1. Overview
OpenVPMS currently has several approaches for defining security permissions, depending on the part of the application where they are used. Permissions may be set by assigning:
1. roles to users.
These roles specify authorities to create, save and remove archetypes.
2. user type classifications to users.
In 1.8, the only recognised user types are Administrator and Clinician.
The Administrator type enables:
- access to the Administration workspaces
- customer and patient merging
- account checks
- product edit/delete/copy
The Clinician type identifies the user as a clinician, in order to restrict entry to clinician fields.
3. by assigning a user level to users
This is used to restrict the reports that may be run by users.
This project will:
- unify roles and user type classifications, so that all permissions are managed by assigning roles to users
This will require the creation of new authority types that may be assigned to roles.
- create workspace authorities; a workspace will only be available if the user has the appropriate authority
- only enable New, Edit, and Delete buttons if the user has the appropriate archetype authority
- when listing archetypes for New, only list those that a user has authorities to create
- assign authorities to workspace operations; an operation will only be available if the user has the appropriate authority.
- rationalise archetype authorities; the authorities to create and save are essentially the same - it makes no sense to have a create authority and no save authority
- enhance error messages so that it is obvious why an operation has failed when a user doesn't have authority
- create a default set of authorities for new installations
- migrate existing data to the new format
- change the way temporary documents are managed, so users aren't required to have authorities to remove documents
- remove the Administrator user type. Administrator permissions will be handled via authorities
2. Authorities
2.1 Archetype authority
Currently, there exists one authority type 'security.archetypeAuthority'.
This determines what archetypes can be created, saved and removed.
This will be changed to only determine what archetypes can be created and removed.
It will not be used to determine if a user can retrieve/view particular objects. E.g. it will not be possible to use archetype authorities to prevent a user from viewing unit prices associated with a product, or querying
2.2 Workspace Authority
A new 'security.workspaceAuthority' will be created that determines the workspaces a user can access.
2.3 Workspace Action Authority
A new 'security.workspaceActionAuthority' will be created that determines the actions a user can perform in a workspace, and the archetypes that these actions may be performed on.
These correspond to the buttons that will be displayed in each workspace.
The archetype can be used to limit which archetypes may be operated on by an action. E.g., to prevent users from creating Investigations and Medications from within Patient - Medical Records, the following could be defined:
| Name |
Authority |
Action |
Archetype |
| New Medical Record |
patient.history |
new |
*,!act.patientMedication,!act.patientInvestigation |
i.e, allow all patient history archetypes to be created, except medications and investigations.
2.4 Authority Precedence
If a user has two authorities that intersect, the most specific one applies. E.g, given:
| Name |
Authority |
Action |
Archetype |
| Medical Record 1 |
patient.history |
new |
*, |
| Medical Record 2 |
patient.history |
new |
*,!act.patientMedication,!act.patientInvestigation |
the authority "Medical Record 2" is used as it is more specific than "Medical Record 1".
3. Default Authorities
3.1 Archetype Authority
The existing Archetype authorities will be used.
3.2 Workspace Authority
The following Workspace authorities will be defined:
| Name |
Authority |
| All Workspaces |
* |
| Customer Workspaces - All |
customer.* |
| Customer - Information |
customer.information |
| Customer - Documents |
customer.document |
| Customer - Estimates |
customer.estimate |
| Customer - Charges |
customer.charge |
| Customer - Payments |
customer.payment |
| Customer - Account |
customer.account |
| Customer - Notes & Alerts |
customer.note |
| Patient Workspaces - All |
patient.* |
| Patient - Information |
patient.information |
| Patient - Medical Records |
patient.record |
| Supplier Workspaces - All |
supplier.* |
| Supplier - Information |
supplier.information |
| Supplier - Documents |
supplier.document |
| Supplier - Orders |
supplier.order |
| Supplier - Deliveries |
supplier.delivery |
| Supplier - Charges |
supplier.charge |
| Supplier - Payments |
supplier.payment |
| Supplier - Account |
supplier.account |
| Workflow Workspaces - All |
workflow.* |
| Workflow - Scheduling |
workflow.scheduling |
| Workflow - Worklists |
workflow.worklist |
| Workflow - Messaging |
workflow.messaging |
| Workflow - Investigations |
workflow.investigation |
| Workflow - Customer Orders |
workflow.order |
| Product Workspaces - All |
product.* |
| Product - Information |
product.information |
| Product - Stock Management |
product.stock |
| Reporting Workspaces - All |
reporting.* |
| Reporting - Till Balancing |
reporting.till |
| Reporting - Deposits |
reporting.deposit |
| Reporting - Debtors |
reporting.debtor |
| Reporting - Work In Progress |
reporting.wip |
| Reporting - Reminders |
reporting.reminder |
| Reporting - Reports |
reporting.report |
| Administration Workspaces - All |
admin.* |
| Administration - Organisation |
admin.organisation |
| Administration - Types |
admin.type |
| Administration - Templates |
admin.template |
| Administration - Lookups |
admin.lookup |
| Administration - Users |
admin.user |
| Administration - Groups |
admin.group |
| Administration - Roles |
admin.role |
| Administration - Authorities |
admin.authority |
| Administration - Archetypes |
admin.archetype |
| Administration - Style Sheets |
admin.stylesheet |
3.3 Workspace Action Authority
The following Workpace Action authorities will be defined:
| Name |
Authority |
Action |
Archetype |
| All Workspace Actions |
* |
* |
* |
| Customer - All Actions |
customer.* |
* |
* |
| Customer Information - All Actions |
customer.information |
* |
* |
| Customer - New |
customer.information |
new |
* |
| Customer - Edit |
customer.information |
edit |
* |
| Customer - Delete |
customer.information |
delete |
* |
| Customer - Merge |
customer.information |
merge |
* |
| Customer Document - All Actions |
customer.document |
* |
* |
| Customer Document - New |
customer.document |
new |
* |
| Customer Document - Edit |
customer.document |
edit |
* |
| Customer Document - Delete |
customer.document |
delete |
* |
| Customer Document - Refresh |
customer.document |
refresh |
* |
| Estimate - All Actions |
customer.estimate |
* |
* |
| Estimate - New |
customer.estimate |
new |
* |
| Estimate - Edit |
customer.estimate |
edit |
* |
| Estimate - Delete |
customer.estimate |
delete |
* |
| Estimate - Copy |
customer.estimate |
copy |
* |
| Estimate - Invoice |
customer.estimate |
invoice |
* |
| Estimate - Finalise |
customer.estimate |
finalise |
* |
| Charge - All Actions |
customer.charge |
* |
* |
| Charge - New |
customer.charge |
new |
* |
| Charge - Edit |
customer.charge |
edit |
* |
| Charge - Delete |
customer.charge |
delete |
* |
| Charge - Finalise |
customer.charge |
finalise |
* |
| Payment - All Actions |
customer.payment |
* |
* |
| Payment - New |
customer.payment |
new |
* |
| Payment - Edit |
customer.payment |
edit |
* |
| Payment - Delete |
customer.payment |
delete |
* |
| Payment - Finalise |
customer.payment |
finalise |
* |
| Customer Account - All Actions |
customer.account |
* |
* |
| Adjustment - New |
customer.account |
adjust |
* |
| Reversal - New |
customer.account |
reverse |
* |
| Customer Account - Check |
customer.account |
check |
N/A |
| Note - All Actions |
customer.note |
* |
* |
| Note - New |
customer.note |
new |
* |
| Note - Edit |
customer.note |
edit |
* |
| Note - Delete |
customer.note |
delete |
* |
| Patient - All Actions |
patient.* |
* |
* |
| Patient Information - All Actions |
patient.information |
* |
* |
| Patient - New |
patient.information |
new |
* |
| Patient - Edit |
patient.information |
edit |
* |
| Patient - Delete |
patient.information |
delete |
* |
| Patient - Check-In |
patient.information |
checkin |
N/A |
| Patient - Merge |
patient.information |
merge |
N/A |
| Medical Record - All Actions |
patient.history |
* |
* |
| Medical Record - New |
patient.history |
new |
*,!act.patientMedication, !act.patientInvestigation |
| Medical Record - Edit |
patient.history |
edit |
* |
| Medical Record - Delete |
patient.history |
delete |
* |
| Medical Record - Print |
patient.history |
print |
* |
| Add Visit & Note |
patient.history |
addvisitnote |
N/A |
| Reminder/Alert - All Actions |
patient.reminder |
* |
* |
| Reminder/Alert - New |
patient.reminder |
new |
* |
| Reminder/Alert - Edit |
patient.reminder |
edit |
* |
| Reminder/Alert - Delete |
patient.reminder |
delete |
* |
| Patient Document - All Actions |
patient.document |
* |
* |
| Patient Document - New |
patient.document |
new |
* |
| Patient Document - Edit |
patient.document |
edit |
* |
| Patient Document - Delete |
patient.document |
delete |
* |
| Patient Document - Print |
patient.document |
print |
* |
| Prescription - All Actions |
patient.prescription |
* |
* |
| Prescription - New |
patient.prescription |
new |
N/A |
| Prescription - Edit |
patient.prescription |
edit |
N/A |
| Prescription - Delete |
patient.prescription |
delete |
N/A |
| Prescription - Print |
patient.prescription |
print |
N/A |
| Prescription - Dispense |
patient.prescription |
dispense |
N/A |
| Prescription - Cancel |
patient.prescription |
cancel |
N/A |
| Supplier - All Actions |
supplier.* |
* |
* |
| Supplier Information - All Actions |
supplier.information |
* |
* |
| Supplier - New |
supplier.information |
new |
* |
| Supplier - Edit |
supplier.information |
edit |
* |
| Supplier - Delete |
supplier.information |
delete |
* |
| Supplier Document - All Actions |
supplier.document |
* |
* |
| Supplier Document - New |
supplier.document |
new |
* |
| Supplier Document - Edit |
supplier.document |
edit |
* |
| Supplier Document - Delete |
supplier.document |
delete |
* |
| Supplier Document - Print |
supplier.document |
print |
* |
| Supplier Order - All Actions |
supplier.order |
* |
* |
| Supplier Order - New |
supplier.order |
new |
N/A |
| Supplier Order - Edit |
supplier.order |
edit |
N/A |
| Supplier Order - Delete |
supplier.order |
delete |
N/A |
| Supplier Order - Print |
supplier.order |
print |
N/A |
| Supplier Order - Finalise |
supplier.order |
finalise |
N/A |
| Supplier Order - Copy |
supplier.order |
copy |
N/A |
| Supplier Order - Generate |
supplier.order |
generate |
N/A |
| Supplier Order - Check Inbox |
supplier.order |
checkinbox |
N/A |
| Supplier Delivery - New |
supplier.delivery |
new |
N/A |
| Supplier Delivery - Edit |
supplier.delivery |
edit |
N/A |
| Supplier Delivery - Delete |
supplier.delivery |
delete |
N/A |
| Supplier Delivery - Finalise |
supplier.delivery |
finalise |
N/A |
| Supplier Delivery - Check Inbox |
supplier.delivery |
checkinbox |
N/A |
| Supplier Charge - New |
supplier.charge |
new |
* |
| Supplier Charge - Edit |
supplier.charge |
edit |
* |
| Supplier Charge - Delete |
supplier.charge |
delete |
* |
| Supplier Charge - Finalise |
supplier.charge |
finalise |
* |
| Supplier Charge - Print |
supplier.charge |
print |
* |
| Supplier Payment - New |
supplier.payment |
new |
* |
| Supplier Payment - Edit |
supplier.payment |
edit |
* |
| Supplier Payment - Delete |
supplier.payment |
delete |
* |
| Supplier Payment - Finalise |
supplier.payment |
finalise |
* |
| Supplier Payment - Print |
supplier.payment |
print |
* |
| Supplier Account - Print |
supplier.account |
print |
* |
| Supplier Account - Reverse |
supplier.account |
reverse |
* |
| Appointment - New |
workflow.scheduling |
new |
N/A |
| Appointment - Edit |
workflow.scheduling |
edit |
N/A |
| Appointment - Delete |
workflow.scheduling |
delete |
N/A |
| Appointment - Print |
workflow.scheduling |
print |
N/A |
| Scheduling - Check In |
workflow.scheduling |
checkin |
N/A |
| Scheduling - Consult |
workflow.scheduling |
consult |
N/A |
| Scheduling - Check Out |
workflow.scheduling |
checkout |
N/A |
| Scheduling - OTC |
workflow.scheduling |
OTC |
N/A |
| Task - New |
workflow.worklist |
new |
N/A |
| Task - Edit |
workflow.worklist |
edit |
N/A |
| Task - Delete |
workflow.worklist |
delete |
N/A |
| Task - Print |
workflow.worklist |
print |
N/A |
| Worklist - Consult |
workflow.worklist |
consult |
N/A |
| Worklist - Check-Out |
workflow.worklist |
checkout |
N/A |
| Worklist - Transfer |
workflow.worklist |
transfer |
N/A |
| Worklist - OTC |
workflow.worklist |
OTC |
N/A |
| Message - New |
workflow.messaging |
new |
N/A |
| Message - Reply |
workflow.messaging |
reply |
* |
| Message - Forward |
worfklow.messaging |
forward |
* |
| Message - Delete |
workflow.messaging |
delete |
* |
| Message - Complete |
workflow.messaging |
complete |
* |
| Message - Print |
workflow.messaging |
print |
* |
| Investigation - View |
workflow.investigation |
view |
N/A |
| Investigation - Edit |
workflow.investigation |
edit |
N/A |
| Customer Order - New |
workflow.order |
new |
* |
| Customer Order - View |
workflow.order |
view |
* |
| Customer Order - Edit |
workflow.order |
edit |
* |
| Customer Order - Delete |
workflow.order |
delete |
* |
| Customer Order - Invoice |
workflow.order |
invoice |
* |
| Customer Order - Print |
workflow.order |
print |
* |
| Product - New |
product.information |
new |
* |
| Product - View |
product.information |
view |
* |
| Product - Edit |
product.information |
edit |
* |
| Product - Delete |
product.information |
delete |
* |
| Product - Copy |
product.information |
copy |
* |
| Product - Export Prices |
product.information |
export |
N/A |
| Product - Import Prices |
product.information |
import |
N/A |
| Product - View Pricing Groups |
product.information |
viewpricinggroups |
N/A |
| Stock Management - New |
product.stock |
new |
* |
| Stock Management - Edit |
product.stock |
edit |
* |
| Stock Management - Delete |
product.stock |
delete |
* |
| Stock Management - Finalise |
product.stock |
finalise |
* |
| Stock Management - Print |
product.stock |
print |
* |
| Stock - Export |
product.stock |
export |
N/A |
| Stock - Stock |
product.stock |
import |
N/A |
| Batch - New |
product.batch |
new |
N/A |
| Batch - View |
product.batch |
view |
N/A |
| Batch - Edit |
product.batch |
edit |
N/A |
| Batch - Delete |
product.batch |
delete |
N/A |
| Till - Start Clear |
reporting.till |
startclear |
N/A |
| Till - Clear |
reporting.till |
clear |
N/A |
| Till - Print |
reporting.till |
print |
N/A |
| Till - Adjust |
reporting.till |
adjust |
N/A |
| Deposit |
reporting.deposit |
deposit |
N/A |
| Deposit - Print |
reporting.deposit |
print |
N/A |
| Debtors - Send All |
reporting.debtors |
sendall |
N/A |
| Debtors - Print |
reporting.debtors |
print |
N/A |
| Debtors - Report |
reporting.debtors |
report |
N/A |
| Debtors - End Period |
reporting.debtors |
endperiod |
N/A |
NOTES:
- patient.history new/edit/delete/print authorities apply to both Patient - Medical Records and Patient - Problems
- the default patient.history new authority excludes act.patientMedication and act.patientInvestigation as these are not invoiced
- the product.information viewpricinggroup authority is used to change the pricing group when querying products. When enabled, it allows users to see product prices at other practice locations when Pricing Groups are in use.
4. Default Roles
The following roles will be defined:
4.1 Administrator Role
The administrator role gives a user access to all aspects of OpenVPMS.
| Authority Type |
Name |
| Archetype |
All |
| Workspace |
All Workspaces |
| Workspace Action |
All Workspace Actions |
4.2 Base Role
This role defines archetype authorities common to a number of roles.
| Authority Type |
Name |
| Archetype |
Act Relationships - Create All |
| |
Act Relationships - Remove All |
| |
Contacts - Create All |
| |
Contacts - Remove All |
| |
Documents - Create All |
| |
Documents - Remove All |
| |
Entity Relationships - Create All |
| |
Entity Relationships - Remove All |
| |
Identities - Create All |
| |
Identities - Remove All |
| |
Participations - Create All |
| |
Participations - Remove All |
| |
TODO |
| Workspace |
None |
| Workspace Action |
None |
4.3 Clinician Role
This role should be assigned to clinicians, in conjunction with the Base Role.
| Authority Type |
Name |
| Workspace |
Customer Workspaces - All |
| |
Patient Workspaces - All |
| |
Supplier - Information |
| |
Product - Information |
| |
Reporting - Reminders |
| |
Reporting - Reports |
| Workspace Action |
Customer - New |
| |
Customer - Edit |
| |
Customer Document - New |
| |
Customer Document - Edit |
| |
Customer Document - Refresh |
| |
Estimate - New |
| |
Estimate - Edit |
| |
Estimate - Copy |
| |
Estimate - Invoice |
| |
Estimate - Finalise |
| |
Charge - New |
| |
Charge - Edit |
| |
Charge - Finalise |
| |
Payment - New |
| |
Payment - Edit |
| |
Payment - Finalise |
| |
Customer Account - Check |
| |
Note - New |
| |
Note - Edit |
| |
Patient - New |
| |
Patient - Edit |
| |
Patient - Check In |
| |
Medical Record - New |
| |
Medical Record - Edit |
| |
Medical Record - Add Visit & Note |
| |
Reminder/Alert - New |
| |
Reminder/Alert - Edit |
| |
Reminder/Alert - Delete |
| |
Patient Document - New |
| |
Patient Document - Edit |
| |
Patient Document - Print |
| |
Prescription - New |
| |
Prescription - Edit |
| |
Prescription - Cancel |
| |
Prescription - Print |
| |
Prescription - Dispense |
| |
Supplier - New |
| |
Supplier - Edit |
| |
Appointment - New |
| |
Appointment - Edit |
| |
Appointment - Delete |
| |
Appointment - Print |
| |
Scheduling - Check In |
| |
Scheduling - Consult |
| |
Scheduling - Check Out |
| |
Scheduling - OTC |
| |
Task - New |
| |
Task - Edit |
| |
Task - Delete |
| |
Task - Print |
| |
Worklist - Consult |
| |
Worklist - Checkout |
| |
Worklist - Transfer |
| |
Worklist - OTC |
| |
Message - New |
| |
Message - Reply |
| |
Message - Forward |
| |
Message - Complete |
| |
Message - Delete |
| |
Message - Print |
| |
Investigation - View |
| |
Investigation - Edit |
| |
Customer Order - New |
| |
Customer Order - Edit |
| |
Customer Order - View |
| |
Customer Order - Delete |
| |
Customer Order - Invoice |
| |
Customer Order - Print |
| |
Product - View |
| |
|
4.4 Reception Role
This role should be assigned to receptionists, in conjunction with the Base Role.
| Authority Type |
Name |
| Workspace |
Customer Workspaces - All |
| |
Patient Workspaces - All |
| |
Supplier - Information |
| |
Product - Information |
| |
Reporting - Reports |
| Workspace Action |
Customer - New |
| |
Customer - Edit |
| |
Customer Document - New |
| |
Customer Document - Edit |
| |
Customer Document - Refresh |
| |
Estimate - New |
| |
Estimate - Edit |
| |
Estimate - Copy |
| |
Estimate - Invoice |
| |
Estimate - Finalise |
| |
Charge - New |
| |
Charge - Edit |
| |
Charge - Finalise |
| |
Payment - New |
| |
Payment - Edit |
| |
Payment - Finalise |
| |
Note - New |
| |
Note - Edit |
| |
Patient - New |
| |
Patient - Edit |
| |
Patient - Check In |
| |
Medical Record - New |
| |
Medical Record - Edit |
| |
Medical Record - Add Visit & Note |
| |
Reminder/Alert - New |
| |
Reminder/Alert - Edit |
| |
Reminder/Alert - Delete |
| |
Patient Document - New |
| |
Patient Document - Edit |
| |
Patient Document - Print |
| |
Prescription - Print |
| |
Supplier - New |
| |
Supplier - Edit |
| |
Appointment - New |
| |
Appointment - Edit |
| |
Appointment - Delete |
| |
Appointment - Print |
| |
Scheduling - Check In |
| |
Scheduling - Check Out |
| |
Scheduling - OTC |
| |
Task - New |
| |
Task - Edit |
| |
Task - Delete |
| |
Task - Print |
| |
Worklist - Checkout |
| |
Worklist - Transfer |
| |
Worklist - OTC |
| |
Message - New |
| |
Message - Reply |
| |
Message - Forward |
| |
Message - Complete |
| |
Message - Delete |
| |
Message - Print |
| |
Investigation - View |
| |
Customer Order - New |
| |
Customer Order - Edit |
| |
Customer Order - View |
| |
Customer Order - Delete |
| |
Customer Order - Invoice |
| |
Customer Order - Print |
| |
Product - View |
| |
|
4.5 Product Administrator Role
The product adminstrator role can be used to administer products and batches.
| Authority Type |
Name |
| Workspace |
Product - Information |
| |
Product - Batches |
| Workspace Action |
Product - New |
| |
Product - View |
| |
Product - Edit |
| |
Product - Delete |
| |
Product - Copy |
| |
Product - Export Prices |
| |
Product - Import Prices |
| |
Product - View Pricing Groups |
| |
Batch - New |
| |
Batch - View |
| |
Batch - Edit |
| |
Batch - Delete |
| Archetype |
Product - Create All |
| |
Product - Delete All |
| |
Product Batch - Create |
| |
Product Batch - Delete |
| |
Product Price - Create All |
| |
Product Price - Delete All |
| |
Entity Relationships - Create All |
| |
Entity Relationships - Delete All |
| |
Entity Links - Create All |
| |
Entity Links - Delete All |
| |
Entity Identities - Create All |
| |
Entity Identities - Delete All |
| |
|
4.6 Stock Administrator Role
The stock adminstrator role can be used to administer suppliers and stock and perform orders and deliveries.
| Authority Type |
Name |
| Workspace |
Product - Information |
| |
Product - Batches |
| |
Product - Stock Management |
| |
Supplier - All Workspaces |
| Workspace Action |
Product - New |
| |
Product - View |
| |
Product - Edit |
| |
Product - Copy |
| |
Product - View Pricing Groups |
| |
Batch - New |
| |
Batch - View |
| |
Batch - Edit |
| |
Supplier - New |
| |
Supplier - Edit |
| |
Supplier Document - New |
| |
Supplier Document - Edit |
| |
Supplier Document - Print |
| |
Supplier Order - New |
| |
Supplier Order - Edit |
| |
Supplier Order - Finalise |
| |
Supplier Order - Copy |
| |
Supplier Order - Print |
| |
Supplier Order - Generate |
| |
Supplier Order - Check Inbox |
| |
Supplier Delivery - New |
| |
Supplier Delivery - Edit |
| |
Supplier Delivery - Finalise |
| |
Supplier Delivery - Print |
| |
Supplier Delivery - Check Inbox |
| |
Supplier Charge - New |
| |
Supplier Charge - Edit |
| |
Supplier Charge - Finalise |
| |
Supplier Charge - Print |
| |
Supplier Payment - New |
| |
Supplier Payment - Edit |
| |
Supplier Payment - Finalise |
| |
Supplier Payment - Print |
| |
Supplier Account - Print |
| |
Supplier Account - Reverse |
| Archetype |
Product - Create All |
| |
Product Batch - Create |
| |
Product Batch - Delete |
| |
Product Price - Create All |
| |
Product Price - Delete All |
| |
Entity Relationships - Create All |
| |
Entity Relationships - Delete All |
| |
Entity Links - Create All |
| |
Entity Links - Delete All |
| |
Entity Identities - Create All |
| |
Entity Identities - Delete All |
| |
TODO |
4.7 Back Office Administrator Role
This role enables statement and reminder generation, reporting and till operations.
| Authority Type |
Name |
| Workspace |
Reporting Workpaces - All |
| Workspace Action |
Till - Start Clear |
| |
Till - Clear |
| |
Till - Print |
| |
Till - Adjust |
| |
Deposit |
| |
Deposit - Print |
| |
Debtors - Send All |
| |
Debtors - Print |
| |
Debtors - Report |
| |
Debtors - End Period |
| Archetype |
TODO |
| |
|
5. Document Authorities
In order to download PDF documents generated via reports, all users must have new and delete Archetype authorities for the document.other archetype which is currently used to store all documents.
A new "document.temporary" document archetype will be created for this purpose, and all users will be granted authorities to create and delete these.
This will enable delete authorities for document.other to be removed from users who shouldn't be able to delete documents, but should be able to print them.
6. Data Migration
6.1 granted_authorities table
This change will require structural changes to the granted_authorities table:
- 'service_name' column is dropped
- 'archetype' column is renamed to 'authority'
- 'method' column is renamed to 'action'
6.2 Archetype authorities
All archetype authorities with 'save' action will be removed.
6.3 Document templates
The entity.documentTemplate acts need to be updated to link to the appropriate security.reportAuthority authorities.
6.4 Administrators
Users with an ADMINISTRATOR lookup.userType will be assigned the default Administrator role.
The ADMINISTRATOR lookup.userType will be deactivated.
7. Exclusions
This project will not address:
