...
Role | Inherit Privileges | Privilege(s) | |
---|---|---|---|
Medical Student |
| View Patient | |
Data Assistant | View Patient | ||
Data Manager | Data Assistant | Add Patient |
...
Super users (system administrators) are automatically granted all privileges in the system; therefore, you must be very careful to protect your system administrator password.
Info |
---|
See the Privilege Helper module which lets you figure out what privileges are required to perform a particular task, and then helps you assign those privileges to roles. |
...
- Get Concepts
- Get Concept Proposals
- Get Users
- Get Encounters
- Get Encounter Types
- Get Locations
- Get Observations
- Get Patients
- Get Patient Identifiers
- Get Patient Cohorts
- Get Orders
- Get Forms
- Get Identifier Types
- Get Concept Classes
- Get Concept Datatypes
- Get Privileges
- Get Roles
- Get Field Types
- Get Order Types
- Get Relationship Types
- Get Concept Sources
- Get Concept Map Types
- Get Concept Reference Terms
- Get Programs
- Get Patient Programs
- Get Global Properties
- Get Person Attribute Types
- Get People
- Get Relationships
- Get Database Changes
- Get Problems
- Get Allergies
- Get HL7 Source
- Get HL7 Inbound Queue
- Get HL7 Inbound Archive
- Get HL7 Inbound Exception
- Get Visit Types
- Get Visits
- Get Visit Attribute Types
- Get Location Attribute Types
- Get Providers
Get Encounter Roles
Note To view All the available Priviledges, Go to System Administration - Advanced Administration - Manage Priviledges under "Users"
How to use priviledges and roles and avoid pitfalls
when creating new roles .always take advantage of inheriting common priviledges from already existing roles.
this makes the use of roles/priviledges very clear , easily understandable and flexible whenever a change is to be made regarding a certain role as illustrated belowRole
Inherit Privileges
from Role(s)Privilege(s)
Medical Student
View Patient
Data Assistant
View Patient
Edit PatientData Manager
Data Assistant
Add Patient
However much the "add priviledge" option exits under priviledge management on the admin page, the implementer is unlikely to be able to add a working new priviledge
.Since the priviledge must be understood and used by the system, its only a system devoloper who can define a new priviledge and add it to the list
Limit the priviledges assigned to the "Anonymus" Role , as this will give acces to anyone who can acces the system without authentication and inreases the ability for a hacker to acces the system data ,etc
- Limit the priviledges assigned to the "Authenticated", as this will grant priviledges to any one who has just loggen in , and it will also compromise patient data confidentiality.
- Limit the Number of users granted the "System Developer" as it grants all the priviledges and roles to the user to acces any part of the system.
- Some in built Roles/Priviledges can not be deleted, but can be edited
example of the roles that cant be deleted are Anonymus, Authenticated, System developer and Provider
note All Role /Privildges that have a Locked Checkbox cant be deleted
Tips to note when using the openmrs Reference Application
- in the Reference Application , API level privileges are assigned to all roles automatically , and access is limited by assigning UI level privileges
hence on the home page of the Reference Application, the apps displayed depends on the priviledges assigned to a given user. - To be able to to register a patient, the logged in user needs to have an associated provider account, meaning no patient registration will be possible if there is no user that has a provider account and yes this includes super user. Go to System Administration - Manage Accounts - Add New Account to add a new user and provider. Remember to create both a user account (with appropriate privileges) and a provider account. or in case u created a new user account with out an associated provider account, Go to System Administration - Advanced Administration - Manage Providers-Add provider , select the user without a provider account , and create a provider account for them
Trouble shooting.
- whenever u get the error "java.lang.IllegalStateException: Can't handle users with multiple provider accounts"..
the main the cause of that, is creating duplicated provider account with the same user. Go to System Administration - Advanced Administration - Manage Providers and delete a duplicated provider account
Resources