All Collections
Admin and configuration
Role-based access control
Assigning a role to a group of users (role-based access control)
Assigning a role to a group of users (role-based access control)
Updated over a week ago

With role-based access control enabled, each user must have at least one role assigned. Resource sets that define the data that can be accessed are applied to a user account when assigning a role to that user. Instead of assigning a role to each user individually, you can assign roles to a group of users. You must first create user groups; see Creating user groups for more information.

A user can have multiple roles assigned; the permissions are additive. For example, you may have a physician role that can create prescriptions but does not have access to configure all the CHR settings, and a super-user role that cannot create prescriptions but has access to all the settings. If both roles are applied to a user, they will have the combined permissions of the two roles. One role might be applied via the group (e.g. All Practitioners) and one applied directly to the individual user.

📌 Note: Roles assigned via a group do not appear in the list of assigned roles for a user. For more information on assigning a role to an individual user, see Assigning a role and resource set to a user (role-based access control).

📌 Note: You must have the Edit Other Users permission enabled to assign a role to a group of users.


1. From the main toolbar, click Settings > Account info > Groups. The list of any existing groups and the users within them appears.

💡 Tip: You can create a new group by clicking Add Group. See Creating user groups for more information.

2. Click Edit beside the group you are applying the role and resource set to.

3. In the Roles tab, click Assign New Role.

4. At the top of the window, click Select role... and choose the appropriate role from the list.

5. Search for and select the applicable resource sets from the list at the bottom of the window. You can select multiple resource sets - for example, if a group of providers should have access to patient charts at multiple locations, or if they should have access to patients and Billing dashboard by location.

6. Click Save when you are finished.

7. The role and resource sets appear in the list of Roles for this group.

To edit the assigned role, click the pencil icon. To remove the assigned role, click the x icon.

8. Click Apply.

9. Enter your password when prompted, and click Submit.

All users that are defined in the group will now have the selected role and its corresponding permissions applied. You can view all the active permissions for a user, whether a role was assigned directly to the user or through a group. For more information, see Viewing a user's permissions (role-based access control).

Updated June 28, 2022

Did this answer your question?