Access Rights Configuration
Access to the EWA system is configured via a JSON file which is written to the database with help from the migration tool.
Configuration file
"Configuration/RoleToAccessMapping.json" file in the migration tool contains the configuration that needs to be changed in order to change the access management in the EWA system.
An example of how it looks like:
{
"Role": "BliksundPEPJClient",
"AccessRights": [
"Client"
]
},
{
"Role": "BliksundPEPJAllResources",
"AccessRights": [
"AllResources"
]
},
{
"Role": "BliksundPEPJAllJournalComplete",
"AccessRights": [
"AllJournalComplete"
]
},
The file consists of a list of objects that say which roles have which access. Changes done to the file must be saved to the database using the migration tool.
Roles
The value set in this attribute states which "Role" should have permissions defined in the "AccessRights" list in this object. The definition of what a role is will be different for a system configured with local AD connectivity for login and access management, and a system configured with "OpenId Connect" federated login.
- Local AD:
- A role corresponds to a user group in AD.
- OpenId Connect:
- A role corresponds to a possible value from the role list which the user gets a token from a federated login provider.
Access Rights
The access right attribute is a list of accesses the role in the object will have internally in the EWA system. There are also other factors that play a part in whether a user have access, for example barriers in the context of patient confidentiality and organizational affiliation(only with OpenId Connect). Each object must have at least one access right.
Here is a list:
| Access Right | Release version | Requires federated login configuration? | Description |
|---|---|---|---|
| Client | Before release 16.0 | No | Can log in to the client and fill in journals there. The list of resources in the client is filtered at the department level. |
| OrganizationClient | Before release 16.0 | Yes | Can log in to the client and fill in journal there. The list of resources in the client is filtered at the organization level. |
| AllJournalView | Before release 16.0 | No | Can search for and view journals for all organizations and departments in Insight. |
| OrganizationJournalView | Before release 16.0 | Yes | Can search for and view journals that belong to that organization in Insight. |
| DepartmentJournalView | Before release 16.0 | Yes | Can search for and view journals that belong to that department in Insight. |
| UserJournalView | Before release 16.0 | No | Can search for and view journals where the user have been the driver, handler or a third person. |
| AllJournalEdit | Before release 16.0 | No | Can search for and edit journals in all organizations and departments in Insight. |
| OrganizationJournalEdit | Before release 16.0 | Yes | Can search for and edit journals that belong to that organization in Insight. |
| DepartmentJournalEdit | Before release 16.0 | Yes | Can search for and edit journals that belong to that department in Insight. |
| UserJournalEdit | Before release 16.0 | No | Can search for and edit journals where the user have been the driver, handler or a third person. |
| AllJournalPrint | Before release 16.0 | No | Can search for and view print version of journals in all organizations and departments in Insight. |
| OrganizationJournalPrint | Before release 16.0 | Yes | Can search for and view print version of journals that belong to that Organization in Insight. |
| DepartmentJournalPrint | Before release 16.0 | Yes | Can search for and view print version of journals that belong to that Department in Insight. |
| UserJournalPrint | Before release 16.0 | Yes | Can search for and view print version of own journals. |
| AllJournalDelete | Before release 16.0 | No | Can search for and delete journals in every organization and departments in Insight(Soft Delete). |
| OrganizationJournalDelete | Before release 16.0 | Yes | Can search for and delete journals that belong to that organization in Insight(Soft Delete). |
| DepartmentJournalDelete | Before release 16.0 | Yes | Can search for and delete journals that belong to that department in Insight(Soft Delete). |
| AllJournalComplete | Before release 16.0 | No | Can complete journals in all organizations and departments in Insight. |
| OrganizationJournalComplete | Before release 16.0 | Yes | Can complete journals that belong to that organization in Insight. |
| DepartmentJournalComplete | Before release 16.0 | Yes | Can complete journals that belong to that department in Insight. |
| UserJournalComplete | Before release 16.0 | No | Can complete the journals where the user have been the driver, handler or a third person. |
| AllAuditLog | Before release 16.0 | No | Can search for and view user logs for all organizations and departments in Insight(Filter logs that have a journal Id). |
| OrganizationAuditLog | Before release 16.0 | Yes | Can search for and view user logs that belong to that organization in Ins |
| DepartmentAuditLog | Before release 16.0 | Yes | Can search for and view user logs that belong to that department in Insight. |
| BlacklistWhitelist | Before release 16.0 | No | Can manage rules for blocking patient information in accordance with patient confidentiality. |
| AllReportOverview | Before release 16.0 | No | Can view all overview reports in Insight. |
| OrganizationReportOverview | Before release 16.0 | Yes | Can view overview reports that belong to that organization in Insight. |
| DepartmentReportOverview | Before release 16.0 | Yes | Can view overview reports that belong to that department in Insight. |
| ReportChange | Before release 16.0 | No | Can see change report in Insight. (Not made yet) |
| ReportMainBasic | Before release 16.0 | No | Can see change report in Insight. (Not made yet) |
| ReportLoad | Before release 16.0 | No | Can see change report in Insight. (Not made yet) |
| BillableMissionHandler | Before release 16.0 | No | Can view the report for billable assignments and manage their status in Insight. |
| OwnReportView | Before release 16.0 | No | Can access own records reports page |
| AllTechnicalLog | Before release 16.0 | No | Can search and view technical logs of all organizations and departments in Insight(Filters logs that have a journal with ID). |
| OrganizationTechnicalLog | Before release 16.0 | Yes | Can search and view technical logs of all organizations in Insight(Filters logs that have a journal with ID). |
| DepartmentTechnicalLog | Before release 16.0 | Yes | Can search and view technical logs of all departments in insight(Filters logs that have a journal with ID). |
| MissionSimulator | Before release 16.0 | No | Can use mission simulator function in Insight. |
| ExportConfiguration | Before release 16.0 | No | Can administrate export configuration in Insight. |
| ExportStatus | Before release 16.0 | No | Can view status report for exported journals in Insight. |
| VersionStatusView | Before release 16.0 | No | Can view status report for version on servers and clients in the system in Insight. |
| Dataset | Before release 16.0 | No | Can administrate datasets in Insight. |
| Admin | Before release 16.0 | No | Can administrate health trusts, stations, resources and locations in Insight. |
| PdfConfigurationView | Before release 16.0 | No | Can access the PDF Settings page under the Insight admin menu, view current values, and view the change history for those settings. |
| PdfConfigurationEdit | Before release 16.0 | No | Can access the PDF Settings page under the Insight admin menu, view current values, edit values, and view the change history for these settings. |
| AllStation | Before release 16.0 | No | Can access station settings page under the administration menu for all organizations and departments in Insight, view current values, edit values, and view the change history for those settings. |
| OrganizationStation | Before release 16.0 | Yes | Can access station settings page under the administration menu for associated organizations in Insight, view current values, edit values, and view the change history for these settings. |
| DepartmentStation | Before release 16.0 | Yes | Can access station settings page under the administration menu for associated departments in Insight, view current values, edit values, and view the change history for these settings. |
| AllResources | Before release 16.0 | No | Can access resources settings page and resource types settings page under the administration menu for all organizations and departments in Insight, view current values, edit values, and view the change history for those settings. |
| OrganizationResources | Before release 16.0 | Yes | Can access resources settings page and resource types settings page under the administration menu for associated organizations in Insight, view current values, edit values, and view the change history for these settings. |
| DepartmentResources | Before release 16.0 | Yes | Can access resources settings page and resource types settings page under the administration menu for related departments in Insight, view current values, edit values, and view the change history for these settings. |
| AllEquipment | Before release 16.0 | No | Can access equipment settings page under the administration menu for all organizations and departments in Insight, view current values, edit values, and view the change history for these settings. |
| OrganizationEquipment | Before release 16.0 | Yes | Can access equipment settings page under the administration menu for associated organizations in Insight, view current values, edit values, and view the change history for these settings. |
| LiveViewAccess | Before release 16.0 | No | Can access real-time screen if user has this right from the same department configured to have full or limited access in real-time screen configuration. |
| AllMainSimplified | Before release 16.0 | No | Can access main report without medical data on for all organizations and departments in Insight. |
| OrganizationMainSimplified | Before release 16.0 | Yes | Can access main report with medical data on associated organizations in Insight. |
| DepartmentMainSimplified | Before release 16.0 | Yes | Can access main report with medical data on associated departments in Insight. |
| AllMainWithMedicalData | Before release 16.0 | No | Can access main report with medical data on for all organizations and departments in Insight. |
| OrganizationMainWithMedicalData | Before release 16.0 | Yes | Can access main report with medical data on associated organizations in Insight. |
| DepartmentMainWithMedicalData | Before release 16.0 | Yes | Can access main report with medical data on associated departments in Insight. |
| SATSConfigurationAdministration | Before release 16.0 | No | Can access edit and assign SATS configurations. |
| ChecklistAdministration | Before release 16.0 | No | Can access the old checklist and new checklist configuration page to manage checklists and assign resources. |
| HPLinkIntegrationAdministration | Before release 16.0 | No | Can access Helseplattformen HP-link integration configuration and administration page in insight. Could able to create and manage the integration configurations. |
| CardiacArrestReportRegister | Release 16.0 | No | Can access the cardiac arrest report page and download the JSON file in Insight. |
| RETTSConfigurationAdministration | Release 17.0 | No | Can access the RETTS configuration page in insight to upload the ESS and the vital parameter XML. |
| CardiacArrestConfigAdmin | Release 17.0 | No | Can access the cardiac arrest trigger configuration page in insight to configure trigger the cardiac arrest form. |
| TimelineReportAccess | Release 18.0 | No | Can access the timeline report page and track the time spent by the resources on missions. |
| DepartmentLiveViewJournalPrint | Release 21.0 | No | Can print version of department journals from Insight LiveView. |
| AllTimelineReport | Release 21.0 | No | Can include all organization and departments journals in the time line report. |
| OrganizationalTimelineReport | Release 21.0 | No | Can include organization journals in the time line report. |
| DepartmentTimelineReport | Release 21.0 | No | Can include department journals in the time line report. |
| ManageReleaseCandidateFeatures | Release 24.0 | No | Can manage release candidate features in Insight. |
| VersionManager | Release 27.0 | No | Can access the version management page in Insight and manage versions to be published on the clients. |
| ManageCrewRole | Release 29.0 | No | Can access the Manage Crew Role button within the resource types settings page for administrating the crew roles |
And here is an example of objects with multiple accesses per role.
{
"ClaimValue": "BHFRKlagesaksbehandler",
"AccessRights":
[
"AllJournalView",
"OrganizationJournalView",
"DepartmentJournalView",
"AllJournalPrint",
"OrganizationJournalPrint",
"DepartmentJournalPrint",
"BlacklistWhitelist",
"AllAuditlog"
]
}
Persist to database via the migration tool
Changes in access configuration must be saved using the migration tool. Can be done "Graphically" or via "Command Line". The tool must be configured with correct "ConnectionString" to database server. To save a configuration the database must be updated with the latest migration.
Graphical method
Use the migration tool graphical interface
- Choose System Configuration
- Role to Access Rights Mapping
- Yes
- This should appear: "Role to access rights mapping saved to database."
Command Line
Run "PEPJ.MigrationTool.exe --role-access-mapping":
Use this command: \Migration Tool>PEPJ.MigrationTool.exe --role-access-mapping