Overview

Roles and Permissions is one facet of the management of system access. A system administrator creates roles from a selection of permissions at one of four levels: no access, read, write, and delete. Roles are assigned to users, whose actions in the system are then limited.

Roles and Permission Enforcement Workflows

For additional background, see: Roles and Permissions Discussion I, Roles and Permissions Discussion II and Roles and Permissions Discussion III

Must Have for Release 1.1

Both of these must be accommodated because a user might be accessing the data via the App layer but not through the UI.

Green-Level Enforcement at the Procedural Level

• Procedures for which the user has no access do not appear in search or create new
• Procedures for which the user has read access are accessible in a view-only mode

Red-Level Enforcement at the Procedural Level

Provide enforcement at the red-level in pages 1-3 of the attached roles and permissions workflow document: the user is warned when attempting to create a new procedural record, view a procedural record, or edit a procedural record.

Nice to Have for Release 1.1

Green-Level Enforcement for Relationships

• User must have write permission to both procedures to create a relationship between them

Out of Scope for Release 1.1

• Red-level enforcement for Vocabularies/Authorities
• Green-level enforcement for Vocabularies/Authorities
• Red-level enforcement for Administration
• Green-level enforcement for Administration
• Red-level enforcement for Relationships
• Green-level enforcement for Relationships
• Permissions at the field or group-of-fields level
• Permissions at the object or group-of-objects level