docs.healthdata.beRoles and permissions
A few roles are pre-defined with their own sets of permissions. Some roles are given globally like manager, and dp_manager while some roles are given on an organisation level. A user can have multiple roles, their permissions will combine automatically. This allows us to build many more features in the future and create seperate roles for them and give access on an individual basis to the right people.
Administrator (administrator)
The global admin role, used to set Drupal settings and setup permissions.
⚠️ In an ideal situation this should no be used by the end customer. With this role you can easily break the entire installation in just a few clicks.
User Manager (manager)
This is the highest role available for the Data Providers. This role can create new orgs (groups), new Users and add members to groups. They can also pick the roles of these users.
⚠️ There should be at least 1 manager user per installation.
⚠️ This role can not manage certificates for installations, unless the user is also added as a member to one or more organisations with the Certificate Editor role.
DP Manager (dp_manager)
This role is assigned when adding a user to a group. This role allows the user to add new members to the groups where they’re the DP Manager of. In theory a user could be a DP Manager at one org, but a regular member at another org.
⚠️ This role also doesn’t give the permission to manage certificates. To do that you also need to give this member the Certificate Editor role.
Certificate Editor (certificate_editor)
The certificate editor role is also assigned when adding a user to a group. This role allows users to manage the p12 certificate for an organisation.