6.4 Understanding Permissions |
Understanding how each element that defines a user’s permissions, how specific permissions can be limited, and how they interact with one another is critical to ensure operational success in eResearch. Therefore, it is important to take a look at why one might want to layer permissions and how conflicting permissions are resolved by eResearch.
Some specific permissions, such as “Manage Patients” can be found in more than one area. For example, “Manage Patients” access can be provided at the group, super user, or study team level.
|
If a user were to have Super User Permissions to only “view” patient records, but View, Edit and New permission at the study team level, which definition would prevail? The answer is that the more “local” permission would take precedence over the broader permission.
In this example, the user would be able to only view patient records throughout the system on all other studies, but on the study where they were given a study team role with New, Edit and View permissions, they would be able to create new patient records, and edit and view existing patient records.
|
 |
If layering a permission this way, think of the Super User permissions as giving that user very broad access across the system, unless contradicted locally, by a specific permission, in this case, a study team role permission.
|
|