SanteSuite Help Portal

SanteSuite Help Portal
- Disclaimer
Product Overview
- SanteSuite Products
- SanteDB Versions
Architecture
Installation
Operations
User Guides & Training
Developers
Knowledgebase
- Knowledgebase
- Fixes & Patches
OpenIZ

Powered by GitBook

On this page

Summary
Use Procedure When
Procedure
Before Beginning
Procedures / Tasks
After Completion
Summary Information
Revision History
See Also

Was this helpful?

Operations

Standard Operating Procedures

Role Management SOPs

SOP: Role Policy Assignment

Summary

Whenever a role needs to be granted (or denied) permission to perform an action, access data, or use fields the policy decision point will use the policies assigned to the active roles to determine appropriate action.

Use Procedure When

There is a new policy which needs to be granted or denied from an existing group
There is a formal request to block types of data or actions from members of an existing group
The legislative or policy environment has changed and policies on roles need to be modified.

Procedure

Before Beginning

Ensure that the policy and role assignment are documented in a knowledgebase
Ensure that the policy has been created
Ensure that the administrative design matches the desired policy assignment (i.e. should this really be an assignment to an existing group, or should it be an assignment to a new group)
Familiarize yourself with the Security Architecture
Your account has the Alter Role security permission

Procedures / Tasks

Access the SanteDB Administrative Portal byLogging In
Access the Security Administration menu item
Access the Group List
Locate the group to which the policies are being assigned/removed and click Edit
Locate the policy (documented in Assigning Policies) and press the Add button
Search for the assigned policy
Select the appropriate enforcement permission:
1. Grant - Members of the group should be allowed to access data tagged with the policy or perform actions demanding the policy
2. Deny - Members of the group should not be allowed to access data tagged with the policy or perform actions demanding the policy
3. Elevate - Members of the group may access data or perform actions tagged with the policy, however only after re-authenticating themselves.

After Completion

Close the ticket which was create to assign the policy
Notify the manager / most responsible person for the group that the assignment has been changed.

Summary Information

Current Status: Example Reviewed By: SanteSuite Team

Revision History

Author

Date

Changes

Justin Fyfe (SanteSuite)

2022-03-15

Initial Version

See Also

Security Architecture Privacy Architecture Managing Policies Managing Groups

PreviousRole Management SOPs NextSOP: Assigning Users to Roles

Last updated 3 years ago

Was this helpful?