StrataFrame Security Documentation Send comments on this topic.
Assigning Permissions

Glossary Item Box

Purpose: This document provides an overview of assigning permissions to users and roles within the security system.

Assigning Permissions

Permissions are selected via the list row check box; a check mark indicates the permission is enabled. Permission selection and property management (such as actions, auditing, and restriction sets) can be cascaded from the parent node.

For example, if you want to select all permissions that comprise the “Patient Enrollment” category, simply select the Patient Enrollment category node and all of its children will be selected. This is a very fast way assign entire categories of permissions to a given user or role, or to apply properties to all permissions of a given category.

Permissions may be assigned or applied at three levels:

  1. All Permissions - All available permissions will be selected for the role.
  2. By Category – all available permissions for the category will be selected for the role.
  3. By Permission – an individual permission is selected when checked.

Note: If a parent nodes is not selected yet one or more of its children are selected, the parent node will be marked with a square icon. On the preceding image notice the base permission node is showing a partial selection, while the selection for the Patient Enrollment node is complete since it includes all of its children.

 

Each assigned permission may have the following properties:

  1. Default Action – This combo box allows up to three choices.
    1. Deny - This selection will deny access to the permission and the user will be informed typically with a warning message. This flag is used in conjunction with the “Denied Action” selection on the actual permission.
    2. Grant – This selection grants the user access to the permission.
    3. Read-Only – This selection allows a user to view the permission but the data cannot be added, edited, or deleted.

      4. Note: Read-only status will typically be disabled during permission creation for those permissions where it does not make sense.  As such, if the Read-only option is not displayed in the combo box, it has been disabled at the permission level.

  2. Auditing - Selection of either auditing event overrides its corresponding lower level selection. For example, if the selection is made at the role level it will override any selection made at the permission level. If the selection is made at the user level it will override any selection made at the role or permission levels. Please refer to the "Permission Properties" help topic for further information.

    3. Note: The auditing functionality described above was not included with the 1.5 release of Strataframe. This functionality will become available with a future release.

  3. Restriction Set - A restriction set must first be created before it may be applied to a permission. Please refer to the "Restriction Sets Overview" and "Adding a New Restriction Set" help topics for further information.
    1. Workstation - This combo box is used to select the workstation to be represented in the visual representation. If the restriction set has not been defined by workstation, only one row will exist in the combo box and an asterisk “*” will be displayed. Otherwise, the desired workstation may be chosen from the list in order to display the associated grid.
    2. Visual Representation - This is a visual image, by workstation, for the selected restriction set. It is used to aid the administrator when trying to determine what actual "Restriction Set" to apply. The following picture depicts denied access on Monday, Wednesday, and Friday from 8:00am to 5:00pm.