Versions Compared

Old Version 16

changes.mady.by.user Moses Mutesasira

Saved on

compared with

New Version Current

changes.mady.by.user Daniel Kayiwa

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Role

Inherit Privileges
from Role(s)

Privilege(s)

Medical Student

 


View Patient

Data Assistant 


View Patient
Edit Patient

Data Manager

Data Assistant

Add Patient

...

Super users (system administrators) are automatically granted all privileges in the system; therefore, you must be very careful to protect your system administrator password.

Info

See the Privilege Helper module which lets you figure out what privileges are required to perform a particular task, and then helps you assign those privileges to roles.

...

  • Get Concepts
  • Get Concept Proposals
  • Get Users
  • Get Encounters
  • Get Encounter Types
  • Get Locations
  • Get Observations
  • Get Patients
  • Get Patient Identifiers
  • Get Patient Cohorts
  • Get Orders
  • Get Forms
  • Get Identifier Types
  • Get Concept Classes
  • Get Concept Datatypes
  • Get Privileges
  • Get Roles
  • Get Field Types
  • Get Order Types
  • Get Relationship Types
  • Get Concept Sources
  • Get Concept Map Types
  • Get Concept Reference Terms
  • Get Programs
  • Get Patient Programs
  • Get Global Properties
  • Get Person Attribute Types
  • Get People
  • Get Relationships
  • Get Database Changes
  • Get Problems
  • Get Allergies
  • Get HL7 Source
  • Get HL7 Inbound Queue
  • Get HL7 Inbound Archive
  • Get HL7 Inbound Exception
  • Get Visit Types
  • Get Visits
  • Get Visit Attribute Types
  • Get Location Attribute Types
  • Get Providers

  • Get Encounter Roles

    Note

    To view All the available Priviledges, Go to System Administration - Advanced Administration - Manage Priviledges under "Users"


    How to use priviledges and roles and avoid pitfalls



  • when creating new roles .always take advantage of inheriting common priviledges from already existing roles. 
     this makes the use of roles/priviledges very clear  , easily understandable and flexible whenever  a change is to be made regarding a certain role as illustrated below

    Role

    Inherit Privileges
    from Role(s)

    Privilege(s)

    Medical Student

    View Patient

    Data Assistant

    View Patient
    Edit Patient

    Data Manager

    Data Assistant

    Add Patient


  • However much the "add priviledge" option exits under priviledge management on the admin page,  the implementer is unlikely to be able to add a working new priviledge

    .Since the priviledge must be understood and used by the system, its only a system devoloper who can define a new priviledge and add it to the list


  • Limit the priviledges assigned to the "Anonymus" Role , as this will give acces to anyone who can acces the system without authentication and inreases the  ability for  a hacker to acces the system data ,etc

  • Limit the priviledges assigned to the "Authenticated", as this will grant priviledges to any one who has just loggen in , and it will also compromise patient data  confidentiality.
  • Limit the Number of users granted the "System Developer" as it grants all the priviledges and roles to the user to acces any part of the system.
  • Some in built Roles/Priviledges can not be deleted, but can be edited  
    example of the roles that cant be deleted are Anonymus, Authenticated, System developer and Provider
     note  All Role /Privildges that have a Locked Checkbox cant be deleted
     

    Tips to note when using the openmrs Reference Application

  • in the Reference Application , API level privileges are assigned to all roles automatically , and  access is limited  by assigning UI level privileges 

    hence on the home page of the Reference Application, the apps displayed depends on the priviledges assigned to a given user.

     Image Modified

  • To be able to to register a patient, the logged in user needs to have an associated provider account, meaning no patient registration will be possible if there is no user that has a provider account and yes this includes super user. Go to System Administration - Manage Accounts - Add New Account to add a new user and provider. Remember to create both a user account (with appropriate privileges) and a provider account. or in case u created a new user account with out an associated provider account, Go to System Administration - Advanced Administration - Manage Providers-Add provider   , select the user without a provider account , and create a provider account for them


    Trouble shooting.

  • whenever u get the error "java.lang.IllegalStateException: Can't handle users with multiple provider accounts"..
    the main the  cause of that, is creating duplicated provider account with the same user.   Go to System Administration - Advanced Administration - Manage Providers and delete a duplicated provider account 

Resources

Privilege Helper Module