Roles and permissions
Roles and permissionsIn the Self-Service Portal (SSP) application five roles are pre-defined with their own sets of permissions. An individual can be assigned to more than one role (e.g. DP Manager and Certificate Manager).
User Manager (manager)
The User Manager provides access to all organizations using the HD4DP 2.0 installation within their network (where applicable). This role can create new organizations (groups) and add members to organizations. They can also define the roles of these members.
⚠️ There should be at least 1 user manager per HD4DP 2.0 installation. The initial User Manager is appointed internally and shared credentials with by the healthdata.be services.
⚠️ This role may not manage certificates for installations, unless they are also defined as a Certificate Editor.
⚠️ The User Manager defines and creates organizations within the SSP and assigns DP Managers to them.
DP Manager (dp_manager)
This role allows for adding new members to the organizations of which they are the DP Manager. The DP Manager is defined by the User Manager in the process of adding a member to an organization.
⚠️ A member could be a DP Manager of one organization, but a regular member of another organization.
⚠️ Unless a DP Manager is also defined as a Certificate Editor, they are not allowed to manage certificates for installations.
Certificate Manager (certificate_editor)
This role allows a member to manage the p12 certificates for an organization. The Certificate Manager is defined by the User Manager or DP Manager in the process of adding a member to a group.
CSV Upload Manager
This role allows a member to export data from HD4DP2.0. This is currently only available for BCFR but in the future this will be available for more registrations. This will be accessible to a limited number of members as all the data within the DP will be available to be downloaded.
NIPPIN Manager
This role allows a member to validate if the mycarenet message is delivered at the NIC without any issues. This will be accessible to a limited number of members as they are assigned tohave access to all the data of the specific registries