Therefore, depending on one's user roles, they may not see all of these options. For example, only a few management people should be authorized to create users or to assign roles and to assign rights to the various roles.
Click on "Permission to Role Assignments."
Here we add new roles and assign them their permissions. This is closely linked with the "Users and Roles" page. We can switch back and forth between the two pages using the link at the upper right hand corner of the page.
We can also create new permissions here.
When a role is selected, its direct permissions are displayed in green and its inherited permissions in blue. In the left window, we've selected the role "security_admin" and scrolled down in the right window to see some of the permissions that are assigned to this role.
There will always be at least one role assigned the "Role and user administration" permission. And, every role should be assigned the "Login" permission.
The permissions that are available, but unassigned to the selected role, are displayed in red after the assigned permissions.
Click on "Edit" and a window with the basic information about the selected role opens. This same window will let us add a new role, if we click on "New" rather than "Edit."
The "Is Active" checkbox must be checked or the role will not be assignable. Also, a new role will not be allowed to login until it has been assigned login permission.
Notice that here we have selected the "physician_assistant" role and that this role has the parent role "physician." This means that any user assigned the "physician" role will also inherit all of the permissions assigned the "physcians_assistant" role. Likewise, any user assigned the "physicians_assistant role will inherit all of the permissions assigned the "nurse" role.
Notice the three roles equally indented under "front_desk_manager." This means the "front_desk_manager" inherits the permissions from each of these roles. There are no roles indented under any of the three roles, so none of them inherit any permissions.
Permissions can be set very selectively or very broadly. For example, a staff physician might be given full permissions on all reports. Whereas a technician might be given limited permissions on specific documents.
In this screen we can see that the "venous_technician" has very limited system rights. The four green permissions at the top of the right screen are the only document rights assigned. Of course, the "Login" permission is always needed.
The top, left popup "Add / Edit a Permission" comes when we click the "Edit" or "New" buttons at the bottom of the right screen.
This screen is the admin screen for a "venous_technician." With no extra permissions and no administrative rights, many of the pages are not accessible. Compare this screen to the first one in this chapter.