New and familiar concepts of HD EAM

New and familiar concepts of HD EAM

Last updated: 2024-04-02 15:11

Underlying to the new HD Entity Access Management system "EAM 3.0" is a new architecture, which is substantially different from the former setup of the system. The new architecture and its relevant processes bring along some new concepts. We have listed them for you underneath and have completed them with some familiar concepts.

user

account

service bus

user roles

author group

EAM 3.0 architecture

Access Manager

User type. An Access Manager manages/validates the access to applications / projects for the Organization(s) and Users they represent, manages/validates accounts

Account

An account in EAM 3.0 is the combination of e-mail address, Provision and a number of Access Grants, acting as a "bridge" between Users, Organizations and Applications. A user can create one or more accounts each with a separate e-mail address, e.g. when working in different healthcare organizations (HCOs) with each another application.

Account state

The table below offers an overview of the different states of an account throughout the workflow. The Label denotes the action by the Access Manager. Also, moderation state. The moderation state of an account indicates the current approval state throughout the process.

Admin

User type. A Healthdata.be employee (Support, Onboarding) manages the system.

Authenticated User

User type. A person who is logged in to the EAM system through itsme or eID and has a profile based on shared first name, last name and NISS code. An Authenticated User can login into the application, create accounts and request access grants, change their own account information.

Author group

The Author Group is created based on the First name en Last name of the user requesting access. It is automatically populated and available in the drop-down list on the Add Acces grant window.

Grants (Access grants)

On account level a user needs to be granted access to a project for an application to a certain organization as is determined by the provision during creation of the account. Currently, there are two different types of Access grants:

  • HD4DP2 Access grant: this grant will feature a project, a user role (study lead, study assistant, study support) and an author group.
  • Healthstat Access grant: this grant will feature a project

Legacy requests

This is the former "Requests overview"

Manager (HD Manager)

User type. (tba)

Organization

The EAM holds a list of all organizations with their Name, NIHDI number, list of Access Managers. If an organization is not active anymore, it will receive the status Disabled. They are not deleted from the EAM system.

Moderation state

See Account state.

Messages (log)

Messages are created whenever actions are involved on account level, e.g. change of password, request of account update, permission of grants etc. A message is the representation of something we send to or receive from Service bus. The messages will be logged within EAM for history purposes.

Provision

The provision is the deployment of a certain Application to a certain Organization along with any specific parameters providing extra information on the deployment.

User

The user is the main entity in the EAM system, containing basic information such as Username, Primary e-mail address, First name, Last name, SSIN and professional NIHDI code. The user represents a person interacting with the EAM. This EAM version offers the possibility to add more than one NIHDI code. Each user can be linked up to multiple Accounts (see above).

User matrix

The introduction of the HD Entity Access Management system leads to some new concepts. In this section, we explain these new concepts and complement them with some familiar ones.

In general, a user matrix is a structured way to organize information about user segments and their characteristics: in our case, by plotting the two axes in relation to each other, the user matrix provides a comprehensive view of the user types and their respective functionalities.

User roles

Or HD4DP2/Healthstat.be User Roles. They determine your access options as requestor in the HD application for the relevant project and does not necessarily corresponds to the staff structure within your organization. More on User roles in HD4DP2 can be found here.

User types

There are several EAM User Types denoting the level of rights you have within the EAM system: Authenticated user, Access manager, (HD) Manager, Administrator, Validated User.

Different from user roles that are typical for applications.

Validated user

User type. Can be found in the EAM users overview after migrating validated users from EAM 2.7 to EAM 3.0. This migrated user type corresponds with the one of an Authenticated user in EAM 3.0.

Service Bus

Is a communication layer between our EAM portal and the installations at the DP's side. Whereas the former EAM system mainly managed access requests, the new EAM 3.0 focusses on complete User management incl. access requests, account creating, feedback loop ... aiming at faster user onboarding, a better user experience and less manual intervention by Support / DevOps.

This documentation is being updated regularly. We try to provide as correct, complete and clear as possible information on these pages. Nevertheless, if you see anything in the documentation that is not correct, does not match your experience or requires further clarification, please create a support ticket via our portal (https://healthdatabe.atlassian.net/servicedesk/customer/portals) or send us an e-mail via support.healthdata@sciensano.be to report this documentation issue. Please, do not forget to mention the URL or web address of the page with the documentation issue. We will then adjust the documentation as soon as possible. Thank you!