SOP: Role Policy Assignment


Whenever a role needs to be granted (or denied) permission to perform an action, access data, or use fields the policy decision point will use the policies assigned to the active roles to determine appropriate action.

Use Procedure When

  • There is a new policy which needs to be granted or denied from an existing group
  • There is a formal request to block types of data or actions from members of an existing group
  • The legislative or policy environment has changed and policies on roles need to be modified.


Before Beginning

  • Ensure that the policy and role assignment are documented in a knowledgebase
  • Ensure that the policy has been created
  • Ensure that the administrative design matches the desired policy assignment (i.e. should this really be an assignment to an existing group, or should it be an assignment to a new group)
  • Familiarize yourself with the Security Architecture
  • Your account has the Alter Role security permission

Procedures / Tasks

  1. 1.
    Access the SanteDB Administrative Portal byLogging In
  2. 2.
    Access the Security Administration menu item
  3. 3.
    Access the Group List
  4. 4.
    Locate the group to which the policies are being assigned/removed and click Edit
  5. 5.
    Locate the policy (documented in Assigning Policies) and press the Add button
  6. 6.
    Search for the assigned policy
  7. 7.
    Select the appropriate enforcement permission:
    1. 1.
      Grant - Members of the group should be allowed to access data tagged with the policy or perform actions demanding the policy
    2. 2.
      Deny - Members of the group should not be allowed to access data tagged with the policy or perform actions demanding the policy
    3. 3.
      Elevate - Members of the group may access data or perform actions tagged with the policy, however only after re-authenticating themselves.

After Completion

  • Close the ticket which was create to assign the policy
  • Notify the manager / most responsible person for the group that the assignment has been changed.

Summary Information

Current Status: Example Reviewed By: SanteSuite Team

Revision History

Justin Fyfe (SanteSuite)
Initial Version

See Also