Default Groups

Its important to understand that there are many types of users that can be created within the system

Default Groups

The different roles/groups in the system are (but not limited to):

Default Groups

System Administrators

System Administrators are users which have the ability to modify the configuration of the system, but limited to application.

Accessing Clinical Data

System Administrators are not permitted to access or modifying clinical data within the system.

‼️Performing these actions can be considered a privacy concern and the main reason System and Clinical operations are separated.

This role is provisioned to manage the following:

  1. Configure users in the system

  2. Provision groups

  3. Apply policies

  4. Review system audit data

Default Policies

The default policies applied to Administrators are:

  • Unrestricted Administrative Function

  • Login

  • Allow Impersonation of Application

  • Access Client Administrative Function

  • Access All SanteDB Tools

  • Unrestricted Non-PHI CDR Acts

  • Unrestricted Metadata

  • Export CDR Metadata

  • Special Security Elevation

  • Login Any Facility

Data Administrators

Data Administrators are users which have the role of maintaining data-quality of records within the system.

This role is provisioned to manage the following:

  1. Duplication/de-duplication of records within the system

  2. Reporting on clinical data

Default Policies

The default policies applied to Data Administrators are:

  • Administer Data Warehouse

  • Unrestricted Match Configuration

  • Unrestricted Clinical Protocol Configuration

  • Start/Run System Job

  • Administer Concept Dictionary

  • Access SanteDB Administrator Panel

  • Access SanteEMR Clinical Interface

  • Unrestricted Clinical Data

  • Unrestricted IMS Functions

  • Unrestricted Metadata

  • Unrestricted Data Warehouse

  • Export CDR Metadata

Clinical Managers

Clinical Managers are users which have the role of maintaining stock and staffing within the clinical aspect of the system.

This role is provisioned to manage the following:

  • Stock and stock stores

  • One or more facilities

Default Policies

The default policies applied to Clinical Managers are:

  • Unrestricted Job Management

  • Create Local Users

  • Alter Local Users

  • Access Client Administrative Function

  • Access SanteEMR Clinical Interface

  • Unrestricted Clinical Data

  • Unrestricted EMR Functions

  • Unrestricted IMS Functions

  • Delete Materials

Clinical Staff

Clinical Staff are users which have the role of admitting and recording patient information.

This role is provisioned to manage the following clinical actions:

  • Registering and admitting Patients

  • Recording encounters and immunizations

  • Scheduling Patient encounters

Default Policies

The default policies applied to Clinical Staff are:

  • Read System Jobs

  • Login

  • Access SanteEMR Clinical Interface

  • Unrestricted Clinical Data

  • Read Metadata

  • Special Security Elevation

Local Users

Local Users are a type of user which has the role of being Clinical Staff but with some restrictions.

This role is provisioned to do the same as the Clinical Staff, but limited to:

  • Using one or more provisioned devices

    • If a device has one or more connected devices, this type of user can use any of those devices (e.g. tablets, PCs, etc...)

    • If a device does not have any other connected downstream devices, this user may only access this device (e.g. tablet, PC, etc...)

Default Policies

The default policies applied to Local Users are:

  • Read System Jobs

  • Start/Run System Job

Use Case

This role is useful in the following scenarios:

  1. A clinical staff from another facility is working at a different facility for one or more days

  2. A user who should be provisioned to only one or more devices within a facility hierarchy

Local Administrators

Default Policies

The default policies applies to Local Administrators are:

  • Create Local Users

  • Alter Local Users

  • Access Client Administrative Function

Warehouse Reader

Default Policies

The default policies applied to Warehouse Reader are:

  • Access SanteDB Administrator Panel

  • Access SanteEMR Clinical Interface

  • Read Non-PHI CDR Acts

  • Read Metadata

  • Read Materials

  • Query Materials

  • Read Places & Orgs

  • Query Places & Orgs

  • Read Warehouse Data

  • Query Warehouse Data

Helpdesk

Default Policies

The default policies applied to Helpdesk are:

  • Change Password

  • Manage System Backups

  • Unrestricted Job Management

  • Create Device

  • Alter Identity

  • Access Client Administrative Function

  • Access All SanteDB Tools

  • Read Non-PHI CDR Acts

  • Read Metadata

  • Login Any Facility

Regional Manager

Default Policies

The default policies applied to Regional Manager are:

  • Create Local Users

  • Alter Local Users

  • Access Client Administrative Function

  • Access SanteEMR Clinical Interface

  • Unrestricted Clinical Data

Compliance Officer

Default Policies

The default policies applied to Compliance Officer are:

  • Access Audit Log

  • Access SanteDB Administrator Panel

  • Access SanteEMR Clinical Interface

  • Query Clinical Data

  • Read Clinical Data

  • Login Any Facility

Developers

Default Policies

The default policies applied to Developer are:

  • Unrestricted Match Configuration

  • Unrestricted Clinical Protocol Configuration

  • Alter Clinical Data Templates

PreviousGroupsNextAdding a Group

Last updated