With role-based access control enabled, each user must have at least one role assigned. Resource sets that define the data that can be accessed are applied to a user account when assigning a role to that user. You cannot apply user-specific permissions outside of a role.
A user can have multiple roles assigned; the permissions are additive. For example, you may have a physician role that can create prescriptions but does not have access to configure all the CHR settings, and a super-user role that cannot create prescriptions but has access to all the settings. If both roles are applied to a user, they will have the combined permissions of the two roles.
💡 Tip: You can also assign roles and resource sets to a group of users. Note that roles assigned via a group do not appear in the list of assigned roles for a user. For more information, see Assigning a role to a group of users (role-based access control).
You must have the Edit Other Users permissions enabled to assign a role to a user.
📌 Note: a built-in role Breaking Glass Permissions is automatically included when role-based access control is enabled. This role is dynamically assigned to a user at the time of gaining access to a restricted chart; you do not need to assign it to users.
1. From the main menu, click Settings > Account and, in the Users tab, click Edit beside the user to whom you are assigning a role.
2. In the Roles tab, click Assign New Role.
3. At the top of the window, click Select role... and choose the appropriate role from the list.
4. Search for and select the applicable resource sets from the list at the bottom of the window. You can select multiple resource sets - for example, if a provider should have access to patient charts at multiple locations, or should have access to patients and Billing dashboard by location.
5. Click Save when you are finished.
6. The role and resource sets appear in the list of Roles for this user.
To edit the assigned role, click the pencil icon. To remove the assigned role, click the x icon.
7. Click Submit.
8. Enter your password when prompted, and click Submit.
💡 Tip: You can view all the active permissions for a user, whether a role was assigned directly to the user or through a group. For more information, see Viewing a user's permissions (role-based access control).
Updated June 28, 2022