User Privileges Guide - hmislk/hmis GitHub Wiki
The HMIS system uses a comprehensive privilege-based access control system to ensure users can only access features appropriate to their roles and responsibilities. This guide explains how privileges work and how administrators can manage user access effectively.
Privileges are specific permissions that grant users access to particular system functions. Each privilege controls access to one or more related features within the HMIS system.
- User Roles: Users are assigned to roles (e.g., Doctor, Pharmacist, Administrator)
- Role Privileges: Each role is granted specific privileges appropriate to that position
- Feature Access: System features check for required privileges before allowing access
- Hierarchical Access: Some privileges may include others or have dependencies
| Privilege | Description | Typical Users |
|---|---|---|
AdminManagingUsers |
Full user account management, role assignment, privilege management | System Administrators |
AdminStaff |
Staff information management, staff-user linking | HR Administrators, System Administrators |
AdminInstitutions |
Institution, department, and organizational structure management | System Administrators, IT Managers |
| Privilege | Description | Typical Users |
|---|---|---|
AdminItems |
Item management, inventory configuration, EMR form management | System Administrators, Inventory Managers |
AdminPrices |
Pricing configuration, fee structure management | Financial Administrators, System Administrators |
| Privilege | Description | Typical Users |
|---|---|---|
LabAdiministrator |
Laboratory service configuration and management | Laboratory Managers, System Administrators |
PharmacyAdministration |
Pharmacy system configuration and management | Pharmacy Managers, System Administrators |
InwardAdministration |
Inpatient service configuration | Ward Managers, System Administrators |
StoreAdministration |
Central store management and configuration | Store Managers, Supply Chain Managers |
MembershipAdministration |
Patient membership program management | Customer Service Managers, Administrators |
HrAdmin |
Human resources module administration | HR Managers, System Administrators |
| Privilege | Description | Typical Users |
|---|---|---|
Opd |
Basic OPD access, patient registration, queue management | OPD Staff, Nurses, Clerks |
OpdBilling |
OPD service billing and payment processing | Billing Staff, Cashiers |
OpdOrdering |
Laboratory and diagnostic test ordering | Doctors, Nurses |
OpdPreBilling |
Pre-billing for cashier processing | Billing Clerks |
OpdCollectingCentreBilling |
Billing at collection centres | Collection Centre Staff |
OpdBillSearch |
Bill search and inquiry functions | Billing Staff, Supervisors |
OpdBillItemSearch |
Detailed bill item searching | Billing Staff, Auditors |
OpdLabReportSearch |
Laboratory report access for OPD patients | OPD Staff, Nurses |
| Privilege | Description | Typical Users |
|---|---|---|
LabSampleCollecting |
Sample collection and barcode management | Phlebotomists, Lab Technicians |
LabSampleReceiving |
Sample receipt and processing | Lab Technicians, Lab Supervisors |
LabReportSearch |
Laboratory report management and searching | Lab Technicians, Pathologists |
LabReportPrint |
Laboratory report printing and distribution | Lab Staff, Report Clerks |
LabSummeries |
Laboratory analytics and performance reports | Lab Managers, Pathologists |
LabInwardSearchServiceBill |
Inpatient laboratory service bill search | Lab Billing Staff |
| Privilege | Description | Typical Users |
|---|---|---|
Pharmacy |
Basic pharmacy access and operations | Pharmacists, Pharmacy Technicians |
PharmacySale |
Retail pharmacy sales | Pharmacists, Sales Staff |
PharmacySaleWh |
Wholesale pharmacy operations | Wholesale Staff |
PharmacyPurchase |
Pharmacy purchasing and procurement | Pharmacy Managers, Purchase Officers |
PharmacyGoodReceive |
Goods receipt and inventory management | Pharmacy Staff, Store Keepers |
PharmacyGoodReceiveWh |
Wholesale goods receipt | Wholesale Staff |
PharmacyReports |
Pharmacy analytics and reports | Pharmacy Managers, Supervisors |
PharmacyTransferRequest |
Stock transfer requests between departments | Pharmacy Staff, Ward Staff |
PharmacyTransferIssue |
Processing outgoing stock transfers | Pharmacy Staff |
PharmacyTransferRecive |
Receiving incoming stock transfers | Department Staff |
PurchaseOrdersApprovel |
Purchase order approval workflow | Pharmacy Managers, Procurement Officers |
| Privilege | Description | Typical Users |
|---|---|---|
InwardServicesAndItemsAddServices |
Adding services to inpatient bills | Ward Staff, Nurses |
| Privilege | Description | Typical Users |
|---|---|---|
Cashier |
Basic cashier operations and shift management | Cashiers, Finance Staff |
CashTransaction |
Financial transaction processing | Cashiers, Finance Managers |
CashTransactionCashIn |
Shift start and cash-in operations | Cashiers |
CashTransactionCashOut |
Shift end and cash-out operations | Cashiers, Supervisors |
| Privilege | Description | Typical Users |
|---|---|---|
ScanBillsFromCashier |
Barcode bill scanning capabilities | Cashiers |
AcceptPaymentForOpdBatchBills |
Processing batch OPD bill payments | Cashiers |
AcceptPaymentForPharmacyBills |
Processing pharmacy bill payments | Cashiers |
RefundOpdBillsFromCashier |
Processing OPD bill refunds | Cashiers, Supervisors |
RefundPharmacyBillsFromCashier |
Processing pharmacy bill refunds | Cashiers, Supervisors |
| Privilege | Description | Typical Users |
|---|---|---|
ManageCreditCompany |
Credit company and insurance management | Finance Managers, Billing Supervisors |
| Privilege | Description | Typical Users |
|---|---|---|
Channelling |
General channelling operations | Channelling Staff, Appointment Clerks |
ChannellingChannelBooking |
Appointment booking and management | Channelling Staff |
ChannelBookingByMonth |
Monthly appointment planning | Channelling Supervisors |
ChannellingPastBooking |
Historical appointment access | Channelling Staff, Supervisors |
| Privilege | Description | Typical Users |
|---|---|---|
ChannelSheduleManagement |
Doctor schedule creation and management | Channelling Managers |
ChannelSessionManagement |
Session instance management | Channelling Supervisors |
ChannelManagement |
Overall channelling system management | Channelling Managers |
ChannelCreateSessions |
Creating new channelling sessions | Channelling Managers |
| Privilege | Description | Typical Users |
|---|---|---|
ChannellingPaymentPayDoctor |
Doctor payment processing | Finance Staff, Channelling Managers |
ChannellingPaymentDueSearch |
Outstanding payment tracking | Finance Staff |
ChannellingPaymentDoneSearch |
Completed payment inquiry | Finance Staff, Auditors |
| Privilege | Description | Typical Users |
|---|---|---|
ChannelReports |
Channelling operational reports | Channelling Managers |
ChannelSummery |
Channelling performance analytics | Channelling Managers, Administrators |
| Privilege | Description | Typical Users |
|---|---|---|
StockTransactionViewRates |
View financial rates in stock transactions | Pharmacy Managers, Finance Staff |
PharmacyTransferViewRates |
View rates in pharmacy transfer operations | Pharmacy Managers, Supervisors |
Developers |
Development and testing features access | System Developers, IT Staff |
| Privilege | Description | Typical Users |
|---|---|---|
ReportsSearchCashCardOwn |
Personal cash and card transaction reports | Individual Staff Members |
ReportsItemOwn |
Personal item-related reports | Staff Members |
DashBoardMenu |
Dashboard and summary screen access | Managers, Supervisors |
Navigation: Administration â Manage Users â User Roles
- Define User Roles: Create roles like "Pharmacist", "OPD Clerk", "Lab Technician"
- Assign Privileges to Roles: Grant appropriate privileges to each role
- Assign Users to Roles: Place users in roles matching their job functions
- Bulk Assignment: Use "Add Privileges to Users by Role" for efficiency
- Access User Management: Navigate to user account details
- Direct Privilege Assignment: Manually assign specific privileges
- Custom Access: Create unique privilege combinations when needed
- Minimum Necessary Access: Grant only privileges required for job functions
- Regular Review: Periodically audit user privileges for appropriateness
- Role-Based Approach: Use roles rather than individual assignments when possible
- Temporary Access: Use time-limited privileges for temporary assignments
- Job Function Alignment: Create roles that match actual job responsibilities
- Department-Specific Roles: Consider department-specific privilege needs
- Hierarchical Roles: Design roles that reflect organizational hierarchy
- Cross-Training Consideration: Account for staff who work in multiple areas
- Role Documentation: Document the purpose and scope of each role
- Change Tracking: Log all privilege changes with justification
- Access Reviews: Regularly review user access against current job functions
- Compliance Reporting: Maintain privilege reports for regulatory compliance
Job Function: Hospital pharmacist handling dispensing and inventory
Recommended Privileges:
Pharmacy
PharmacySale
PharmacyTransferRequest
PharmacyTransferRecive
PharmacyGoodReceive (if handling receiving)
Rationale: Covers core pharmacy operations without administrative access
Job Function: Processing outpatient bills and payments
Recommended Privileges:
Opd
OpdBilling
OpdBillSearch
OpdBillItemSearch
AcceptPaymentForOpdBatchBills (if also cashiering)
Rationale: Focuses on billing functions without clinical access
Job Function: Managing lab operations and staff
Recommended Privileges:
LabSampleCollecting
LabSampleReceiving
LabReportSearch
LabReportPrint
LabSummeries
DashBoardMenu
Rationale: Comprehensive lab access with supervisory reporting
Job Function: Managing departmental operations and staff
Recommended Privileges:
[Core department privileges]
DashBoardMenu
ReportsSearchCashCardOwn
ReportsItemOwn
[Relevant administrative privileges]
Rationale: Operational access plus management reporting capabilities
Problem: User gets "Access Denied" or feature not visible
Solutions:
- Verify user has required privilege for the specific feature
- Check if user is assigned to appropriate role
- Confirm privilege spelling and case sensitivity
- Review any prerequisite privileges or system configurations
- Check if user account is active and not expired
Problem: User can access some but not all functions within a feature
Solutions:
- Review granular privileges within the feature area
- Check for view vs. edit vs. delete privilege distinctions
- Verify department-specific access limitations
- Confirm shift-based access requirements are met
Problem: Privilege changes made but user still cannot access features
Solutions:
- Ask user to log out and log back in
- Clear browser cache and cookies
- Restart application server if changes affect system-wide access
- Verify privilege changes were actually saved in the system
Some privileges may conflict or have dependencies:
- Shift Requirements: Some privileges require active cashier shifts
- Department Restrictions: Some privileges are department-specific
- Role Hierarchies: Higher-level privileges may include lower-level ones
Some features require multiple privileges or system configurations:
- Configuration Dependencies: Features may require specific system options to be enabled
- Role Combinations: Some workflows require users to have complementary privileges
- System State: Some features require specific system conditions (e.g., active shifts)
- Regular Audits: Periodically review all user privileges
- Departure Procedures: Immediately revoke privileges when staff leave
- Role Changes: Update privileges when users change positions
- Temporary Access: Monitor and expire temporary privilege grants
- Administrative Privileges: Strictly limit administrative access
- Financial Privileges: Extra scrutiny for cash and billing privileges
- Data Access: Careful management of reporting and data export privileges
- Developer Access: Limit development privileges to authorized personnel
- Audit Trails: Maintain logs of privilege changes and usage
- Regulatory Compliance: Ensure privileges align with healthcare regulations
- Documentation Standards: Document privilege rationale and approval
- Regular Reviews: Scheduled privilege compliance reviews
- System Administrator: Primary contact for privilege questions and modifications
- Department Managers: For understanding job-specific privilege requirements
- HR Department: For role definitions and organizational structure guidance
- Security Officer: For compliance and security-related privilege decisions
- User Role Documentation: Maintain updated role and privilege documentation
- Training Materials: Include privilege information in user training
- Help Desk Procedures: Standard procedures for privilege-related support requests
- Escalation Procedures: Clear escalation path for complex privilege decisions
Related Resources:
- Administration Navigation Guide - How to access user management functions
- System Configuration Guide - Understanding system-wide settings
- Application Options Reference - Configuration options that affect privilege behavior
Important Notes:
- Always follow the principle of least privilege when granting access
- Document all privilege decisions and changes for audit purposes
- Regularly review and update privileges to match current job functions
- Coordinate with HR and department managers for role-based privilege design