HD EAM (Entity Access Management)

HD EAM (Entity Access Management)

Welcome to the documentation pages for the application "Entity Access Management" ("EAM") application, provided by the Sciensano's healthdata.be service.

These pages will provide you with information about the use of the "Entity Access Management portal" and the underlying processes. The following sections are provided:

Bart.Servaes Wed, 03/19/2025 - 09:30

General description of the HD EAM portal

General description of the HD EAM portal

The applications of healthdata.be (like HD4DP v2 and healthstat.be) process sensitive personal information. Therefore, strictly controlled processes are used to grant access to these applications. The Entity Access Management portal of healthdata.be facilitates these processes. In the accompanying user manual we describe how to use the portal.

Members of organizations having received the required approval (i.e. contractual, IVC approval) can obtain access to healthdata applications via the EAM portal. These individuals can be members of organizations providing data to the healthdata platform or members of organizations exploring data from the reporting environment (Healthstat). Your organization will be required to assign an Access Manager who is responsible for the administration of access rights to individuals within the organization.

Read here how to proceed, in case no Access Manager exists yet within your organization or in case your organization is not defined in the EAM portal.

To access the Entity Access Management system, you need to navigate in your internet browser to the URL https://eam.healthdata.be. The healthdata.be Entity Access Management (HD EAM) Portal page appears on your screen.

Bart.Servaes Thu, 03/20/2025 - 10:10

EAM User Manual

EAM User Manual Bart.Servaes Thu, 06/20/2024 - 14:56

User matrix

User matrix

The EAM User Matrix featured below offers an overview of the actions that are within the scope of Authenticated Users and Access Managers.

Please make use of this User Matrix to make your way through the EAM documentation. Search the User Matrix for the desired action. Actions available for either Authenticated User and/or Access Manager are indicated with a green "yes". Click on "yes" and you will be redirected to the relevant end-to-end (E2E) description.

Read here how to proceed, in case no Access Manager exists yet within your organization.

The User Matrix legend

  • Application: the application that is impacted by the action
  • Actions: what a user can do in the entity access management (EAM) system; the functionality
  • #: numbering of actions mainly for healthdata.be internal purposes, but can be used as a reference
  • Interface: the method used to carry out the action; GUI: Graphical User Interface; CSV: comma-separated value
  • Authenticated User: is logged into the EAM system through itsme or eID and has a profile based on shared first name, last name and NISS code
  • Access Manager: validates/manages the access to applications/projects for users within the own organization(s), validates/manages accounts
  • Anonymous User: any person that accesses the HD EAM portal page and has the intention to login
  • AU: Authenticated User
  • AM: Access Manager
  • LSL: Local Study Lead
  • LSA: Local Study Associate
  • LSS (AG): Local Study Support and Author Group
  • n/a: not applicable
  • E2E: End-to-end
  • DP/H: Data Provider / Hospital
  • DP/I: Data Provider / Individual
  • Sp: Sponsor / Sponsor
  • Sp/I: Sponsor / Individual

The User Matrix

ApplicationActions#InterfaceAuthenticated User (AU)Access Manager (AM)
System Login and Creation of EAM User and EAM Account
EAMLogin to the EAM system as an anonymous user-GUIyesn/a
EAMCreating an EAM User manually0GUIyesyes
EAMAdding an own EAM account1aGUIyes (video available)yes
EAMAdding an EAM account for another user1bGUInoyes
EAMRequesting approval of an EAM account for another user1cGUInoyes
EAMApproving an EAM account approval request2GUInoyes
|
Batch Creation using CSV (bulk upload)
EAMCreating EAM Users using CSV bulk upload41csvnoyes (video available)
EAMCreating EAM Accounts and Adding Grants using CSV bulk upload37csvnoyes (video available)
|
Batch Export using CSV (bulk download)
EAM Export of EAM Users in batch using CSV-csvnoyes
EAM Export of EAM Accounts in batch using CSV-csvnoyes
|
|Adding Grants (provision, project, roles, author group, data level)
HD4DP2Adding access grants for HD4DP2 project with role LSL, LSA or LSS (AG)13GUIyesyes
HD4DP2Requesting approval of access grants for HD4DP2 project with role LSL, LSA or LSS (AG)10GUIyesyes
HD4DP2Approving access grants for HD4DP2 with role LSL, LSA or LSS (AG)16GUInoyes (video available)
Healthstat.beAdding access grants for Healthstat.be project with role DP/H, DP/I, Sp/Sp, Sp/I32aGUIyesyes
Healthstat.beRequesting approval of access grants for Healthstat.be project with role DP/H, DP/I, Sp/Sp, Sp/I32GUIyesyes
Healthstat.beApproving access grants for Healthstat.be project with role DP/H, DP/I, Sp/Sp, Sp/I33GUInoyes
|
Changing Grants (provision, project, roles, author group, data level)
Example is HD4DP2, but applies to all applications
HD4DP2Changing access grants for HD4DP2 project to role LSL, LSA or LSS (AG)30GUIyesyes
HD4DP2Requesting access grants change approval for HD4DP2 project to role LSL, LSA or LSS (AG)24GUIyesyes
HD4DP2Approving access grants change for HD4DP2 project to role LSL, LSA or LSS (AG)27GUInoyes (video available)
HD4DP2Changing the author group for the role "Local Study Support"31GUIyesyes
|
Advanced actions (disabling account, resetting password ...)
EAMAdding existing users to EAM and your organization manually-GUInoyes
EAMDemoting an Access Manager to Authenticated User6GUInoyes
EAMPromoting an Authenticated User to Access Manager5GUInoyes
EAMDeleting an EAM account in Draft state3aGUIyesno
EAMDisabling an EAM account3bGUInoyes
EAMEnabling an EAM account4GUInoyes
EAMRestoring an EAM account-GUInoyes
EAMBlocking / unblocking an EAM user-GUInoyes
HD4DP2Removing EAM account for HD4DP2 project19GUIyesno
HD4DP2Resetting password of EAM account for HD4DP2 project21GUInoyes (video available)
HD4DP2Removing access grants from an EAM account30aGUInoyes
Healthstat.beDisabling EAM account for Healthstat.be project34GUInoyes
Healthstat.beRestoring EAM account for Healthstat.be project35GUInoyes
Healthstat.beResetting password of EAM account for Healthstat.be project36GUInoyes
|
Overviews (EAM users and accounts)
EAMViewing all users within own organization(s) 82GUInoyes
HD4DP2Viewing accounts of all users within own organization(s) for HD4DP274GUInoyes
HD4DP2Viewing own accounts for HD4DP275GUIyesyes
Healthstat.beViewing accounts of all users within own organization(s) for Healthstat78GUInoyes
Healthstat.beViewing own accounts for Healthstat.be79GUIyesyes
This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!

Bart.Servaes Thu, 08/22/2024 - 16:41

Authenticated User E2E Actions

Authenticated User E2E Actions

Click here to learn more about the concept of "Authenticated User".

This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!
Bart.Servaes Tue, 11/19/2024 - 11:11

Authenticated user actions using the EAM interface

Authenticated user actions using the EAM interface

Table of contents

Logging in to the EAM system as an anonymous user

An anonymous user is a user yet to be identified in our records, who wishes to login to the EAM system, being the first step in order to become an Authenticated User.

This action describes how to access the HD EAM portal page via the Federal Authentication Service (FAS) and how to have your basic data such as name and niss number validated automatically.

Initial step:

Navigating to the HD EAM Portal page

To log into our Entity Access Management system, you need to navigate to the https://eam.healthdata.be URL.

Logging in with itsme, eID

To log into the HD EAM Portal you need to click on the Login button on the top left of your screen.

Then select the Log in with eID button.

You will be redirected to the government's Federal Authentication Service (FAS), where you can log in with multiple digital keys with eID or digital identity.

When selecting the itsme option, you will need to enter your cell phone number.

Follow the instructions on your mobile device via the itsme application.

Once the itsme login procedure has been completed, confirm by clicking the green profile validation button ("Profiel bevestigen" or "Confirmer le profil") to log in into the HD EAM system (see image below).

NLFR

You are now directed to the EAM portal page which displays the data you have shared by eID, itsme or another digital key.

Return to Table of contents

Return to the User Matrix (recommended)

Creating an EAM User manually

Preceding steps

Completing the user profile and becoming an Authenticated User

The main My Profile screen that opens up after selecting the confirmation button shows the Personal information you have already shared with the EAM system via the Federal Authentication Service (FAS), i.e. your first name, last name and NISS code. And, if available, a NIHDI number.

Below your personal information the Linked accounts window displays an overview of the accounts linked to your profile. You can sort this overview by Account, Email and State. Selection of an account in this window directs you to the management of grants for these accounts, to an overview of accesses to projects and several advanced actions.

Attention:

Upon your first login the Linked accounts section will be of course empty.

With the release of EAM 3.1 the Organisations item has been added to the Personal information section, indicating the organization(s) the user is affiliated with. In this way, users can be traced back and managed by the Access Manager more easily.

To continue, click on your name and e-mail address on the top left of the screen to toggle a toolbar containing the tabs View profile, Edit profile, My Accounts and Log out.

The View profile tab directs you to the My profile screen.

To complete your profile, select the Edit profile tab and then the underlying tabs User settings and Personal information. Required fields are indicated with a red asterisk.

Select the User settings tab.

ATTENTION: When logging in for the first time, the User settings tab will feature a primary e-mail address field with a pre-filled default e-mail address, e.g.:

Replace this address with your professional e-mail address. This e-mail address is used to send necessary notifications to you. We recommend you to avoid the use of public e-mail addresses (such as @gmail.com, @hotmail.com, @yahoo.com etc.) for security purposes.

Confirm with the Save button.

The Personal information tab contains pre-populated information such as first name, last name and SSIN in greyed out fields. This information can't be changed. Next to this, you can provide a NIHDI number, or more than one, if applicable.

Confirm with the Save button. You have now completed the fields in both User settings and Personal information tabs, which makes you known to the EAM system as an Authenticated User.

Return to Table of contents

Return to the User Matrix (recommended)

Adding an own EAM account

Full tutorial available here

Preceding steps

Adding and provisioning an EAM account

Return to the My Profile page and select the My Accounts tab.

On the My Accounts page your personal information is displayed in the blue User details section, followed by a list of accounts you have created.

To add a new account, click on the Add new Account button at the bottom of the page.

Complete the fields in the Add a new account window with the email address for your organization and select a combination of an organization (availabe in a drop-down list with an auto-completion function as shown below) and an application (HD4DP2, Healthstat ...). This is called provisioning of an account.

Tip: If possible, avoid the use of a public e-mail address such as @gmail.com, @hotmail.com, @yahoo.com etc.

Click on the Save button.

You will be automatically redirected to the My Accounts page that has now been updated with your newly created account added at the bottom of the list. The account has received the status "Draft".

Requesting approval of an account without grants

At this stage you can already request approval of this provisioned account. Therefore, select the Edit button in the Actions column.

Click on the Request approval button.

When you return to the My Accounts page, you will notice that the Account State has changed to Approval (in orange).

The Access Manager will be notified of your request via e-mail. The Access Manager will then need to take appropriate action. This can take multiple hours. Upon confirmation the Account State will change to Approved.

ATTENTION:

An account without grants, even approved, does not give any access to registries in a given HD application. The advantage of having such an account approved, is that you, as a user, will be visible in the Access Manager's display of users within the organization.

If you want to add grants at this stage, go here (HD4DP v2) or here (healthstat.be) for the relevant instructions.

Return to Table of contents

Return to the User Matrix (recommended)

Deleting an EAM account in Draft state

Preceding steps

Deleting an account

If desired, you can delete an account in Draft state. For this, you need to return to the My Accounts page. Search for the relevant account and click on the arrow of the Edit button first and then select the Delete option.

ATTENTION: Once an account approval request has been granted and features the status Approval, the Delete option is not available anymore.

Selecting the Edit button opens the account page for managing grants. If no grants are shown, no grants are to be managed. Added grants can only be viewed.

Once in Approval State, an Authenticated User can't delete the account anymore. You need then to contact your Access Manager for further action, e.g. to disable the account.

Return to Table of contents

Return to the User Matrix (recommended)

This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!
Bart.Servaes Thu, 12/12/2024 - 10:09

Authenticated user actions for a project in HD4DP2

Authenticated user actions for a project in HD4DP2

Table of contents

Adding access grants with the role of Local Study Lead, Local Study Associate or Local Study Support (for an author group "Author Group")

Preceding steps

Adding access grants

In the My Accounts page you search for the EAM account that you just have created.

Click on "0 grants" in the Grants column or select the relevant Edit button. In the latter case, select Add Grant.

Then add new grants to an account by clicking on the Add new Grant button at the bottom of the next screen.

Select the desired project and the role of Local Study Lead, Local Study Associate or Local Study Support in the Add a new grant pop-up window.

If you select the role of Local Study Support, an additional Author group drop-down list will be displayed. Select the desired Author group and click on the Save button.

Upon returning to the My Accounts page, you will see that the accounts list has been updated with the selected grant:

This concludes the process to create an account for a project in HD4DP v2.0 with its corresponding role .

Next step: Request Access Manager's approval of the access grants as described here.

Return to Table of contents

Return to the User Matrix (recommended)

Requesting approval of access grants with the role of Local Study Lead, Local Study Associate or Local Study Support (for an author group "Author Group")

Preceding steps

Requesting approval

To request access to a project with a specific role, your account in Draft state needs to be approved by the Access Manager.

Click on either the "n grants" link or the Edit button on the row featuring the account for which you would like the approval by your Access Manager.

To request for approval you click on the Request approval button in the displayed Account: Manage grants screen.

The Account State is updated to Approval in the Account details section.

Return to the My Accounts page which now displays the Account State as Approval.

The Access Manager will be notified of your request via e-mail and prompted to take action. This can take multiple hours. Upon confirmation the Account State will change to Approved.

Next step: Access Manager's approval of the access grants as described here.

Return to Table of contents

Return to the User Matrix (recommended)

Removing an EAM account

Preceding steps

Removing an account

To remove an account which is still in Draft state you simply select Remove from the Edit toggle button. If you wish to remove an account in another state (Approval, Approved, Published etc.) you need to contact your Access Manager who will then disable it.

Return to Table of contents

Return to the User Matrix (recommended)

Changing access grants to the role of Local Study Lead, Local Study Associate or Local Study Support (for an author group "Author group")

Preceding steps

Changing roles

If you wish to change your role for one of the projects you would first need to check whether your account is still in Draft state. If this isn't the case, you need to contact your Access Manager to have your role changed.

If not, return to the Accounts: Manage grants page by selecting "n grants" in the Grants column and navigate to the list of Projects (below Account Details).

Select the Edit button of the desired project, which is then displayed with the current role in the Edit Grant window.

Change your current role using the drop-down menu. If you change your role to Local Study Support, you will also be prompted to select a corresponding Author group too. Confirm with the Save button.

This concludes the process to change access grants for a project n HD4DP v2.0 to another role.

Next step: Request Access Manager's approval of the changed access grants as described here.

Return to Table of contents

Return to the User Matrix (recommended)

Requesting approval of access grants change to the role of Local Study Lead, Local Study Associate or Local Study Support (for an author group "Author Group")

Preceding steps

Requesting approval of role change

To request approval of this role change you need to click on "n grant(s)" in the Grants column to open the Account: Manage grants screen. (See Adding access grants for the starting point of this step.)

Click on the Request approval button.

The Account state is updated in the Account Details section.

Return to the My Accounts page which now displays the Account State as Approval.

The Access Manager will be notified of your request via e-mail. You will have to wait now for the Access Manager to take action. This can take multiple hours. Upon confirmation the Account state will change to Approved.

Return to Table of contents

Return to the User Matrix (recommended)

Changing an author group of an EAM account

Preceding steps

Changing the author group

If you wish to change the author group for your role as Local Study Support you need to check first whether your account is still in Draft state. If this is not the case, you need to contact your Access Manager to have the author group changed.

If not, return to the Accounts: Manage grants page by selecting "n grants" in the Grants column and navigate to the list of Projects (below Account Details).

Select the Edit button of the relevant HD4DP2 project.

The Edit grant window shows the relevant Project with your role as Local Study Support and the current Author group.

Select the Author group field and change to another author group from the drop-down menu.

Click on the Save button.

This completes the process of changing an Author group linked to a specific EAM account.

Next step: Request Access Manager's approval of the access grants as described here.

Return to Table of contents

Return to the User Matrix (recommended)

Viewing own accounts

Preceding steps

Viewing own accounts for the different applications

Go to the Linked accounts section on your My Profile page to view your own accounts for the different applications.

Filtering accounts for HD4DP2

Click on the My Accounts tab. Then, press "CTRL+F" and search "HD4DP2" in order to find the accounts for the application HD4DP2 (highlighted).

Return to Table of contents

Return to the User Matrix (recommended)

This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!
Bart.Servaes Tue, 11/19/2024 - 14:28

Authenticated user actions for a project in Healthstat.be

Authenticated user actions for a project in Healthstat.be

Table of contents

Adding access grants with the role of Data provider/Hospital, Data Provider/Individual, Sponsor/Sponsor or Sponsor/Individual

Preceding steps

Adding access grants

At this point you can start the process of adding grants, i.e. determining roles and data level for a project in healthstat.be, adapting the EAM account status and requesting for approval by the Access Manager.

Select "0 grants" in the Grants column.

In the Account: Manage grants screen you add new grants to an account by clicking on the Add new Grant button.

In the Add a new grant pop-up window select the desired project and the role of Data Provider / Hospital, Data Provider / Individual, Sponsor or Sponsor / Individual.

When you return to the My accounts page, you will see that the accounts list has been updated with the selected grant:

This concludes the procedure to create an account with its corresponding role for a project in healthstat.be.

Next step: Request Access Manager's approval of the access grants as described here.

Return to Table of contents

Return to the User Matrix (recommended)

Request approval of access grants with the role of Data Provider/Hospital, Data Provider/Individual, Sponsor/Sponsor, Sponsor/Individual

Preceding steps

Requesting approval

To request approval of this account you need to click on "n grant(s)" in the Grants column to open the Account: Manage grants page. You either can add a new grant or request for approval. To do so, click on the Request approval button.

The Account State is updated to Approval in the Account Details section.

Upon returning to the My Accounts page you'll notice that the Account State has changed into Approval.

The Access Manager will be notified of your request via e-mail and prompted to take action. Upon confirmation the Account state will change to Approved.

Next step: Access Manager's approval of the access grants as described here.

Return to Table of contents

Return to the User Matrix (recommended)

Viewing own accounts

Preceding steps

Viewing own accounts for the different applications

Go to the Linked accounts section on your My Profile page to view your own accounts for the different applications.

Filtering accounts on Healthstat.be

Click on the My Accounts tab. Then, press "CTRL+F" and search "Healthstat" in order to see the accounts for the application Healthstat.be (highlighted).

Return to Table of contents

Return to the User Matrix (recommended)

This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!
Bart.Servaes Tue, 11/19/2024 - 14:28

Access Manager E2E Actions

Access Manager E2E Actions

Click here to learn more about the concept "Access Manager".

This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!
Bart.Servaes Tue, 11/19/2024 - 14:29

How to become an Access Manager

How to become an Access Manager

There are two ways to receive the status of Access Manager:

  • If there is no Access Manager known or created within the organization concerned, the person appointed within the organization needs to file a ticket with the support service of healthdata.be at the Jira Service Management (JSM) portal.
  • If an Authenticated User wants to become an Access Manager, this request should be directed to the Access Manager of the organization concerned. In case the Access Manager is not known to the Authenticated user, a ticket for this can be created with the support service of healthdata.be at the Jira Service Management (JSM) portal, who will then inform the Access Manager.

In case your organization is not defined in the EAM portal, create a ticket through the support service of healthdata.be at the Jira Service Management (JSM) portal to request the inclusion of your organization in the EAM portal

Return to the User Matrix

This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!
Bart.Servaes Thu, 11/27/2025 - 09:37

Access Manager actions using the EAM interface

Access Manager actions using the EAM interface

Table of contents

Adding an own EAM account

Initial step:

To log into our Entity Access Management system, you need to navigate to the https://eam.healthdata.be URL.

Logging in with itsme, eID

To log into the HD EAM Portal you need to click on the Login button on the top left of your screen.

Then select the Log in with eID button.

You will be redirected to the government's Federal Authentication Service (FAS), where you can log in with multiple digital keys with eID or digital identity.

If you choose to connect via itsme, you will need to enter your cell phone number.

Follow the instructions on your mobile device via the itsme application.

Once the itsme login procedure has been completed, confirm by clicking the green profile validation button ("Profiel bevestigen" or "Confirmer le profil") to log in into the HD EAM system (see image below).

NLFR

You are now directed to the profile page of an Access Manager which displays the data you have shared by eID, itsme or another digital key.

The Access Manager profile page

The main My Profile screen shows the Personal information of the Access Manager as well as the Linked accounts of this profile. You can sort this overview by Account, Email or State.

Attention:

The accounts listed in Linked accounts are the Access Manager's OWN accounts, NOT the accounts to be managed by an Access Manager.

With the release of EAM 3.1 the Organisations item was added to the Personal information section, indicating the organization(s) the Access Manager is affiliated with. In this way, users can be traced back and managed by the Access Manager more easily.

Creating an own account

Selecting one of the accounts in the Linked accounts window enables you to manage grants for your own accounts and to carry out several advanced actions.

Clicking your name and e-mail address on the top left of the screen toggles a toolbar with the tabs View profile, Edit profile, My Accounts and Log out.

Select the My Accounts tab if you want to create an account.

Click on the Add new Account button at the bottom to create and provision a new account.

To provision the account, you complete the Account e-mail address and select an Organisation/Application. Click on the Save button.

The created account is automatically added to the list of accounts.

It will also appear in the Linked accounts section of the profile page.

Return to Table of contents

Return to the User Matrix (recommended)

Adding an EAM account for another user

Preceding steps

Adding an EAM account for a another user

Click on Manage on the top left of the screen in order to reveal the EAM menu. Click on EAM Users.

Select the user you want to create an account for by clicking on first name, last name or SSIN.

Click on the Add new Account button.

To provision the account, you complete the Account e-mail address and select an Organisation/Application. Click on the Save button.

Upon returning to the User Details page you will see that the account has been added.

Next step: Request approval of the added EAM account here.

Return to Table of contents

Return to the User Matrix (recommended)

Requesting approval of an EAM account for another user

Preceding steps

Requesting approval of the newly added EAM account

Select "n grant(s)" in the Grants column in order to open the Account:Manage grants page.

Click on the Request approval button.

The Account State immediately changes to Approval.

Requesting approval and subsequent approval of an account without any grants doesn't provide access to registries in a given HD application.

Go here to approve the approval request of a newly added account without grants.

If you want to add grants before requesting approval of / approving the account, go here (HD4DP v2) or here (healthstat.be) for the relevant procedures.

Return to Table of contents

Return to the User Matrix (recommended)

Approving an EAM account approval request

Preceding steps

Approving an EAM account approval request

Click on Manage on the top left of the screen in order to reveal the EAM menu.

Select EAM Accounts followed by Approval.

Click on Approval to open the page with end-user accounts that are waiting to be approved:

There are two ways to approve these account approval requests:

  • Check the selection box of the relevant approval request and select the Approve action in the drop-down menu. Then, click on the Apply to selected item button to perform the action.
  • Click on the Edit button in the Operations column for the relevant account ...

... and subsequently on the Approve button in the Account: Manage grants screen.

The Account State changes to Approved.

After this, a fulfilment process will start to run in the background, resulting in an Account State change to Published.

Performing a push action

If this change does not take place within a reasonable amount of time - usually up to three hours - the account could be updated by means of a "push".

Therefore, return to the accounts overview screen.

First, check the Approved account that needs to be pushed (1). Then, open the Action drop-down menu and select the Update account (push) option (2). Finally, validate this action by clicking on the Apply to selected items button (3).

In case the push action does not trigger the expected result, you need to contact our Support service.

NOTE: Immediate approval of a draft status EAM account using the EAM interface

Starting from the User details on the My Accounts page, select the newly added account that is still in the Draft state.

Select "n grant(s)" in the Grants column.

Click on the Approve button, thereby bypassing the Request approval request.

The Account State changes to Approved as seen in the image below.

Also here, a fulfilment process will start to run in the background, finally resulting in an account state change to Published. If needed, a push action can be performed.

Return to Table of contents

Return to the User Matrix (recommended)

Creating a new user inside EAM manually

Preceding steps

Creating an EAM User manually

In case the Access Manager needs to upload just a few users, thereby not requiring the creation of a csv file for bulk upload, there is an option available to easily add new users to their own organization(s) and thus to the EAM system.

Click on Manage on the top left of the screen in order to reveal the EAM menu. Go to EAM Users and select Create user in the menu that pops up.

Fill out the requested information in the Create a new user screen.

Under Organisations on top of the screen you will find the organizations you, as an Access Manager, are currently managing. Select the organization for which you want to create a user by ticking the appropriate checkbox.

Furthermore, if you want to make this new user an Access Manager, you can activate the relevant setting.

Click on the Create button to submit the completed information. Next, when you return to the EAM Users overview via the EAM menu, you will see that the new user has been created and added to the list.

Return to Table of contents

Return to the User Matrix (recommended)

Adding an existing user to EAM and your organization manually

Preceding steps

Adding an existing user manually

In case a user already exists in the EAM system, but is not yet connected to the organization, the Access Manager is not able to see this user in the Users overview. This is, for example, the case if a user has logged into the system via eID or itsme, but has not created an account yet.

These users are skipped when the Access Manager carries out a user bulk upload, and an error message ("user already exists") will be returned by the system.

To add the existing user manually, click on Manage on the top left of the screen and then on EAM Users. Select Add existing user in the menu that pops up.

In the Add an existing user screen fill out the requested information.

Under Organisations on top of the screen you need to select the organisation you manage as an Access Manager.

Then you need to provide the Primary Email and/or the Social Security Information Number (SSIN) of the existing user. The primary e-mail address should be the one that has been provided by the user when creating an account.

Click on the Add button to submit. Upon returning to the EAM Users overview via the EAM menu, you will notice that the existing user has retrieved and added to the list.

Return to Table of contents

Return to the User Matrix (recommended)

Disabling an EAM account

Preceding steps

Disabling an EAM account

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Accounts.

Scroll down the displayed list of accounts and tick the selection box of the account(s) you want to disable. Go to the bottom of the page and click on the Action toggle button to select Disable account. Then, click on the Apply to selected items button.

Confirm with the Execute action button

This action triggers an email notification for the Authenticated User to inform about the account being disabled. The user is no longer able to login with the credentials at hand, and needs to contact the Access Manager to have the account enabled again.

Return to Table of contents

Return to the User Matrix (recommended)

Enabling an EAM account

Preceding steps

Enabling an EAM account

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Accounts.

Scroll down the displayed list of accounts and tick the selection box of the account(s) you want to enable. Go to the bottom of the page and click on the Action toggle button to select Enable Account.

To complete the action, you need to click on the Execute action button.

This action triggers an email being submitted to the Authenticated User with new credentials. All previously approved accesses will be restored.

Return to Table of contents

Return to the User Matrix (recommended)

Restoring an EAM account

Preceding steps

Restoring an EAM account

Sometimes the Access Manager disables an EAM account to perform corrective actions without the Authenticated User of that account being able to login to the account.

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Accounts.

Next, in the overview with the accounts of the Authenticated Users, click on the Edit button of the disabled account you wish to restore.

Next, to undo the Disabled state, you need to click on the Create New Draft button.

The Account State is restored to Draft, so that the Access Manager is able to carry out the necessary corrections on this EAM account.

After having restored the Draft status, the Access Manager first needs to request for approval by clicking on the Request approval button. The approval request needs then to be approved. Click here to learn how to do this.

Return to Table of contents

Return to the User Matrix (recommended)

Blocking / unblocking an EAM user

Preceding steps

Blocking an EAM user

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Users.

In the displayed overview you check the box of the user(s) that you want to block. Select "Block the selected users" in the drop-down menu below the users overview. Finally, click on the Apply to selected items button.

If the action was carried out succesfully, you will see that the blocked users have the status disabled.

Unblocking an EAM user

In order to restore the status of the users to Enabled, the Access Manager needs to check the relevant boxes in the EAM Users overview, select the Unblock the selected users action and confirm with the Apply to selected items button.

The status of the unblocked users will have reset to Enabled.

Return to Table of contents

Return to the User Matrix (recommended)

Promoting an Authenticated User to Access manager

Preceding steps

Promoting to Access Manager

Click on Manage on the top left of the screen in order to reveal the EAM menu. Click on EAM Users.

To promote a certain user to Access Manager, you need to select the relevant checkbox and go to the Action drop-down toggle at the bottom of the page.

Click on the toggle button and select Promote to Access Manager. Select Apply to selected items at the bottom right of the screen to perform the change of the user type to Access Manager.

In case the Authenticated User is associated with multiple organizations, you need to select the one for which the user needs to be promoted to Access manager and confirm as appropriate.

The change is published in the users overview.

Return to Table of contents

Return to the User Matrix (recommended)

Demoting an Access Manager to Authenticated user

Preceding steps

Demoting to Authenticated User

Click on Manage on the top left of the screen in order to reveal the EAM menu. Click on EAM Users.

To demote an Access Manager (to user type of Authenticated User), you need to select the relevant checkbox in the displayed list and go to the Action drop-down toggle at the bottom of the page.

Click on the toggle button and select Demote Access Manager. Select Apply to selected items at the bottom right of the screen to perform the change of the user type to Access Manager.

On the security query screen you click on the Execute action button to perform the change.

The change is published in the users overview.

Return to Table of contents

Return to the User Matrix (recommended)

Viewing all users within the own organization(s)

Preceding steps

Viewing all users within own organization(s)

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Users.

The page shown displays an overview of all users for the organization(s) that are within the scope of the Access Manager.

To support the Access Managers in their tasks, the Users overview has been improved on following aspects:

  • the EAM Users overview can be sorted by First name, Last name, Primary email, SSIN, EAM role and Status;
  • the EAM Users overview can be exported as a csv format file;

Return to Table of contents

Return to the User Matrix (recommended)

This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!
Bart.Servaes Fri, 11/22/2024 - 10:54

Access Manager actions using CSV Upload

Access Manager actions using CSV Upload

Table of contents

Creating EAM Users (own orgs)

Video available here

Full tutorial available here

Preceding steps

Creating EAM Users via bulk upload

Click on Manage on the top left of the screen in order to reveal the EAM menu. Click on EAM Users and then Bulk upload.

On the Users Batch Creation page, select a valid .csv file on your system to upload.

If you don't have a valid file available, use the following example file:

hd_eam_users_bulk_upload_example-file Download

Use the schema file to validate the csv example file:

hd_eam_users_schema fileDownload

ATTENTION:

User roles and corresponding values

To complete the value for the field “role”, 2 different variables are possible:

  • access_manager
  • default

Additional tips:

  • If the user already exists, the line will be skipped.
  • Avoid using Excel as this can lead to unwanted formatting.
  • First_name and Last_name need to be capitalized.
  • Make sure that you have placed the quotation marks correctly. If the values have no comma, you can also leave out quotes.

Abbreviations used in csv bulk upload files

  • ssin: Social Security Identification Number - Numéro d’identification de la sécurité sociale (NISS) - IdentificatieNummer Sociale Zekerheid (INSZ)
  • org_nihdi: National Institute for Health and Disability Insurance number of your organization (RIZIV/INAMI number)
  • nihdi: your personal National Institute for Health and Disability Insurance number (RIZIV/INAMI number)
  • app: application such as HD4DP, Healthstat
  • project_code: code of the healthdata.be Business Project, e.g. HDBP0001 for Belgian Cystic Fibrosis Registry (BCFR)

Now, run the batch creation by clicking on the corresponding button.

Return to the EAM users overview page to verify the bulk uploaded user list.

Attention:

Sometimes users that are uploaded in bulk are being skipped. Investigation of the relevant error message reveals that "the user already exists". The Access Manager can now choose to add these existing users manually.

Click here for the description of this process.

Return to Table of contents

Return to the User Matrix (recommended)

Creating EAM accounts and adding grants via bulk upload

Full tutorial available here

Preceding steps

Creating EAM accounts via bulk upload

Click on Manage on the top left of the screen in order to reveal the EAM menu. Click on EAM Accounts and then Bulk upload.

On the Accounts Batch Creation page, select a valid .csv file on your system to upload.

If you don't have a valid file available, use the following example file:

hd_eam_accounts_bulk_upload_example fileDownload

Use the schema file to validate the csv:

hd_eam_accounts_schema fileDownload

ATTENTION:

User roles and corresponding values

To complete the value for the “role” field for HD4DP2, 3 different variables are possible:

  • "1" = Local Study Lead
  • "2" = Local Study Associate
  • "3" = Local Study Support

Make sure to use "hd4dp2" as value for the "app" field, since roles "1", "2", and "3" are typical roles for the HD4DP2 data collection application.

To complete the value for the “role” field for Healthstat.be, 4 different variables are possible:

  • DATA_PROVIDER_HOSPITAL = Data Provider/Hospital
  • DATA_PROVIDER_INDIVIDUAL = Data Provider/Individual
  • SPONSOR_SPONSOR = Sponsor/Sponsor
  • SPONSOR_INDIVIDUAL = Sponsor/Individual

Make sure to use "healthstat" as value for the "app" field, since roles "Data Provider" and "Sponsor" combined with data levels "Hospital" and "Individual" are typical for the Healthstat.be data reporting and visualization application.

Additional csv bulk upload tips

  • When the "role" field has value "1" or "2", the "authorgroup" field should be left empty. Pay attention to this when changing "role" field from value "3" to "1" or "2".
  • When adding a user to role "3", the author group needs to be defined and needs to exist, or the line will be skipped. To guarantee a successful bulk upload of an extensive csv file, you want to place the accounts with role 3 at the end of the list to be uploaded. The accounts with role "1" and "2" are imported first, and thus prefilling the author group list with First_name and Last_name prior to importing the accounts with role "3".
  • First_name and Last_name need to be capitalized.
  • When adding more than one project code, use pipes to separate the codes.
  • If the user does not exist, the line will be skipped.
  • Avoid using Excel as this can lead to unwanted formatting of the csv file.
  • Make sure that you have placed the quotes correctly. If the values have no comma, you can also leave out quotes.

Abbreviations used in csv bulk upload files

  • ssin: Social Security Identification Number - Numéro d’identification de la sécurité sociale (NISS) - IdentificatieNummer Sociale Zekerheid (INSZ)
  • org_nihdi: National Institute for Health and Disability Insurance number of your organization (RIZIV/INAMI number)
  • nihdi: your personal National Institute for Health and Disability Insurance number (RIZIV/INAMI number)
  • app: application such as HD4DP, Healthstat
  • project_code: code of the healthdata.be Business Project, e.g. HDBP0001 for Belgian Cystic Fibrosis Registry (BCFR)

Next, make a selection in the Approval State menu shown below.

  • Create as awaiting approval: With this option the accounts will receive the status Approval and will be set ready for the Access Manager to be Approved. Go to next step for approval of the access grants.
  • Create as pre-approved: With this option the accounts will receive the status Approved and will be uploaded directly without further input from the Access Manager (e.g. confidence in content quality is very high)

Finally, run the batch creation by clicking on the corresponding button.

Return to Table of contents

Return to the User Matrix (recommended)

Exporting EAM Users in batch

Preceding steps

Export EAM users in batch

With the release of EAM version 3.1 you will be able to export the users in the overview by clicking on the CSV Export Users button on the top right of the screen.

The list will be downloaded in .csv format, including following headers: ssin, email, org_nihdi, app, project_code,role, authorgroup. This format and structure allow for editing of the user information and reupload.

Return to Table of contents

Return to the User Matrix (recommended)

Exporting EAM Accounts in batch

Preceding steps

Export EAM users in batch

With the release of EAM version 3.1 you will be able to export the accounts in the overview by clicking on the CSV Export Accounts button on the top right of the screen.

The list will be downloaded in .csv format straight to your selected device, including following headers: ssin, email, org_nihdi, app,project_code, role, authorgroup.

Return to Table of contents

Return to the User Matrix (recommended)

This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!
Bart.Servaes Fri, 11/22/2024 - 11:00

Access Manager actions for a project in HD4DP2 using the EAM interface

Access Manager actions for a project in HD4DP2 using the EAM interface

Table of contents

Adding access grants with the role of Local Study Lead, Local Study Associate or Local Study Support (for an author group "Author Group")

Preceding steps

Provisioning a new EAM account and adding grants for HD4DP2

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Users.

Select a user from the displayed overview for whom you want to create an account with provisioning and addition of grants. To do so, click on the corresponding First name, Last name or SSIN.

ATTENTION: Authenticated Users that do not yet appear in the list have either to register via the FAS service and create an account (Authenticated User action) or have to be added via Bulk upload (Access Manager action) first.

Select the Add new Account button in the displayed My Accounts page.

Complete the fields in the Add a new account pop-up window and click on the Save button to add the completed account.

To add the grants, select "n grant(s)" for the desired account.

Click on the Add new Grant button.

Select the desired project and the role of Local Study Lead, Local Study Associate or Local Study Support in the Add a new grant pop-up window.

When selecting Local Study Support, you also need to select an Author group. Confirm with the Save button.

Upon returning to the Account: Manage grants page you will notice that the grant is added to your account, which is still in the Draft state.

Next step: Go here to request approval of the access grants added to the account.

Return to Table of contents

Return to the User Matrix (recommended)

Requesting approval of access grants with the role of Local Study Lead, Local Study Associate or Local Study Support (for an author group "Author Group")

Preceding steps

Requesting EAM account approval

Next step is to request approval of the newly added account with grants, thus enabling the Authenticated User to access the specified project(s) in a given application (HD4DP2, Healthstat.be ...).

Click on the Request approval button.

The status immediately changes to Approval.

The Access Manager will be notified of your request via e-mail. The Access Manager will then need to take the appropriate action. This can take multiple hours. Upon confirmation the Account state will change to Approved.

Next step: Access Manager's approval of the access grants as described here.

Return to Table of contents

Return to the User Matrix (recommended)

Approving access grants with the role of Local Study Lead, Local Study Associate or Local Study Support (for an author group "Author Group" (own orgs)

Video available here

Preceding steps

Approving an EAM account approval request

Click on Manage on the top left of the screen in order to reveal the EAM menu.

Select EAM Accounts followed by Approval.

Click on Approval to open the page with end-user accounts that are waiting to be approved:

There are two ways to approve these account approval requests:

  • Check the selection box of the relevant approval request and select the Approve action in the drop-down menu. Then, click on the Apply to selected item button to perform the action.
  • Click on the Edit button in the Operations column for the relevant account ...

... and subsequently on the Approve button in the Account: Manage grants screen.

The Account State changes to Approved.

After this, a fulfilment process will start to run in the background, resulting in an Account State change to Published.

Performing a push action

If this change does not take place within a reasonable amount of time - usually up to three hours - the account could be updated by means of a "push".

Therefore, return to the accounts overview screen.

First, check the Approved account that needs to be pushed (1). Then, open the Action drop-down menu and select the Update account (push) option (2). Finally, validate this action by clicking on the Apply to selected items button (3).

In case the push action does not trigger the expected result, you need to contact our Support service.

Return to Table of contents

Return to the User Matrix (recommended)

Disabling an EAM account (own orgs)

Preceding steps

Disabling an EAM account

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Accounts.

Scroll down the displayed list of accounts and tick the selection box of the account(s) you want to disable. Go to the bottom of the page and click on the Action toggle button to select Disable account. Then, click on the Apply to selected items button.

Confirm with the Execute action button

This action triggers an email notification for the Authenticated User to inform about the account being disabled. The user is no longer able to login with the credentials at hand, and needs to contact the Access Manager to have the account enabled again.

Return to Table of contents

Return to the User Matrix (recommended)

Resetting a password of an EAM account

Video available here

Preceding steps

Resetting the password of an EAM account

Click on Manage on the top left of the screen to reveal the EAM menu. Select EAM Accounts.

Scroll down the overview with the accounts and tick the selection box of the account(s) for which you want to reset the password.

Go to the bottom of the page and click on the Action toggle button to select Reset password.

To complete the action, you need to click on the Execute action button.

This action triggers an e-mail to the end-user containing the new credentials.

Return to Table of contents

Return to the User Matrix (recommended)

Changing access grants to the role of Local Study Lead, Local Study Associate or Local Study Support (for an author group "Author Group")

Preceding steps

Changing access grants

Click on Manage on the top left of the screen to reveal the EAM menu. Select EAM Accounts.

Select an account for a project in an application for which the role, author group (HD4DP2) or data/level (healthstat.be) need to be changed.

When you have set up a new account, it will have the draft state, which allows for adding and editing grants.

However, in the following four scenarios you need to make sure that the account state is set to Draft first before you can start to edit the grants (project, role).

  • When the account is in the Published state, do the following:

Go to the EAM: Accounts overview and click on the Edit button next to Published.

In the Account: Manage grants screen you select the Create New Draft button.

The Account State will be set to Draft.

  • When the account is in the Disabled state, do the following:

Go to the EAM: Accounts overview and click on the Edit button next to Published.

In the Account: Manage grants screen you select the Create New Draft button.

The Account State will be set to Draft.

  • When the account is in the Approved state, do the following:

Go to the EAM: Accounts overview and click on the Edit button next to Disabled.

In the Account: Manage grants screen you select the Disable button.

Select the Create New Draft button.

The Account State will be set to Draft.

  • When the account is in the Approval state, do the following:

Go to the EAM: Accounts overview, select the Approval tab and click on the Edit button next to Approval.

In the Manage grants screen you select the Disable button.

Select the Create New Draft button.

The Account State will be set to Draft.

When the account state is finally set to Draft, click on the Edit button for the project and role you wish to change.

Change the set role to the desired one. Below an example for the HD4DP2 application.

When changing role to Local Study Support (HD4DP2), you also need to select an Author group.

Confirm with the Save button. When returning to the Account: Manage grants page you will notice that the grant is added to your account. This will still be in the Draft state.

You have now changed the access grants for a project in HD4DP2 with the role of Local Study Lead, Local Study Associate or Local Study Support (for an author group).

Next step: Request for approval of the access grants change as described here.

Return to Table of contents

Return to the User Matrix (recommended)

Requesting access grants change approval to the role of Local Study Lead, Local Study Associate or Local Study Support (for an author group "Author Group")

Preceding steps

Requesting for approval of changed access grants

To request for approval of the access grants change for a project in an application, you need to click on the Request approval button.

The Account State changes to Approval.

The updated state is also visible in the accounts overview.

Next step: The Access Manager approves the access grants change approval request as described here.

Return to Table of contents

Return to the User Matrix (recommended)

Approving access grants change to the role of Local Study Lead, Local Study Associate or Local Study Support (for an author group "Author Group"

Video available here

Preceding steps

Approving the change of access grants

To approve the modified access grants, click again on the relevant Edit button in order to return to the Account: Manage grants page.

Now, click the Approve button.

The Account State immediately changes to Approved, which will also be visible in the EAM accounts overview.

Return to Table of contents

Return to the User Matrix (recommended)

Removing access grants from an EAM account

Preceding steps

Removing access grants

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Accounts.

Next, select an account for which you want to remove the grants (HD4DP2 project and role).

When you have set up a new account, it will display the draft state, which allows for adding and editing grants.

However, in the following four scenarios you need to make sure that the account state is set to Draft first before you can start to edit Project/Role (Grant).

  • When the account is in the Published state, do the following:

Go to the EAM: Accounts overview and click on the Edit button next to Published.

In the Manage grants screen you select the Create New Draft button.

The Account State will be set to Draft.

  • When the account is in the Disabled state, proceed as follows:

Go to the EAM: Accounts overview and click on the Edit button next to Published.

In the Manage grants screen you select the Create New Draft button.

The Account State will be set to Draft.

  • When the account is in the Approved state, do the following:

Go to the EAM: Accounts overview and click on the Edit button next to Disabled.

In the Manage grants screen you select the Disable button.

Select the Create New Draft button.

The Account State will be set to Draft.

  • When the account is in the Approval state, do the following:

Go to the EAM: Accounts overview, select the Approval tab and click on the Edit button next to Approval.

In the Manage grants screen you select the Disable button.

Select the Create New Draft button.

The Account State will be set to Draft.

When the Account State is finally set to Draft, click on the toggle of the Edit button for the grant (HD4DP2 project and role) you want to remove.

Click on the Remove option to remove the relevant grant from the EAM account.

Return to Table of contents

Return to the User Matrix (recommended)

Changing the author group (Local Study Support)

Preceding steps

Changing the author group

Click on Manage on the top left of the screen to reveal the EAM menu. Select EAM Accounts.

Select an account for a project in HD4DP2 with role Local Study Support from the displayed overview for which you want to change the author group.

First, make sure that the account state is Draft or Published. Editing grants, such as changing an author group, is not possible when the selected account is in the Approval or Approved state. Go here to learn how to reset your account back to the Draft state.

When the Account State is finally set to Draft, click on the Edit button for a project in HD4DP2 for which you wish to change the author group. Next, select the Edit button for the project and role you want to change.

In the Edit Grant window, select another author group from the drop-down list.

The Author group change is confirmed and shown on the Account: Manage grants page.

Return to Table of contents

Return to the User Matrix (recommended)

Viewing all accounts of all users within the own organization(s)

Preceding steps

Viewing all accounts of all users for the different applications

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Accounts.

You will now see an overview of all accounts of all users within the organization(s) for the different applications, including the grants.

Attention

From EAM version 3.1 onward the grants on the Accounts overview page will be shown collapsed by default, if an account has more than 1 grant. For example:

Filtering accounts on HD4DP2

Use "CTRL+F" and enter "HD4DP2" in order to find the accounts for the application HD4DP2.

Return to Table of contents

Return to the User Matrix (recommended)

Viewing the accounts for own projects

Preceding steps

Viewing own accounts for the different applications

Go to the Linked accounts section on your My profile page to view the own accounts for the different applications.

This image has an empty alt attribute

Filtering accounts on HD4DP2

Use "CTRL+F" and type "HD4DP2" in order to find the accounts for the application HD4DP2.

Return to Table of contents

Return to the User Matrix (recommended)

This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!
Bart.Servaes Fri, 11/22/2024 - 14:16

Access Manager actions for a project in Healthstat.be using the EAM interface

Access Manager actions for a project in Healthstat.be using the EAM interface

Table of contents

Adding access grants with the role of Data Provider/Hospital, Data Provider/Individual, Sponsor/Sponsor or Sponsor/Individual

Preceding steps

Provisioning a new EAM account and adding grants for Healthstat.be

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Users.

Select a user from the displayed overview for whom you want to create an account with provisioning and addition of grants. To do so, click on the corresponding First name, Last name or SSIN.

ATTENTION: Authenticated Users that not yet appear in the list have either to register via the FAS service and create an account (Authenticated User action) or have to be added via Bulk upload (Access Manager action) first.

Select the Add new Account button in the displayed My Accounts page.

In the Add a new account pop-up window you fill out a valid e-mail address and select the provision (Organization/Application) from the drop-down list. Click on the Save button to add the completed account.

To add the grants, select "n grant(s)" for the desired account.

Click on the Add new Grant button.

Select the desired Project and the Role / Data level that apply to your situation. Click on the Save button.

Upon returning to the Account: Manage grants page you will notice that the grant is added to your account, which is still in the Draft state.

Next step: Request Access Manager's approval of the access grants as described here.

Return to Table of contents

Return to the User Matrix (recommended)

Requesting approval of access grants with the role of Data Provider/Hospital, Data Provider/Individual, Sponsor/Sponsor or Sponsor/Individual

Preceding steps

Requesting EAM account approval

Next step is to request approval of the newly added account with grants, thus enabling the Authenticated User to access the specified project(s) in a given application (HD4DP2, Healthstat.be ...).

Click on the Request approval button.

The status immediately changes to Approval.

The Access Manager will be notified of your request via e-mail. The Access Manager will then need to take the appropriate action. This can take multiple hours. Upon confirmation the Account state will change to Approved.

Next step: Access Manager's approval of the access grants as described here.

Return to Table of contents

Return to the User Matrix (recommended)

Approving access grants with the role of Data Provider/Hospital, Data Provider/Individual, Sponsor/Sponsor, Sponsor/Individual

Preceding steps

Approving an EAM account approval request

Click on Manage on the top left of the screen in order to reveal the EAM menu.

Select EAM Accounts followed by Approval.

Click on Approval to open the page with end-user accounts that are waiting to be approved:

There are two ways to approve these account approval requests:

  • Check the selection box of the relevant approval request and select the Approve action in the drop-down menu. Then, click on the Apply to selected item button to perform the action.
  • Click on the Edit button in the Operations column for the relevant account ...

... and subsequently on the Approve button in the Account: Manage grants screen.

The Account State changes to Approved.

After this, a fulfilment process will start to run in the background, resulting in an Account State change to Published.

Performing a push action

If this change does not take place within a reasonable amount of time - usually up to three hours - the account could be updated by means of a "push".

Therefore, return to the accounts overview screen.

First, check the Approved account that needs to be pushed (1). Then, open the Action drop-down menu and select the Update account (push) option (2). Finally, validate this action by clicking on the Apply to selected items button (3).

In case the push action does not trigger the expected result, you need to contact our Support service.

Return to Table of contents

Return to the User Matrix (recommended)

Disabling an EAM account

Preceding steps

Disabling an account

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Accounts.

Scroll down the displayed list of accounts and tick the selection box of the account(s) you want to disable. Go to the bottom of the page and click on the Action toggle button to select Disable account. Then, click on the Apply to selected items button.

Confirm with the Execute action button.

This action triggers an e-mail to the Authenticated User to inform about the account being disabled: the user can't log in with the given credentials.

Return to Table of contents

Return to the User Matrix (recommended)

Restoring an EAM account

Preceding steps

From here similar to the process as for HD4DP2

Restoring an EAM account

Sometimes the Access Manager disables an EAM account to perform corrective actions without the Authenticated User of that account being able to login to the account.

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Accounts.

Next, in the overview with the accounts of the Authenticated Users, click on the Edit button of the disabled account you wish to restore.

Next, to undo the Disabled state, you need to click on the Create New Draft button.

The Account State is restored to Draft, so that the Access Manager is able to carry out the necessary corrections on this EAM account.

After having restored the Draft status, the Access Manager first needs to request for approval by clicking on the Request approval button. The approval request needs then to be approved. Click here to learn how to do this.

Return to Table of contents

Return to the User Matrix (recommended)

Resetting the password of an EAM account

Preceding steps

From here similar to the process as for HD4DP2

Resetting the password of an EAM account

Click on Manage on the top left of the screen to reveal the EAM menu. Select EAM Accounts.

Scroll down the overview with the accounts and tick the selection box of the account(s) for which you want to reset the password.

Go to the bottom of the page and click on the Action toggle button to select Reset password.

To complete the action, you need to click on the Execute action button.

This action triggers an e-mail to the end-user containing the new credentials.

Return to Table of contents

Return to the User Matrix (recommended)

Viewing all accounts of all users within the own organization

Preceding steps

Viewing all accounts of all users for the different applications

Click on Manage on the top left of the screen in order to reveal the EAM menu. Select EAM Accounts.

You will now see an overview of all accounts of all users within the organization(s) for the different applications, including the grants.

Attention

From EAM version 3.1 onward the grants on the Accounts overview page will be shown collapsed by default, if an account has more than 1 grant. For example:

Filtering accounts for Healthstat.be

Use "CTRL+F" and type "Healthstat" in order to search the EAM accounts for projects in the application healthstat.be.

Return to Table of contents

Return to the User Matrix (recommended)

Viewing the accounts for own projects

Preceding steps

Viewing own accounts for the different applications

Go to the Linked accounts section on your My profile page to view the own accounts for the different applications.

This image has an empty alt attribute

Filtering accounts for healthstat.be

Use "CTRL+F" and type "Healthstat" in order to search the EAM accounts for projects in the application healthstat.be.

Return to Table of contents

Return to the User Matrix (recommended)

This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!
Bart.Servaes Sat, 11/23/2024 - 19:41

User roles

User roles Bart.Servaes Sun, 05/26/2024 - 00:58

User roles in HD4DP v2

User roles in HD4DP v2

Each healthcare organization has at least one Access Manager who oversees the access rights to the applications of their own organization and manages them in the HD Entity Access Management (EAM) system. In this process, access requests by healthcare organization’s employees are analyzed and validated if legitimized. The scope of the accesses granted to HD4DP2 may differ, which is reflected in various user roles. Based on access rights, the following three user roles can be distinguished:

Local Study Lead (author):

The Local Study Lead can:  

  • edit and review all peer registrations (regardless of role) for the study or project;
  • make registrations in HD4DP v2.

This role might be, but should not be limited to, the individual responsible for the study or project within the participating healthcare institution.

Local Study Associate (author):

The Local Study Associate can: 

  • edit and review their own registrations, not those of other colleagues from the same healthcare organisation participating in the same study or project. The indicated registrations are limited to the patients treated by the Local Study Associate;
  • make registrations in HD4DP v2.

The Local Study Associate is a healthcare provider participating in the study or project. This is reflected in the registration form.

Local Study Support (co-author):

The Local Study Support can: 

  • edit and review registrations belonging to the author group they are linked to;
  • make registrations in HD4DP v2.

A Local Study Associate and Local Study Lead can delegate registration tasks to a Local Study Support. This might be, but should not be limited to, an administrative assistant or staff from a medical coding department. The Local Study Associate and Local Study Lead are still considered as the author of the registration; the Local Study Support is considered as the co-author. The Local Study Associate and Local Study Lead can view and modify Local Study Support entries.

The scope of the access rights is to prevent users of HD4DP v2 from seeing personal and sensitive information from individuals with whom they do not have a therapeutic relationship. The access rights therefore do not necessarily reflect the hierarchy within the healthcare organization. The healthcare organisation staff can consult their Data Protection Officer (DPO) for more in depth information concerning these access rights. It is up to the Access manager to approve or change roles from/to Local Study Lead, Local Study Associate and Local Study Support. These requests are carried out in the EAM system by the Access managers of each healthcare organization.

Remarks:

  • The scope of the access rights does not necessarily reflect the hierarchy within your healthcare organisation.
  • It is up to the Access manager to change roles from/to Local Study Lead, Local Study Associate and Local Study Support. These requests are carried out in the EAM system.
Bart.Servaes Fri, 06/14/2024 - 10:50

User roles in healthstat.be

User roles in healthstat.be

Each healthcare organization has at least one Access Manager who is managing the access rights to the applications of the own organization and is doing so in the HD Entity Access Management (EAM) system. In this process, access requests by healthcare organization employees are analyzed and validated if legitimized. The scope of the accesses granted to healtstat.be may differ, which is reflected in various combinations of user roles and data levels.

Two user roles can be distinguished: Data Provider, which is a user linked to an existing organization, and Sponsor, being the sponsor/coordinator of the data collection. Both are allowed to view reports based on data level. There are two data levels that determine the scope of visibility of the reports: Hospital, i.e. consulted reports contain all data registered by hospital staff, Individual, i.e. consulted reports contain only data that have been registered by that very user.

Data Provider / Hospital:

The Data Provider / Hospital profile can:  

  • consult reports of a specific data collection that contain data from the concerned hospital

Data Provider / Individual:

The Data Provider / Individual profile can: 

  • consult reports of a specific data collection that only contain data that have been personally registered

Sponsor / Sponsor:

The Sponsor / Sponsor profile can:

  • consult all reports that contain data collected at hospital level

Sponsor / Individual:

The Sponsor / Individual profile can: 

  • consult all reports that only contain data that have been personally registered

Remarks:

  • It is up to the Access manager to change roles from or to Data Provider / Hospital, Data Provider / Individual, Sponsor / Sponsor and Sponsor / Individual. These actions are to be performed in the EAM system.
This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!
Bart.Servaes Sun, 05/26/2024 - 01:00

Video tutorials

Video tutorials Bart.Servaes Sun, 05/26/2024 - 01:00

Full tutorials

Full tutorials
  • Tutorial 1: How to receive credentials as an Authenticated User
Receiving Authenticated User credentialsDownload
  • Tutorial 2: How to create users and their corresponding accounts via a bulk csv upload
Creating users and accounts via bulk upload Download
  • Tutorial 3: How to add new grants and how to edit existing grants
Adding new grants and editing existing grantsDownload

  • Tutorial 4: Demo of latest EAM features and functionalities (June 2024)
Demo latest EAM features and functionalitiesDownload
Bart.Servaes Thu, 06/20/2024 - 15:38

Glossary of EAM concepts

Glossary of EAM concepts

Underpinning the new HD Entity Access Management system, short "EAM", is an architecture purpose-built to give the control of users back into the hands of Access Managers, ensuring an end-to-end management of the lifecycle of a user in the system.

The EAM architecture

The new architecture and its underlying processes bring along some new concepts. We have listed them for you below, supplemented with familiar concepts.

Access Manager

An Access Manager is an Authenticated User having additional Access Manager rights within the EAM system. These rights are granted by healthdata.be to the first Access Manager of a certain Organization. Any additional access managers are to be appointed by the Organization and rights are to be granted by the existing Access Manager of that Organization.

An Access Manager validates and manages user accounts within the Entity Access Management system, approves and manages the accesses of these EAM users to different applications for any available projects, and has the power to create EAM users and EAM accounts by means of csv bulk upload.

Indication of roles - the standard Authenticated User role is not explicitly mentioned

Account (EAM account)

An account in EAM is a combination of an e-mail address and a provision completed with a set of rights (access grants) giving access to a certain registry. An account thus links EAM user to the desired registry within an application.

A user can have more than one account, each with a different e-mail address, e.g. when working in different healthcare organizations (HCOs), and each with another provision.

Account state

The below overview shows the different states of an EAM account throughout the workflow.

The Label column mentions the name of the action button available for the Authenticated User and/or Access Manager in the relevant GUI screens. (Only Create New Draft and Request approval actions are available for an Authenticated User.)

Admin

The Admin or administrator is part of the healthdata.be staff and has all permissions and functionalities within the EAM system. This user type should be used sparingly and only for highly technical or emergency purposes.

Authenticated User

An Authenticated User is a person who is logged in to the HD EAM system via itsme or eID and has a user profile based on First name, Last name and NISS code shared when logging in via the Federal Authentication Service (FAS). An Authenticated User is able to access the EAM application, create accounts and request access grants for projects in applications such as HD4DP2 and healthstat.be. He or she also has access to the own account information in case changes are necessary.

Author group

An Author Group is a group of users with equal editing and reviewing rights to a registration in a certain application of the organisation. The Author Group creation is based on First_name Last_name of the user requesting access. It is thereafter managed in the HD Entity Access Management (EAM) system.

For the HD4DP2 application the Author Group field is automatically populated for user roles 1 (Study Lead) and 2 (Study Associate). The Author Group for role 3 (Study Support) needs to be selected from the relevant drop-down list.

FAS

The Federal Authentication Service (FAS) is a system that authenticates individuals to grant them access to secure online government applications. It ensures the genuineness of users before allowing them to use protected government services in Belgium.

Grants (Access grants)

Grants define a user's access to a registry in an certain application with a specific role. They are added to a provisioned EAM account and need to be approved by the Access Manager of the relevant organization. E.g.:

Pip Lup has access to HDBP0025 in HD4DP2 as Local Study Support with Author Group ACC group

Legacy requests

The Legacy requests tab retrieves the information shown under the "Requests overview" within the previous EAM version (2.7). The purpose of this overview is to follow-up on pending requests after migration to EAM 3.0.

Legacy requests in EAM
Requests overview in former EAM 2.7

Manager (HD Manager)

The Manager is a user type in EAM performed by healthdata.be Service Desk staff. Compared to an Access Manager the manager profile has more extensive rights for advanced actions, without the emergency functionalities of an Administrator.

Messages (log)

Messages are created whenever actions are performed on EAM account level, e.g. password reset, request of account approval, approving of grants etc. A message is the representation of something we send to or receive from Service bus. The messages will be logged within EAM for history purposes.

Organization

In full: Healthcare Organization (HCO). A list of all organizations including Name, NIHDI number and the respective list of Access Managers is managed by the HD Manager. An organization that is not active anymore, will receive the status Disabled, without being deleted from the EAM system.

Provision

The provision is the deployment of a certain Application to a certain Organization along with any specific parameters providing extra information on the deployment.

Service Bus

Is a communication layer between our EAM portal and the installations at the DP's side. Whereas the former EAM system mainly managed access requests, it now focusses on complete User management incl. access requests, account creating, feedback loop ... aiming at faster user onboarding, a better user experience and less manual intervention by Support / DevOps.

User (EAM user)

The user is the main entity within the EAM system. Once the user's profile, containing basic information such as Username, Primary e-mail address, First name, Last name, SSIN and professional NIHDI code, has been validated, the user has access to EAM, ready to interact. EAM offers the possibility to add more than one NIHDI code. Each user can be linked to more than one Account.

User matrix

In general, a user matrix is a structured way to organize information about users and their action radius. We have used the user matrix as a starting point of our documentation of the new Entity Access Management system: a cross-table of the different functionalities of the user types Authenticated User and Access Manager. From here, you can reach the exact information.

User roles

User roles determine your access rights in HD applications such as HD4DP2 or healthstat.be for the desired project. The role hierarchy do not necessarily correspond to the staff structure within your organization. More on User roles in HD4DP2 can be found here. The user roles in healhtstat.be are documented here.

User types

User types determine the level of managing rights you have within the EAM system:

  • Authenticated user
  • Validated user (see below)
  • Access manager
  • (HD) Manager
  • Administrator

Different from User roles which are typical for HD applications.

Validated user

User type. After migration of your healthcare organisation to the current EAM system, the Access Manager might notice the user type of Validated user in the Role(s) column on the EAM Users overview page.

The label "Validated user" is a remnant of EAM version 2.7 where it meant to indicate that a user's profile had been completed and validated by the Access Manager. This migrated user type corresponds to the Authenticated user type in the current EAM system. As such, "Validated user" is not an active role in the current system, nor does it influence the functionality thereof.

This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!
Bart.Servaes Sat, 11/23/2024 - 20:23

Frequently Asked Questions

Frequently Asked Questions
  • Can an Access Manager see the other Access Managers within the own organization?
    • Yes. When an Access manager consults the list of EAM Users via the EAM menu at the top-left of the screen, the exact role of the users will be displayed in the column Role(s). Access Managers will have the role "Access manager". If no role is mentioned, you can consider the relevant user to be an Authenticated User.
Bart.Servaes Thu, 09/26/2024 - 11:59

Support service of healthdata.be

Support service of healthdata.be

The Service Desk of healthdata.be (Sciensano) helps users of our applications and services and deals with requests and incidents.

The Service Desk focuses on those services run by our IT Services (HD4DP, HD4RES, healthstat.be,...) and helps you with accounts and passwords. For questions about the content and objective(s) of the projects, we kindly refer users to the managing research organizations.

For most efficient processing of your request, we advise you to use our service portal: Jira Service management (JSM) portal.

Please find below our support window hours:

Bart.Servaes Wed, 08/07/2024 - 21:44

How to report an incident

How to report an incident

The healthdata.be service (Sciensano) processes each incident report according to a Standard Operating Procedure (SOP). A public version of this SOP "HD Incident Management Process" is also available on this portal docs.healthdata.be.

To submit an incident related to registries and applications in production and facilitated or managed by Sciensano's healthdata.be service, you must first log into the HD Service and Support portal: Jira Service Management (JSM) portal.

More info concerning how to request an account is available here.

After the login step, you will arrive at the main page of the portal

To create a ticket click on "Create a Support ticket"' on the main page.

This image has an empty alt attribute

You will see the page below. Once you have filled in all the mandatory fields, click on "Send".

This image has an empty alt attribute
Bart.Servaes Sun, 05/26/2024 - 01:35

Submit a request for information about HD

Submit a request for information about HD

To suggest improvement about the healthdata.be platform, you first need to log in to the HD Service and Support portal: Jira Service Management (JSM) portal.

More info concerning how to request an account is available here.

After the login step, you will arrive at the main page of the portal.

If you have questions, remarks or if you would like to submit a complaint, you can do so by clicking on the "Suggest improvement" button on the main page of the Jira Service Management portal.

This image has an empty alt attribute

On this page you need to fill in all the mandatory fields and click on "Send".

This image has an empty alt attribute
Bart.Servaes Sun, 05/26/2024 - 01:35

Email security policy

Email security policy

WHAT IS THE PROBLEM?

Sciensano blocks e-mails from organizations if the configuration of their e-mail and/or DNS services allow potential abuse by spammers/attackers. More specifically, if the configuration enables other senders to impersonate your organization by allowing them to mimic your organization’s e-mail “Header From”.

In other words, they can send phishing and spam mails that cannot be distinguished from genuine mails from your organization.

If you’re responsible for managing your ICT infrastructure, keep reading. If not, pass this message on to your ICT department or to the ICT service that’s managing your ICT infrastructure.

HOW TO SOLVE IT?

You’ll have to verify that your configuration complies with “Sender Alignment” security requirements.
More specifically, your mail services and DNS will have to be configured according to ICT standards.

These configurations are common, well-documented and supported by hosting companies. Some useful links:

We’ve noticed that this issue frequently occurs in organizations which moved their ICT infrastructure to cloud services such as Microsoft (O365), Amazon, Google, and MS Azure without properly configuring the ICT infrastructure which is not managed by these providers.

The configurations and recommendations need to be implemented on the customer’s ICT infrastructure, either internally or externally. DNS and Mail services are the main ICT platforms for these actions.

THE USE OF DIFFERENT DOMAINS IN THE MAIL SENDING PROCESS

E-mails contain an “Envelope From” and a “Header From”. Both need to match to avoid that the mail is blocked.

Some examples:

  1. A public service is using its new domain name in the “Header From” and its old domain name in the “Envelope From”.
  • Envelope From = noreply@publicservice.fgov.be
  • Header From = noreply@publicservice.belgium.be

➔ These e-mails will be blocked.

Remark: Because it’s a noreply address, the sender will not even be aware of us rejecting the e-mail …

2. An organization is using a cloud service (Freshservice) for its helpdesk tool and the “Envelope From” has not been customised.

• EnvelopeFrom = bounces+us.3.52773-helpdesk=organisation.be@emailus.freshservice.com
• Header From = helpdesk@organisation.be

➔ These e-mails will be blocked.

3. A company uses a cloud service (Amazon SES) to send the delivery notification and the “Envelope From” has not been customized.

  • Envelope From = 01020188573f374-96de6437-9134-45f4-8aa6-3e9ac18d5848-000000@euwest-1.amazonses.com
  • Header From = noreply@company.be

➔ These e-mails will be blocked.

Bart.Servaes Sun, 05/26/2024 - 01:36