I've been updating the Enhance OpenVPMS user authorities project to define some default roles (section 4):

• Administrator - provides access to everything
• Clinician - role for clinicians that supports charging, estimates workflow etc
• Reception - role for reception. Similar to the clinician role, except excludes prescription creation/edit and consult workflows
• Product Administrator - administer product and batches
• Stock Administrator - administer suppliers and stock and perform orders and deliveries
• Back Office Administrator - enables statement and reminder generation, reporting and till operations

Is this too coarse grained? e.g should there be separate roles for supplier orders and deliveries?

One thing worth pointing out is that the workspace action authorities make the existing archetype authorities redundant in many respects. The workspace action authorities can be used to specify the archetypes for a given action, whereas the archetype authorities apply globally.

I think the only time archetype authorities would be useful under the proposed changes would be to:

• prevent a user creating/editing a particular archetype anywhere in the app (e.g. to avoid it being specified in multiple workspace action authorities)
• as a fallback, if there is no workspace action check performed for a particular operation
• sandboxing 3rd party plugins (if/when we add plugin support)

From a migration perspective, it will be hard to migrate existing authorities as users are free to define any authority they choose.

My current inclination is be to remove all existing authorities and assign:

• administrator users an Administration role; and
• clinicians a Clinician role; and
• everyone else a Reception, Product Administrator, Stock Administrator and Back Office Adminstrator role.

Unecessary roles can be removed from users as a manual post-migration step.

Thoughts?

Thanks,

-Tim