Concepts and Terminology

Overview

A Role describes the profile of a User and assigns what rights and privileges the User will have in the system. All rights are assigned at the role level and then a User is made part of one or more roles. To understand how user rights are assigned when a user is part of multiple roles see the User topic. This document explains the various role rights and which components of Plato Data Analyzer Professional each of these rights control. For an understanding on how topic rights are related to roles see Topics And Criterion. To assign role rights read Managing Roles. As with any security scheme start with the least possible rights that are required for a role and add what is needed.

Role Scope

Roles can have following scope:

•Enterprise-wide: Can access Worksheet data and Attribution Type Objects for all the Facilities. Attribution Types are a type of "system table," e.g. Practitioner, Department, and Unit. Attribution Type Objects are values that can be defined for these Attribution Types. For example, a value for the Attribution Type of Department might be: ID= MED, Description=MEDICINE. For more details see Managing Attribution Type Objects..Will automatically get access to any new Facilities added.

•Facility-specific: Can access Worksheet data and Attribution Type Objects for only those Facilities to which it has been assigned. If a new Facility has been added new rights will have to be explicitly assigned to them. You cannot assign a Facility to a role if you do not have access to that Facility.

Role Rights

Following are the rights that can be controlled for a role. These rights have enterprise-wide scope and are not assigned for a specific Facility. Below is the explanation of what components of the system are controlled by each of these rights.

Can Manage System Tools:

▪Manage Attribution Types: If set, can manage Attribution Types from Managing Attribution Types.

▪Manage Attribution Properties: If set, can manage Attribution Type Properties from Managing Attribution Properties.

▪Manage Worksheet Fields: If set, can manage Worksheet Fields from Managing Worksheet Fields.

Can Manage Security Tools:

▪Security Node in Management Console: If set, can work with the security node in management console enabling the user to Manage Roles and Users.

▪Event Log: If set, can view critical system change events from Viewing Event Log.

▪Password Policy: Can configure password policy settings from Program Options Security tab.

Can Manage Attribution Type Objects:

▪Attribution Type Node in Management Console: If set, can manage Attribution Type Objects from Managing Attribution Type Objects.

▪Import Export Attribution Type Objects: If set, can import and export Attribution Type Objects from Importing Exporting Attribution Type Objects.

Can Manage Review Templates:

▪Manage Review Templates: If set, can manage Review Templates from Managing Review Templates.

▪Review Template Assignment: If set, can manage Review Template assignment Roles from Managing Review Template Assignment.

▪Role Review Template Assignment: If set, can assign Review Template to Roles from Manage Role Review Template Assignment.

▪Export Review Templates: If set, can export Review Template from Exporting Review Template.

Can Manage with Topic Editor:

▪Topic Editor Node: If set, can manage Topics from Working With Topic Editor. Further Review Template Rights should be available to work on a Review Template and Topic Right should be availble to work on a particular Topic.

▪Topics Tab in Role Rights: If set, can manage Topic Rights from the Topics tab in Managing Roles dialog.

Can Delete Worksheets/Report Templates:

▪Delete Worksheets: If set, can delete Worksheets from Adding Editing Worksheets.

▪Delete Accounts: If set, can delete accounts from global account records from Working With Global Accounts.

▪Delete Report Templates: If set, can delete Report, Report Writer, Analyzer, and Dashboard Templates from Managing Report And Analyzer Templates.

Can View Reports:

▪Report Node in Folder List: If set, can run Standard Reports for a Review Template or Global Reports. Further Review Template Rights should be available to run Reports for a Review Template.

▪Saved Reports in Folder List: If set, can view Standard Reports saved by other users. Further rights should be available for each Saved Report to view that report. See below for details.

Can View Report Writer:

▪Report Writer: If set, can run report writer for a Review Template or Global Report Writer. Further Review Template

▪Saved Report Writer: If set, can view Report Writer saved by other users.

Can View Analyzer:

▪Analyzer: If set, can run Analyzer for a Review Template or Global Analyzer.

▪Saved Analyzer: If set, can view Analyzer saved by other users.

Can View Dashboard:

▪Dashboard: If set, can run Dashboard for a Review Template or Global Dashboard.

▪Saved Dashboard: If set, can view Dashboard saved by other users.

Review Template Rights

When a Review Template is created you can control which Roles will have access to it. You cannot assign rights on a Review Template to others if you do not have access to it in the first place. The User who creates a Review Template automatically gets access to it based on the user's Default Role.

Saved Report, Analyzer, Dashboard and Report Writer Rights

When a Standard Report, Analyzer, Dashboard, or Report Writer is saved you can restrict access to it. The User who Saves the report gets full access to that report automatically based on the user's Default Role.

▪None: Cannot access it

▪Read Only: Can only view it.

▪Full Access: Read Only + Can delete that report, further assign rights to other Roles.

Special Roles

The built-in administrative roles will not appear in the list of roles within the Management Console under Security. These Users automatically get rights to the entire system, without explicitly assigning any rights. Built-in Administrative Users should be used sparingly only under special circumstances.