Managing Users — Organization Personnel

IN THIS ARTICLE

A ProKnow user is an entity (usually a person) who uses the system. A user must be assigned to exactly one role. This article explains how to manage users.

Note: You must have the Manage Users, Roles, and Workspaces permission to manage users for your organization.

Viewing Users

To view your organization's users, click on the ProKnow icon in the top left corner of the page, and select Users under Identity and Access Management. Just to the right of the main navigation are vertical tabs for each of the Identity and Access Management components. Use these tabs to switch quickly between the pages for workspaces, roles, and users. The users sidebar is to the right of the tabs. The sidebar holds a list of users that belong to the organization with a button to create users at the top. Click on one of the users to select it.

The main content area will update to display the details for the selected user. You will notice a large grey bar at the top of this space. On the left is the name of the user with a link to the user's role and a link to send the user an email. On the right you will find buttons for editing and deleting the selected user.

2020-02-18_08-45-20.png

Inactive Users

By default, only active users are shown in the list. To show inactive users, too, click on the filter dropdown and check the box next to Show Inactive.

Creating Users

  1. Press the Create button at the top of the users sidebar.
  2. Enter the user's  Name and Email and assign a Role from the dropdown. The email must be unique across all users in your organization.
  3. Press the Create button to create the user.

What's next for your users?

For every user you create, we recommend you point them to our article Logging In for the First Time and Beyond and our searchable help articles, which will help them get started in ProKnow.

Roles as Templates

The role assigned to a user may be used as a template to further customize the user's permissions according to their unique responsibilities within your organization. See Editing User Permissions for instructions on how to customize a user's permissions.

Editing Users

  1. With a user selected from the sidebar, press the Edit button.
  2. Modify the field values as needed. The Email must be unique across all users in your organization.

  3. Press the Save button to save your changes to the user.

Updating a User's Role

Changes to a user's role will take effect immediately. However, in certain situations, the user interface may not be updated to reflect these changes until after the user refreshes the page or signs in again.

Editing User Permissions

Private Roles

Customizing a user's permissions using these instructions creates a "private role" that is disconnected from the formal role to which they were originally assigned. These special roles do not show up in the list of roles on the Roles tab.

2020-02-18_09-09-10.png

You may change a user's role back to a formal role by following the instructions above for Editing Users.

  1. With a user selected from the sidebar, press the Edit Permissions button.
  2. Check and uncheck the boxes for each of the Advanced Permissions and Organization Management Permissions to grant and revoke permissions as needed. Descriptions for these permissions are provided in those tables.
  3. Check and uncheck the boxes under Organization Permissions to grant and revoke permissions as needed. Permissions granted at this level will apply to every workspace in the organization and will overwrite any permissions defined at the workspace level. These permissions are defined as follows.
    • Read Patients: This permission allows the user to read patient data across every workspace in the organization.
    • View PHI: This permission allows the user to view PHI (Protected Health Information) across every workspace in the organization.
    • Download DICOM: This permission allows the user to download DICOM files, including both the original uploaded files and new versions of the DICOM structure set.
    • Write Patients: This permission allows the user to create and modify patient data across every workspace in the organization. That includes uploading patient data, updating the patient fields and custom metrics for a patient, adding the patient to collections, modifying patient entities, and managing the patients' scorecards.
    • Contour Patients: This permission allows the user to modify patient contours for existing structure sets across every workspace in the organization.
    • Delete Patients: This permission allows the user to delete patients and patient entities across every workspace in the organization.
    • Read Collections: This permission allows the user to read collection data across every workspace in the organization.
    • Write Collections: This permission allows the user to create and edit collection data across every workspace in the organization. That includes creating both organization and workspace collections, editing organization and workspace collections, adding batches of patients to a collection, managing collection scorecards, and managing collection bookmarks.
    • Delete Collections: This permission allows the user to delete organization and workspace collections across every workspace in the organization.
    • Collaborator: The Collaborator permission is unique in that it does not grant any specific  permissions. Instead, it modifies the other permissions to only apply to patients that the user has been explicitly granted access to via the Manage Patient Access dialog (users are automatically granted patient access if they create or upload new patient data). This means that a collaborator with Read Patients, Write Patients, and Contour Patients permissions may only view and edit patients that they have either (1) manually created, (2) uploaded, or (3) been granted access to via the Manage Patient Access dialog by a user with Manage Users, Roles, and Workspaces permission. Please note that collaborators may not view, edit, or delete collections (due to their limited patient access) and, as such, these permissions are disabled when the user is marked as a collaborator. In addition, due to the way workspaces inherit organization permissions, a role may not be marked as an organization collaborator and also have workspace-specific permissions (you may, however, mark a role as a collaborator in one workspace and have regular, non-collaborator access to other workspaces). Please refer to the Managing Access to Patients article for additional information about how the collaborator permission may be used to manage access within an organization.
  4. To add a workspace level permission, scroll to the bottom of the Workspaces Permission section, select the workspace from the dropdown, and press the Add button. To remove an existing row of workspace permissions, press the orange X to remove the row. Check and uncheck the boxes under Workspace Permissions to grant and revoke permissions as needed. Permissions granted at this level will apply only to the corresponding workspace for that row. These permissions are defined as follows.
    • Read Patients: This permission allows the user to read patient data across the workspace.
    • View PHI: This permission allows the user to view PHI (Protected Health Information) across the workspace.
    • Download DICOM: This permission allows the user to download DICOM files, including both the original uploaded files and new versions of the DICOM structure set.
    • Write Patients: This permission allows the user to create and modify patient data across the workspace. That includes uploading patient data, updating the patient fields and custom metrics for a patient, adding the patient to collections, modifying patient entities, and managing the patients' scorecards.
    • Contour Patients: This permission allows the user to modify patient contours for existing structure sets across the workspace.
    • Delete Patients: This permission allows the user to delete patients and patient entities across the workspace.
    • Read Collections: This permission allows the user to read collection data across the workspace.
    • Write Collections: This permission allows the user to create and edit collection data across the workspace. That includes creating workspace collections, editing workspace collections, adding batches of patients to a collection, managing collection scorecards, and managing collection bookmarks.
    • Delete Collections: This permission allows the user to delete workspace collections for the workspace.
    • Collaborator: The Collaborator permission is unique in that it does not grant any specific  permissions. Instead, it modifies the other permissions to only apply to patients that the user has been explicitly granted access to via the Manage Patient Access dialog (users are automatically granted patient access if they create or upload new patient data). This means that a collaborator with Read Patients, Write Patients, and Contour Patients permissions within a workspace may only view and edit patients within that workspace that they have either (1) manually created, (2) uploaded, or (3) been granted access to via the Manage Patient Access dialog by a user with Manage Users, Roles, and Workspaces permission. Please note that collaborators may not view, edit, or delete collections (due to their limited patient access) and, as such, these permissions are disabled when the user is marked as a collaborator. In addition, due to the way workspaces inherit organization permissions, a role may not be granted any organization-level permissions if marked as a collaborator within any workspaces (you may, however, mark a role as a collaborator in one workspace and have regular, non-collaborator access to other workspaces). Please refer to the Managing Access to Patients article for additional information about how the collaborator permission may be used to manage access within an organization.
  5. Press the Save button to save your changes to the user permissions.

Deleting Users

  1. With a user selected from the sidebar, press the Delete button.
  2. To confirm that you wish to delete the role, press the Delete button.

A Note About Deleting Users

Please note that you may not delete users once they have performed operations that have become part of historical records. In these cases, you may deactivate the user instead.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.