docs.healthdata.beNew and familiar concepts within HD EAM
Underlying to EAM 3.0 is the new internal architecture pictured below, which is substantially different from the former Entity Access Management setup.
This new architecture involves a series of new concepts, next to some familiar ones. We have explained them briefly underneath:
New
Account
An account in EAM 3.0 is the combination of E-mail address, Organization, Application, Access Grants and some parameters, acting as a "bridge" between Users, Organizations and Applications. A user can create one or more accounts each with a separate e-mail address, e.g. when working in different HCO's with each another application.
Access grants
On account level a user needs to be granted access to a project for an application to a certain organization as is determined by the provision during creation of the account. Currently, there are two different types of Access grants:
- HD4DP2 Access grant: this grant will feature a project, user role and author group.
- Healthstat Access grant: this grant will feature a project
Organization
The EAM holds a list of all organizations with their Name, NIHDI number, list of Access Managers. If an organization is not active anymore, it will receive the status Disabled. They are not deleted from the EAM system.
Provision
The provision is the deployment of a certain Application to a certain Organization along with any specific parameters providing extra information on the deployment.
Moderation state
The moderation state of an account indicates the current approval state throughout the process. You can find an overview here.
Messages (log)
Messages are created whenever actions are involved on account level, e.g. change of password, request of account update, permission of grants etc. A message is the representation of something we send to or receive from Service bus. The messages will be logged within EAM for history purposes.
User types
In the EAM system we have several EAM User Types:
Service Bus
Is a communication layer between our EAM portal and the installations at the DP's side. Whereas the former EAM system mainly managed access requests, the new EAM 3.0 focusses on complete User management incl. access requests, account creating, feedback loop ... aiming at faster user onboarding, a better user experience and less manual intervention by Support / DevOps.
Familiar
User
As previously, the user is the main entity in the system, containing basic information such as Username, Primary e-mail address, First name, Last name, SSIN and professional NIHDI code. Represents a person interacting with the EAM. In this NEW EAM version you will have the possibility to add more than one NIHDI code. Each user can be linked up to multiple Accounts (see above).
Author group
User roles
This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!