Roles and Permissions is one facet of the management of system access. A system administrator creates roles from a selection of permissions at one of four levels: no access, read, write, and delete. Roles are assigned to users, whose actions in the system are then limited.
Roles and Permission Enforcement Workflows
For additional background, see: Roles and Permissions Discussion I, Roles and Permissions Discussion II and Roles and Permissions Discussion III
Both of these must be accommodated because a user might be accessing the data via the App layer but not through the UI.
Green-Level Enforcement at the Procedural Level
Red-Level Enforcement at the Procedural Level
Provide enforcement at the red-level in pages 1-3 of the attached roles and permissions workflow document: the user is warned when attempting to create a new procedural record, view a procedural record, or edit a procedural record.
Green-Level Enforcement for Relationships