Team discussion about permissions

[dc2007git]

[ discussion with @eatyourpeas @anchit-chandran @mbarton @AmaniKrayemRCPCH @cillian-rcpch ]

@AmaniKrayemRCPCH here is the schematic we have at the moment for NPDA permissions:

And here is some notes on what we discussed:

• Lead clinician = administrator (highest level of permission outside of RCPCH team). They can add users
• Clinician users should not be able to change other user data or add any users. They will only be able to view other users in their organisation.

Feel free to expand / add anything on this below!

[mbarton]

Lead clinician = administrator

From the discussion in the meeting perhaps we avoid using the word administrator at all since we can't tell out of context whether it's a software admin who can do everything or a clinical admin who can only do a limited amount within some given organisations.

For software admin superuser is probably fine (I think we already use that for E12?). For the latter I'm not sure what word would work that isn't administrator.

[dc2007git]

clinical admin

Great point - superuser makes sense for software, but otherwise clinical administrator I think is cleaner, even though it's confusing. Maybe clinical coordinator?

[mbarton]

Ah true just coordinator sounds good.

Overall keeping the names as general as possible and reflecting what that user can do rather than who they are will help us avoid painting ourselves into a corner in the future.

[AmaniKrayemRCPCH]

Current user groups on Netsolving are:

• Administrator - Can add users and patient data
• Editor - Can add patient data
• Reader - Can only read patient data

Keeping this terminology would be my preference, as it reflects what the user can do (as @mbarton noted above). Happy to change administrator to coordinator to avoid confusion.

As for the permissions table: Only RCPCH staff should be able to delete a patient or a visit. Data entry permissions are identical for administrators (coordinators) and editors. Only difference between the two is being able to add/edit/delete users.

It isn't often that we're asked to delete patients/visits, especially as the majority work with CSV uploads and they'll overwrite incorrect visits anyway.

[dc2007git]

@AmaniKrayemRCPCH thanks for the update - not sure I fully understand how this will integrate with roles. Are we saying we don't want to have clinician/ lead clinician / administrator anymore and simply allocate users either Coordinator / Editor / Reader?

How would this also work with updating patient information, for example Patient Visit data?

Additionally, should the editors be able to read patient data at all, if they have the permission to edit (which is arguably higher in scope)?

What would be really useful is if we had a matrix similar to the one above, explicitly detailing each permission (specifically create, view, update, delete) for each user group and each model (User, Visit, Patient, Site)

[AmaniKrayemRCPCH]

Apologies for the confusion! Here's the updated permissions table. I hope this clears things up, but let me know if there's any questions.

Group	Model	View	Change	Delete	Create
Administrator	Patient	X	X	-	X
Editor	Patient	X	X	-	X
Reader	Patient	X	-	-	-
RCPCH Audit Team	Patient	X	X	X	X
Administrator	Visit	X	X	-	X
Editor	Visit	X	X	-	X
Reader	Visit	X	-	-	-
RCPCH Audit Team	Visit	X	X	X	X
Administrator	User	X	X	X	X
Editor	User	X	-	-	-
Reader	User	X	-	-	-
RCPCH Audit Team	User	X	X	X	X
Administrator	Site	-	-	-	-
Editor	Site	-	-	-	-
Reader	Site	X	-	-	-
RCPCH Audit Team	Site	X	X	X	X