send a message.
- Include in PP Mailing List: When the property pp.message.sendto.doctor =
R - Only to the selected Role,
then the To dropdown on the Compose screen of the Patient Portal lists all such roles that have the
Include in PP Mailing List checkbox checked. When a message is sent from the Patient Portal by selecting the
specific role in the To dropdown list, it is sent to ONLY those users who have the selected role assigned.
In the case of a multi-location clinic setup, the message is sent to ONLY those users who have the selected role assigned and belong to
the selected Location.
- Assign To: This checkbox is available only when Billing is turned on.
When this checkbox is checked for a role and that role is assigned to a user on the User Role screen, then this user can be
selected from the popup invoked by clicking the Assign To hand icon on multiple screens on the Billing side.
For all the roles that are system roles, an indicator System-Role Cannot Delete is shown in red on the top right of the screen.
The following are the possible access types for each menu option in the application. A menu option, say Settings \
Masters \ Doctors, can have one or more of these possible access types:
| R |
Read. If the record cannot be read, no other operation
is allowed. |
| C |
Create a new record. |
| U |
Update a modified record. |
| D |
Delete an existing record. |
| A |
Approve a record (transaction). |
It is obvious that in the above example, Approve is not applicable, so there will be no checkbox under the A column. If the role does not have R access, the user who has that role assigned to him will not be able to select the Doctors option from the menu when he runs the application.
System Roles
When the software is installed and the database is created, the following roles are created by default:
- Doctor
- Nurse
- Staff
- RefDoc
- Patient
- Lab
- Rad
- Pharmacy
- Sysgrp
- Nonsysgrp
- Admin
These are the system roles and cannot be deleted. The user may change the names. Whenever a new record for a Doctor or Patient is created and he is to be assigned a User ID and password (depending on the settings in the profile), he is also assigned a default role from the above list.
Access Control
Each user has a default role assigned to him (as explained above). The Admin, Super User, or authorized person can assign any number of roles to each user.
Let us assume that role X defines that a Doctor's record has access rights
RCU, i.e., can be read, created, and updated (not deleted). Role Y defines
that a Doctor's record has access rights RUD, i.e., can be read, updated, and
deleted (not created). If both roles X and Y are assigned to a user, he
will get the best of both, i.e., he gets RCUD (Read, Create, Update, Delete)
access rights. In other words, if access is available in any one of the assigned
roles, the user will get it.
Note that the user himself need not be aware of all roles assigned to him. If the Admin adds or removes roles assigned to a user, he will automatically get more or fewer menu options accessible to him using his own User ID and password.
Save: Click to
save the role.
Save As:
Click to save the defined access rights with a different role name.
Delete: Click to delete
the role.
Reset: Click to reset
the role to the previously saved values.
|