Managing Roles — Permissions & Access

IN THIS ARTICLE

A role is a set of access rules that define what actions may be performed on each of the various organization settings and system resources. A role can be shared by a group of users, and each user must be assigned exactly one role at all times. This article explains how to manage roles.

Note: You must have the Manage Users, Roles, and Workspaces permission to manage roles for your organization.

Viewing Roles

To view your organization's roles, click on the ProKnow icon in the top left corner of the page, and select Roles under Identity and Access Management. Just to the right of the main navigation are vertical tabs for each of the Identity and Access Management components. Use these tabs to switch quickly between the pages for workspaces, roles, and users. The roles sidebar is to the right of the tabs. The sidebar holds a list of roles that belong to the organization with a button to create roles at the top. Click on one of the roles to select it.

The main content area will update to display the details for the selected role. You will notice a large grey bar at the top of this space. For the Admin role, this bar shows the name of the role on the left and a lock icon on the right. The lock icon signifies that the Admin role cannot be edited or deleted. For every other role, you will see the name of the role and a link to rename the role on the left. On the right, you will find buttons for editing and deleting the selected role.

2018-08-01_20-07-49.png

Creating Roles

  1. Press the Create button at the top of the roles sidebar.
  2. Enter a Name for your role. The name must be unique across all roles in your organization.
  3. Press the Create button to create the role.

Renaming Roles

  1. With a role selected from the sidebar, click the Rename Role link under the role name.
  2. Enter a Name for your role. The name must be unique across all roles in your organization.
  3. Press the Save button to save your changes to the role name.

Editing Roles

  1. With a role selected from the sidebar, press the Edit button.
  2. Check and uncheck the boxes for each of the Advanced Permissions and Organization Management Permissions to grant and revoke permissions as needed. Descriptions for these permissions are provided in those tables.
  3. Check and uncheck the boxes under Organization Permissions to grant and revoke permissions as needed. Permissions granted at this level will apply to every workspace in the organization and will overwrite any permissions defined at the workspace level. These permissions are defined as follows.
    • Read: This permission allows the user to read patient and collection data across every workspace in the organization.
    • View PHI: This permission allows the user to view PHI (Protected Health Information) across every workspace in the organization.
    • Download DICOM: This permission allows the user to download DICOM files, including both the original uploaded files and new versions of the DICOM structure set.
    • Write Patients: This permission allows the user to create and modify patient data across every workspace in the organization. That includes uploading patient data, updating the patient fields and custom metrics for a patient, adding the patient to collections, modifying patient entities, and managing the patients' scorecards.
    • Contour Patients: This permission allows the user to modify patient contours for existing structure sets across every workspace in the organization.
    • Delete Patients: This permission allows the user to delete patients and patient entities across every workspace in the organization.
    • Write Collections: This permission allows the user to create and edit collection data across every workspace in the organization. That includes creating both organization and workspace collections, editing organization and workspace collections, adding batches of patients to a collection, managing collection scorecards, and managing collection bookmarks.
    • Delete Collections: This permission allows the user to delete organization and workspace collections across every workspace in the organization.
  4. To add a workspace level permission, scroll to the bottom of the Workspaces Permission section, select the workspace from the dropdown, and press the Add button. To remove an existing row of workspace permissions, press the orange X to remove the row. Check and uncheck the boxes under Workspace Permissions to grant and revoke permissions as needed. Permissions granted at this level will apply only to the corresponding workspace for that row. These permissions are defined as follows.
    • Read: This permission allows the user to read patient and collection data across the workspace.
    • View PHI: This permission allows the user to view PHI (Protected Health Information) across the workspace.
    • Download DICOM: This permission allows the user to download DICOM files, including both the original uploaded files and new versions of the DICOM structure set.
    • Write Patients: This permission allows the user to create and modify patient data across the workspace. That includes uploading patient data, updating the patient fields and custom metrics for a patient, adding the patient to collections, modifying patient entities, and managing the patients' scorecards.
    • Contour Patients: This permission allows the user to modify patient contours for existing structure sets across the workspace.
    • Delete Patients: This permission allows the user to delete patients and patient entities across the workspace.
    • Write Collections: This permission allows the user to create and edit collection data across the workspace. That includes creating workspace collections, editing workspace collections, adding batches of patients to a collection, managing collection scorecards, and managing collection bookmarks.
    • Delete Collections: This permission allows the user to delete workspace collections for the workspace.
  5. Press the Save button to save your changes to the role.

Editing Role Permissions

Changes to a role will take effect immediately. However, in certain situations, the user interface may not be updated to reflect these changes until after the user refreshes the page or signs in again.

Deleting Roles

  1. With a role selected from the sidebar, press the Delete button.
  2. To confirm that you wish to delete the role, press the Delete button.

A Note About Deleting Roles

A role cannot be deleted if it is in use by one or more users.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.