| blob | 255da770691b45869c50a4ac27bf5463be6bbdb2 |
1 <?php
2 /**
3 * Access Control List Help.
4 *
5 * @package OpenEMR
6 * @link http://www.open-emr.org
7 * @author Ranganath Pathak <pathak01@hotmail.com>
8 * @copyright Copyright (c) 2017 Ranganath Pathak <pathak01@hotmail.com>
9 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
10 */
17 ?>
30 }
33 }
34 a {
38 }
41 }
46 }
47 }
51 }
54 }
55 }
64 <p><?php echo xlt("A large application like openEMR is used by a multitude of users with varying roles and degrees of responsibility. It is imperative that access to various parts of the program be granted to users on a need to know basis. To achieve this - Access Control Lists (ACL) are used.");?>
66 <p><?php echo xlt("These lists are used to determine who can access what in openEMR. They work in a top down manner, i.e. initially everybody is denied access to those parts of the program controlled by the ACL.");?>
68 <p><?php echo xlt("Access is then granted selectively to portions of the program on a need to know basis.");?>
70 <p><?php echo xlt("The parts of the program to which access can be controlled are called Access Control Objects (ACOs). ");?>
72 <p><?php echo xlt("These ACOs are grouped into ten broad categories that are part of the default installation. They are - Administration, Accounting, Patient Information, Encounter Information, Squads, Sensitivities, Lists, Placeholder, Nation Notes and Patient Portal. Each of these categories has one or several sub-categories that provide access to specific parts of the program."); ?>
75 <p><?php echo xlt("These sub-categories represent the actual Access Control Objects (ACOs)."); ?>
79 <p><?php echo xlt("Rather than granting access to each ACO individually for each user the program grants access to groups that request these privileges. These groups are called Access Request Objects (ARO)."); ?>
81 <p><?php echo xlt("The default installation has six such groups - Accounting, Administrators, Clinicians, Emergency Login, Front Office and Physicians."); ?>
83 <p><?php echo xlt("Each of these groups (AROs) has access to pre-determined parts of the program (ACOs)."); ?>
85 <p><?php echo xlt("Individual access can be tailored to fit the needs by assigning a user to one or more groups (AROs). The user will then inherit all the privileges, i.e have access to parts of the program (ACO), of each group (ARO) the user belongs to."); ?>
87 <p><?php echo xlt("When a new user is created, access control is granted by the administrator or by a user with similar privileges by selecting which groups (AROs) a user can belong to."); ?>
91 <p><?php echo xlt("If privileges have to be modified then it can be done either one user at a time at Administration > Users or more conveniently on this page i.e. Administration > ACL where all users are listed on one page and more options are available."); ?>
93 <p><?php echo xlt("To see to all the ACOs that are available click on the eye icon."); ?>  <i id="show_hide" class="fa fa-eye fa-lg small" title="<?php echo xla('Click to Show'); ?>"></i>
176 <h4 class="oe-help-heading"><?php echo xlt("User Memberships"); ?><a href="#listed_items"><i class="fa fa-arrow-circle-up float-right oe-help-redirect" aria-hidden="true"></i></a></h4>
177 <p><?php echo xlt("By default the User Memberships section is selected and all the active registered users will be listed in alphabetical order by their user names."); ?>
179 <p><?php echo xlt("Clicking on the icon next to their name will bring up the 'Edit' window."); ?>
181 <p><?php echo xlt("The 'Edit' window is divided into two columns, 'Active' and 'Inactive'. The groups (AROs) that are listed in the active column are those groups that the user belongs to."); ?>
183 <p><?php echo xlt("The user's actual privileges are determined by the access to the parts of the program i.e. (ACO) that each group (ARO) has."); ?>
185 <p><?php echo xlt("To move the groups from one column to another select one or more items from the column that you need to move them out of and press the relevant button with the double chevrons."); ?> <input class='button_submit' type='button' value=' >> ' > <input class='button_submit' type='button' value=' << ' >
187 <p><?php echo xlt("To select multiple groups hold down the 'Shift' or 'Ctrl' keys while clicking."); ?>
189 <p><i class="fa fa-exclamation-circle" style="color:orange" aria-hidden="true"></i> <strong><?php echo xlt("Note there is no 'Save' button."); ?></strong>
192 <h4 class="oe-help-heading"><?php echo xlt("Groups and Access Controls"); ?><a href="#listed_items"><i class="fa fa-arrow-circle-up float-right oe-help-redirect" aria-hidden="true"></i></a></h4>
193 <p><?php echo xlt("Checking the Groups and Access Controls checkbox will reveal this section that lists all the categories with sub-categories (ACOs), i.e. the parts of the program controlled by the access control list privileges."); ?>
195 <p><?php echo xlt("It also lets you create new groups (AROs) as well as remove existing ones."); ?>
197 <p><?php echo xlt("These groups (AROs) can then be given a set of privileges by assigning different categories (ACOs)."); ?>
199 <p><i class="fa fa-exclamation-circle" style="color:orange" aria-hidden="true"></i> <strong><?php echo xlt("This section DOES NOT let you create new ACOs."); ?></strong>
201 <p><?php echo xlt("There are three actions that can be performed here - edit an existing group (ARO), add a new group (ARO) or delete an existing group (ARO)."); ?>
205 <p><?php echo xlt("To edit an existing group (ARO) click on the icon next to the desired group. This will bring up the edit window."); ?>
207 <p><?php echo xlt("The items listed in the 'Active' column delineate the privileges of this group (ARO) and constitutes this group's Access Control List (ACL)."); ?>
209 <p><?php echo xlt("Move the individual items from 'Active' to 'Inactive' or vice-versa by selecting the items and pressing the relevant button with the double chevron."); ?> <input class='button_submit' type='button' value=' >> ' > <input class='button_submit' type='button' value=' << ' >
211 <p><i class="fa fa-exclamation-circle" style="color:orange" aria-hidden="true"></i> <strong><?php echo xlt("Note there is no 'Save' button."); ?></strong>
217 <p><?php echo xlt("Click the 'Add New Group' button to display the 'New Group Information' section."); ?>
219 <p><?php echo xlt("The Title will be the name of the new group (ARO) that you are going to create."); ?>
221 <p><?php echo xlt("Use a unique word to identify this group, it has to be a single word, if using two words link them together with an underscore or hyphen."); ?>
223 <p><?php echo xlt("Choose one of the four return values that reflect varying degrees of privilege."); ?>
231 <p><?php echo xlt("A short description of this group that will appear when you hover over the newly created group (ARO)."); ?>
233 <p><i class="fa fa-exclamation-triangle" style="color:red" aria-hidden="true"></i> <strong><?php echo xlt("Review all the parameters that are entered and only then move to the next step. This is because once you create a group (ARO) you will NOT be able of modify any of the data that you have entered in THIS section. You can only delete the entire group (ARO) and start afresh."); ?></strong>
237 <p><?php echo xlt("The group (ARO) that you created will now appear in alphabetical order in the 'Groups and Access Controls' section."); ?>
239 <p><?php echo xlt("If you click on the edit icon next to this newly created group (ARO) you will note that the 'Active' column contains only a single entry - Placeholder (Maintains empty ACLs). As yet this new group (ARO) has NO access to any part of the program as there are no ACOs assigned in the 'Active' column."); ?>
241 <p><?php echo xlt("Add desired privileges by moving items (ACOs) from the 'Inactive' column to the 'Active' column."); ?>
243 <p><i class="fa fa-exclamation-circle" style="color:orange" aria-hidden="true"></i> <strong><?php echo xlt("Note there is no 'Save' button."); ?></strong>
245 <p><?php echo xlt("You can close the edit box by clicking on the 'slashed eye' icon next to the group's name."); ?>
247 <p><?php echo xlt("If you click on any user in the 'User Memberships' section you will now see these newly created group (ARO) in the 'Inactive' column. These can now be assigned in the usual fashion as needed."); ?>
260 <h4 class="oe-help-heading"><?php echo xlt("Advanced - Finer Access Control"); ?><a href="#"><i class="fa fa-arrow-circle-up float-right oe-help-redirect" aria-hidden="true"></i></a></h4>
261 <p><?php echo xlt("Click on the icon next to the 'Access Control List Administration' title to go to the phpGACL page."); ?> <i id='advanced' class='fa fa-external-link small' aria-hidden='true'></i>
265 <p><?php echo xlt("You have to have an understanding how the program is structured and the ability and willingness to modify the underlying code."); ?>
267 <p><?php echo xlt("Click on the the following link to learn more about what is involved."); ?> <strong><a href="http://www.open-emr.org/wiki/index.php/ACL_Fine_Granular_Control" target="_blank"><?php echo xlt("ACL Fine Granular Control"); ?></a></strong>
283 }
285 });