docs.healthdata.beRoles and permissions
In the Self-Service Portal application three roles are pre-defined with their own sets of permissions. An individual can be assigned to more than one role (e.g. dp manager and certificate editor).
User Manager (manager)
The User Manager provides access to all organizations within their network (where applicable) using the HD4DP v2 installation. This role can create new organizations (groups) and add members to groups. They can also define the roles of these members.
⚠️ There should be at least 1 user manager per HD4DP v2 installation. The initial user manager is assigned by healthdata.be services.
⚠️ This role may not manage certificates for installations, unless they are also defined as a Certificate Editor.
DP Manager (dp_manager)
This role allows the user to add new members to the groups of which they are the DP Manager. The DP Manager role is defined by the user manager in the process of adding a member to a group.
⚠️ A member could be a DP Manager of one organization, but a regular member of another organization.
⚠️ This role may not manage certificates for installations, unless they are also defined as a Certificate Editor.
Certificate Editor (certificate_editor)
This role allows a member to manage the p12 certificates for an organization. The certificate editor role is defined by the user manager in the process of adding a member to a group.
A user can have multiple roles, of which the permissions will combine automatically. This allows us to build many more features in the future and create separate roles for users and give access on an individual basis to the appropriate staff.
The user can only carry out CRUD (create, read, update, delete) operations on the user list and link the user to a certain Data Provider which is linked in our MDM database. The MDM database is the single source of truth.
The user manager's view on the portal is limited to the organization that is assigned to them.