Roles

<< Click to Display Table of Contents >>

Navigation:  Concepts and Terminology >

Roles

 

Overview

 

A Role describes the profile of a User and assigns what rights and privileges the User will have in the system. All rights are assigned at the role level and then a User is made part of one or more roles. To understand how user rights are assigned when a user is part of multiple roles read User. This document explains the various role rights and which component of PDA Professional each of these rights control. For understanding how topic rights are related to roles see Topics And Criterion. To assign role rights read Managing Roles. As with any security scheme start with the least possible rights that are required for a role and add what all that is needed.

 

Role Scope

 

Role can have following scope:

 

Enterprise-wide: Can access Worksheet data and Attribution Type Objects of all the Facilities. Attribution Types are a type of "system table," e.g. Practitioner, Department, and Unit. Attibution Type Objects are values that can be defined for these Attribution Types. For example, a value for the Attribution Type of Department might be: ID= MED, Description=MEDICINE. For more details see Managing Attribution Type Objects..Will automatically get access to any new Facilities added.

 

Facility-specific: Can access Worksheet data and Attribution Type Objects for only those Facilities which it has been assigned to. If a new Facility has been added new rights will have to be explicitly assigned to them. You cannot assign a Facility to a role if you do not have access to that Facility.

 

Role Rights

 

Following are the rights that can be controlled for a role. These rights have enterprise-wide scope and are not assigned for a specific Facility. Below is the explanation of what components of the system are controlled by each of these rights.

 

Can Manage System Tools:

Manage Attribution Types: If set, can manage Attribution Types from Managing Attribution Types.

Manage Attribution Properties: If set, can manage Attribution Type Properties from Managing Attribution Properties.

Manage Worksheet Fields: If set, can manage Worksheet Fields from Managing Worksheet Fields.

 

Can Manage Security Tools:

Security Node in Management Console: If set, can work with the security node in management console enabling the user to Manage Roles and Users.

Event Log: If set, can view critical system change events from Viewing Event Log.

Password Policy: Can configure password policy settings from System Options Password tab.

 

Can Manage Attribution Type Objects:

Attribution Type Node in Management Console: If set, can manage Attribution Type Objects from Managing Attribution Type Objects.

Import Export Attribution Type Objects: If set, can import and export Attribution Type Objects from Importing Exporting Attribution Type Objects.

 

Can Manage Review Templates:

Manage Review Templates: If set, can manage Review Templates from Managing Review Templates.

Review Template Assignment: If set, can manage Review Template assignment Roles from Managing Review Template Assignment.

Role Review Template Assignment: If set, can assign Review Template to Roles from Manage Role Review Template Assignment.

Export Review Templates: If set, can export Review Template from Exporting Review Template.

 

Can Manage with Topic Editor:

Topic Editor Node: If set, can manage Topics from Working With Topic Editor. Further Review Template Rights should be available to work on a Review Template and Topic Right should be availble to work on a particular Topic.

Topics Tab in Role Rights: If set, can manage Topic Rights from the Topics tab in Managing Roles dialog.

 

Can Delete Worksheets/Report Templates:

Delete Worksheets: If set, can delete Worksheets from Adding Editing Worksheets.

Delete Accounts: If set, can delete accounts from global account records from Working With Global Accounts.

Delete Report Templates: If set, can delete Report and Analyzer Templates from Managing Report And Analyzer Templates.

 

Can View Reports:

Report Node in Folder List: If set, can run Standard Reports for a Review Template or Global Reports. Further Review Template Rights should be available to run Reports for a Review Template.

Saved Reports in Folder List: If set, can view Standard Reports saved by other users. Further rights should be available for each Saved Report to view that report. See below for details.

 

Can View Analyzer:

Analyzer: If set, can run Analyzer cube for a Review Template or Global Analyzer. Further Review Template Rights should be available to run Analyzer Cube for a Review Template.

Saved Analyzer: If set, can view Analyzer Cube saved by other users. Further rights should be available for each Saved Analyzer Cube to view that cube. See below for details.

Saved Graphs: If set, can view Graphs saved by other users. Further rights should be available for each Saved Graphs to view that graph. See below for details.

 

Can Edit Worksheets:

Is not being used, will be implemented in future release.

 

Review Template Rights

 

When a Review Template is created you can control which Roles will have access to it. You cannot assign rights on a Review Template to others if you do not have access to it in the first place. The User who created a Review Template, automatically gets access to it based on the user's Default Role.

 

Saved Report, Analyzer and Graphs Rights

 

When a Standard Report, Analyzer Cube or Graph is saved you can restrict access to it. The User who Saves the report, gets full access to that report automatically based on the user's Default Role.

 

None: Cannot access it

Read Only: Can only view it.

Full Access: Read Only + Can delete that report, further assign rights to other Roles.

 

Special Roles

 

The system comes pre-built with built-in Administrative roles. The roles will not appear in the list of roles within the Management Console under Security. These roles contain two administrative Users; one to be used by CPR Technologies, and the other by the organization for supporting the system. These Users automatically get rights to the entire system, without explicitly assigning any rights. Built-in Administrative Users should be used sparingly only under special circumstances. Only Built-in Administrative Users can perform following functions:

 

Manage ADT Interface (optional component)