SanteSuite Help Portal
Search…
SanteSuite Help Portal
SanteSuite Help Portal
Product Overview
SanteSuite Products
Architecture
SanteDB Architecture
Solution Architecture
Software Architecture
Data & Information Architecture
Security Architecture
Privacy Architecture
Matching Engine
HIE & Interoperability
Installation
Installation
Releases
Quick Start Guide
Operationalizing SanteDB
Demonstration Environment
Operations
SanteDB Operations
Server Administration
CDR Administration
Standard Operating Procedures
User Management SOPs
Role Management SOPs
SOP: Role Policy Assignment
SOP: Assigning Users to Roles
SOP: Creating New Roles
Device Management SOPs
Application Management SOPs
Standard Operating Procedure Template
User Guides & Training
SanteDB User Guides
Common User Interface Elements
SanteMPI
SanteGuard
Developers
Extending SanteSuite
Getting Started
Applets
.NET Plugins
Service APIs
SanteDB Software Publishers
Knowledgebase
Knowledgebase
Fixes & Patches
OpenIZ
About OpenIZ
FAQ
OpenIZ Demonstration Servers
Powered By GitBook
SOP: Role Policy Assignment

Summary

Whenever a role needs to be granted (or denied) permission to perform an action, access data, or use fields the policy decision point will use the policies assigned to the active roles to determine appropriate action.

Use Procedure When

  • There is a new policy which needs to be granted or denied from an existing group
  • There is a formal request to block types of data or actions from members of an existing group
  • The legislative or policy environment has changed and policies on roles need to be modified.

Procedure

Before Beginning

  • Ensure that the policy and role assignment are documented in a knowledgebase
  • Ensure that the policy has been created
  • Ensure that the administrative design matches the desired policy assignment (i.e. should this really be an assignment to an existing group, or should it be an assignment to a new group)
  • Familiarize yourself with the Security Architecture
  • Your account has the Alter Role security permission

Procedures / Tasks

  1. 1.
    Access the SanteDB Administrative Portal byLogging In
  2. 2.
    Access the Security Administration menu item
  3. 3.
    Access the Group List
  4. 4.
    Locate the group to which the policies are being assigned/removed and click Edit
  5. 5.
    Locate the policy (documented in Assigning Policies) and press the Add button
  6. 6.
    Search for the assigned policy
  7. 7.
    Select the appropriate enforcement permission:
    1. 1.
      Grant - Members of the group should be allowed to access data tagged with the policy or perform actions demanding the policy
    2. 2.
      Deny - Members of the group should not be allowed to access data tagged with the policy or perform actions demanding the policy
    3. 3.
      Elevate - Members of the group may access data or perform actions tagged with the policy, however only after re-authenticating themselves.

After Completion

  • Close the ticket which was create to assign the policy
  • Notify the manager / most responsible person for the group that the assignment has been changed.

Summary Information

Current Status: Example Reviewed By: SanteSuite Team

Revision History

Author
Date
Changes
Justin Fyfe (SanteSuite)
2022-03-15
Initial Version

See Also

Previous
Role Management SOPs
Next
SOP: Assigning Users to Roles
Last modified 4mo ago
Copy link
Outline
Summary
Use Procedure When
Procedure
Before Beginning
Procedures / Tasks
After Completion
Summary Information
Revision History
See Also