Security
The Admin area has a Security section which allows users with Admin rights to set Roles, Access Principles, Access Controls and Environment Access Controls.
The Atmoforms Security module is implemented on a staff member level and allows for truly modular security, where admin users can enable and disable areas or individual features for particular groups of users in the system.
At its core, Atmoforms is role-based, however to add flexibility and to allow for future enhancements, we have introduced a level of management on top of these called Access Principles. It is at this level that security and functional access to Atmoforms is assigned.
The Security Levels are managed from within the Admin area of Atmoforms. Security settings can be used to grant access to entire modules, specific sections within modules, or even panels of sensitive information or particular administrative functionality within particular sections.
The choice of how to implement the security is very open-ended and can be used to control almost anything that you choose.
The security module consists of:
Roles
Roles are intended to broadly represent core roles within the area the system is being used.
Roles are assigned to staff members. Role name examples include Primary Restricted and Primary Unrestricted.
Access Principles
Access Principles are logical groupings of Roles. Security rules are applied at this level to allow for a higher level of configuration without the need for duplication of administrative work.
Access Principles allow you to apply the same configurations to multiple Roles whilst at the same time allowing the individual Administrators the ability to be as open or restrictive as required.
Within the Access Principles, the Administrators may select which combination of system Roles belong to it. There can be as many Roles and Access Principle combinations as the user wishes to create.
Conceptually, Access Principles are designed to represent functions that users might perform within Atmoforms. Rather than having one single large Access Principle that grants access to everything, they are intended to be layered with each other to provide a more granular and controllable security mechanism. It is worth noting that they do work in conjunction with each other and follow a ‘highest access wins’ rule. This means that as long as you belong to one Access Principle that grants access to a feature, you will be able to see it. This is why Access Principles should be tiered to progressively grant access to functionality, rather than restrict it.
Access Control
Elements in the system that support the Advanced Security configuration will appear under the Access Control section. This tree represents the structure of the security hierarchy from module level down to page element. Once each item is selected, you are shown a list of all the active Access Principles and can enable or disable this feature for that Access Principle. Typically, lower-level elements, when enabled, simply add or remove features from the specific screens, whereas higher-level elements are used to physically prevent access to these sections entirely.
Access Control Tree
You can control access to the following areas of Atmoforms:
This security element works in conjunction with existing admin permissions
-
Activities Module
-
Activities Module Activity Page
- Activities Module Activity Page Fill with Default Answers Button
- Activities Module Activity Page Close Button
- Activities Module Activity Page View History Modal - Filter by Answered vs Unanswered
- Activities Module Activity Page Mark Data as Sensitive
Activities Module Activity Page Delete Button
-
- Calendar Module
- Care Plans Module
-
Contacts Module
- Contacts Module View Page
- Contacts Module View Page Delete Button
-
Dashboards Module
-
Dashboards Module Dashboard Page
- Dashboards Module Dashboard Page View Key Items Container
- Dashboards Module Dashboard Page View Latest Activity Record Container
- Dashboards Module Dashboard Page View Latest Assessment Container
- Dashboards Module Dashboard Page View Latest Care Plan Container
- Dashboards Module Dashboard Page View Latest Contact Record Container
- Dashboards Module Dashboard Page View Care Plan Reviews Due Container
-
-
Diagnoses Module
-
Diagnoses Module View Page
- Diagnoses Module View Page Delete Button
-
-
Enrollments Module
-
Enrollments Module View Page
Enrollments Module View Page Edit Button
Enrollments Module View Page Reopen Button
Enrollments Module View Page Delete Button
-
- Notifications Module
- Pathways Module
Environmental Access Control
The system has the ability to only allow access to the system based on users who have access to specified External Roles. Users who do not have access to any of the external roles specified will not be able to log into the system.
Note: If no external roles are specified, then the system will allow all users to log in.
The system can also limit users to read-only access who have access to specified external roles. Users have access to any these external roles will be limited to read-only access in the system, users not in any of these groups will get full access. If no external roles are specified, then the system will allow all users full read/write access to the system.
Advanced Security Setting
Advanced Security is turned on within the Settings area of the Admin area.
Please note that turning on Advanced Security without setting up any of the Roles, Access Principles and Access Control will mean that staff have a restricted view of patient information.
Access Denied Messages
Please note that because of links in Atmoforms, if you turn off a complete module for Staff, their access to other areas may be restricted.
For example:
- Turning off the Calendar module and not the Notifications module. When Staff click on Reminders in the Notifications module, they will see the Access Denied message, as the Reminders are linked to the Calendar.
- Turning off Contacts and keeping access to Enrollments. When Staff click on an Enrollment to see more details, they will see the Access Denied message, as Contacts are listed within the Enrollment details.
As security features develop, the modular access will expand as needed. If you add Roles and Access Principles beyond what is detailed in this document, there might be some unexpected effects.
The Admin Logs contain details of why Staff have seen the Access Denied messages and which module of the site they do not have access to.
To learn more about setting up Advanced Security, take a look at the examples beneath this page.