Roles and permissions

In the Self-Service Portal application three roles are pre-defined with their own sets of permissions.

User Manager (manager)

The User Manager provides access to all organizations within their network (where applicable) using the HD4DP v2 installation. This role can create new organizations (groups) and add members to groups. They can also define the roles of these members.

⚠️ There should be at least 1 user manager per HD4DP v2 installation. The initial user manager is assigned by healthdata.be services.

⚠️ This role may not manage certificates for installations, unless they are also defined as a Certificate Editor.

DP Manager (dp_manager)

This role allows the user to add new members to the groups of which they are the DP Manager. The DP Manager role is defined by the user manager in the process of adding a member to a group.

⚠️ A member could be a DP Manager of one organization, but a regular member of another organization.

⚠️ This role may not manage certificates for installations, unless they are also defined as a Certificate Editor.

Certificate Editor (certificate_editor)

The certificate editor role is also assigned when adding a user to a group. This role allows users to manage the p12 certificate for an organisation.

Certificate editors must be designated via the portal in order to upload certificates for their organization. The assigning of roles, such as Certificate Editors, is managed by User Managers.

A user can have multiple roles, of which the permissions will combine automatically. This allows us to build many more features in the future and create separate roles for users and give access on an individual basis to the appropriate staff.

The user can only carry out CRUD (create, read, update, delete) operations on the user list and link the user to a certain Data Provider which is linked in our MDM database. The MDM database is the single source of truth.

The user manager's view on the portal is limited to the organization that is assigned to them.