Roles and Groups - greenriver/hmis-warehouse GitHub Wiki

Roles

Each role is associated with a set of permissions that allow specific visibility and functionality within Open Path. Roles are additive and a user can have as many roles as necessary to provide the access required to accomplish their jobs. Permissions are added by Green River upon requests from clients and as-needed in conjunction with new features. When two permissions, with conflicting visibility/functionality are added to the same role, the less restrictive permission takes precedence.

Role Configuration

Role configurations determine what a user can do in the warehouse. Examples of roles:

  • Administrative
    • Can manage users
    • Can manage roles
    • Can assign reports
  • Client Care
    • Can view clients
    • Can search window
  • Reporting
    • Can view assigned reports

Groups

Groups are used to assign users access to particular sets of data, reports, and cohorts. Users are assigned to groups and inherit access from the group. Roles are then assigned to users to grant access to sections of the warehouse. Groups are additive, meaning a user can be assigned to multiple groups and will be able to see data, reports, and cohorts included in each group.

Users are assigned to Groups from the Groups tab on the Admin Dashboard. It is recommended that Groups be configured by either data access, reports, or cohorts. For example, a Data Quality Reporter Group may only include reports used to monitor data quality. Doing so will allow updates to be made for any user assigned to that group, instead of updating each user profile individually.

Group Configuration

Group configurations determine what a user can see in the warehouse. Examples of groups:

  • Warehouse Administrator - All Data Sources
  • CoC Administrator - A single CoC
  • Organization Group - A single organization
  • Performance Reporter - Any Performance Related Reports
  • Data Quality Reporter - Any Data Quality Reports

Default User Roles and Groups

Default and custom user roles are available in Open Path for both the Warehouse and CAS. A description of each type of user and associated roles and groups are provided in this section. Roles and Groups can be updated and new roles can be created as needed. Note: Visibility into client records is also determined by local sharing and ROI configuration.

Warehouse Default Roles and Groups

Warehouse Access Administrator - An individual that manages the permissions/access to the warehouse, site configurations and data sources. Warehouse Access Administrators are not able to see client-level data.

  • Roles
    • Administrative Role
  • Groups
    • Warehouse Administrator

Warehouse Data Administrator - An individual that has full access to view and report on all data in the warehouse. Warehouse Administrators may be from a state-agency or entity responsible for the implementation of the Warehouse. They may also create and manage cohorts applicable for system-wide use.

  • Roles
    • Client Care Role
    • Reporting Role
  • Groups
    • Warehouse Administrator
    • Performance Reporter
    • Data Quality Reporter

CoC Administrator - An individual that has access to view and report on data from their CoC in the warehouse. They use the warehouse to review and monitor system and program performance within their CoC; and create/manage cohorts specific to their CoC. CoC Users may also be HMIS System Administrators, and be responsible for uploading and managing their CoC data in the warehouse.

  • Roles
    • Client Care Role
    • Reporting Role
  • Groups
    • CoC Administrator
    • Performance Reporter
    • Data Quality Reporter

Organization/Agency User - An individual that has access to view and report on data from their agency. They use the warehouse to review and monitor their organization’s performance; and review and document chronicity. Users may be project managers, case managers, or other persons working directly for an organization.

  • Roles
    • Client Care Role
    • Reporting Role
  • Groups
    • Organization Group
    • Performance Reporter
    • Data Quality Reporter

Report User - An individual that has limited access to run reports. They use the warehouse to run aggregate reports and do not have access to client-level data.

  • Roles
    • Reporting Role
  • Groups
    • Performance Reporter
    • Data Quality Reporter

Health Administrator - A specialized role currently applicable only for installations that include electronic health record access. They are able to manage additional user permissions for platform features and patient record visibility related to medical data.

  • Roles
    • Client Care Role
    • Reporting Role
  • Groups
    • Organization Group
    • Performance Reporter
    • Data Quality Reporter