3 * Access Control List Help.
6 * @link http://www.open-emr.org
7 * @author Ranganath Pathak <pathak01@hotmail.com>
9 * @copyright Copyright (c) 2017 Ranganath Pathak <pathak01@hotmail.com>
10 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
14 require_once("../../interface/globals.php");
16 use OpenEMR\Core\Header
;
22 <?php Header
::setupHeader();?
>
23 <title
><?php
echo xlt("Access Control List Help");?
></title
>
25 @media only screen
and (max
-width
: 768px
) {
28 text
-align
:left
!Important
;
34 <div
class="container oe-help-container">
36 <center
><h2
><a name
= 'entire_doc'><?php
echo xlt("Access Control Lists");?
></a
></h2
></center
>
39 <p
><?php
echo xlt("A large application like openEMR is used by a multitude of users with varying roles and degrees of responsibility. It is imperative that access to various parts of the program be granted to users on a need to know basis. To achieve this - Access Control Lists (ACL) are used.");?
>
41 <p
><?php
echo xlt("These lists are used to determine who can access what in openEMR. They work in a top down manner, i.e. initially everybody is denied access to those parts of the program controlled by the ACL.");?
>
43 <p
><?php
echo xlt("Access is then granted selectively to portions of the program on a need to know basis.");?
>
45 <p
><?php
echo xlt("The parts of the program to which access can be controlled are called Access Control Objects (ACOs). ");?
>
47 <p
><?php
echo xlt("These ACOs are grouped into ten broad categories that are part of the default installation. They are - Administration, Accounting, Patient Information, Encounter Information, Squads, Sensitivities, Lists, Placeholder, Nation Notes and Patient Portal. Each of these categories has one or several sub-categories that provide access to specific parts of the program."); ?
>
50 <p
><?php
echo xlt("These sub-categories represent the actual Access Control Objects (ACOs)."); ?
>
52 <p
><?php
echo xlt("The entire collection of ACOs forms the Access Control List (ACL)."); ?
>
54 <p
><?php
echo xlt("Rather than granting access to each ACO individually for each user the program grants access to groups that request these privileges. These groups are called Access Request Objects (ARO)."); ?
>
56 <p
><?php
echo xlt("The default installation has six such groups - Accounting, Administrators, Clinicians, Emergency Login, Front Office and Physicians."); ?
>
58 <p
><?php
echo xlt("Each of these groups (AROs) has access to pre-determined parts of the program (ACOs)."); ?
>
60 <p
><?php
echo xlt("Individual access can be tailored to fit the needs by assigning a user to one or more groups (AROs). The user will then inherit all the privileges, i.e have access to parts of the program (ACO), of each group (ARO) the user belongs to."); ?
>
62 <p
><?php
echo xlt("When a new user is created, access control is granted by the administrator or by a user with similar privileges by selecting which groups (AROs) a user can belong to."); ?
>
64 <p
><?php
echo xlt("This is done in Administration > Users."); ?
>
66 <p
><?php
echo xlt("If privileges have to be modified then it can be done either one user at a time at Administration > Users or more conveniently on this page i.e. Administration > ACL where all users are listed on one page and more options are available."); ?
>
68 <p
><?php
echo xlt("To see to all the ACOs that are available click on the eye icon."); ?
> 
<i id
="show_hide" class="fa fa-eye fa-lg small" title
="<?php echo xla('Click to Show'); ?>"></i
>
70 <div id
="aco_list" class='hideaway' style
='display: none;'>
72 <li
><strong
><?php
echo xlt('Accounting (acct)');?
></strong
></li
>
74 <li
><?php
echo xlt('Billing (write optional) (bill)');?
></li
>
75 <li
><?php
echo xlt('Allowed to discount prices (in Fee Sheet or Checkout form) (disc)');?
></li
>
76 <li
><?php
echo xlt('EOB Data Entry (eob)');?
></li
>
77 <li
><?php
echo xlt('Financial Reporting - my encounters (rep)');?
></li
>
78 <li
><?php
echo xlt('Financial Reporting - anything (rep_a)');?
></li
>
80 <li
><strong
><?php
echo xlt('Administration (admin)');?
></strong
></li
>
82 <li
><?php
echo xlt('Superuser - can delete patients, encounters, issues (super)');?
></li
>
83 <li
><?php
echo xlt('Calendar Settings (calendar)');?
></li
>
84 <li
><?php
echo xlt('Database Reporting (database)');?
></li
>
85 <li
><?php
echo xlt('Forms Administration (forms)');?
></li
>
86 <li
><?php
echo xlt('Practice Settings (practice)');?
></li
>
87 <li
><?php
echo xlt('Superbill Codes Administration (superbill)');?
></li
>
88 <li
><?php
echo xlt('Users/Groups/Logs Administration (users)');?
></li
>
89 <li
><?php
echo xlt('Batch Communication Tool (batchcom)');?
></li
>
90 <li
><?php
echo xlt('Language Interface Tool (language)');?
></li
>
91 <li
><?php
echo xlt('Pharmacy Dispensary (drugs)');?
></li
>
92 <li
><?php
echo xlt('ACL Administration (acl)');?
></li
>
93 <li
><?php
echo xlt('Manage modules (manage_modules)');?
> <i
class="fa fa-exclamation-circle" style
="color:blue" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 7"); ?
></strong
></li
>
94 <li
><?php
echo xlt('Menu (menu)');?
> <i
class="fa fa-exclamation-circle" style
="color:magenta" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 6"); ?
></strong
></li
>
95 <li
><?php
echo xlt('Multipledb (multipledb)');?
> <i
class="fa fa-exclamation-circle oe-text-green" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 5"); ?
></strong
></li
>
98 <li
><strong
><?php
echo xlt('Encounter Information (encounters)');?
></strong
></li
>
100 <li
><?php
echo xlt('Authorize - my encounters (auth)');?
></li
>
101 <li
><?php
echo xlt('Authorize - any encounters (auth_a)');?
></li
>
102 <li
><?php
echo xlt('Coding - my encounters (write,wsome optional) (coding)');?
></li
>
103 <li
><?php
echo xlt('Coding - any encounters (write,wsome optional) (coding_a)');?
></li
>
104 <li
><?php
echo xlt('Notes - my encounters (write,addonly optional) (notes)');?
></li
>
105 <li
><?php
echo xlt('Notes - any encounters (write,addonly optional) (notes_a)');?
></li
>
106 <li
><?php
echo xlt('Fix encounter dates - any encounters (date_a)');?
></li
>
107 <li
><?php
echo xlt('Less-private information (write,addonly optional) (relaxed)');?
></li
>
109 <li
><strong
><?php
echo xlt('Groups (groups)');?
></strong
> <i
class="fa fa-exclamation-circle oe-text-green" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 5"); ?
></strong
></li
>
111 <li
><?php
echo xlt('View/Add/Update groups (gadd)');?
> <i
class="fa fa-exclamation-circle oe-text-green" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 5"); ?
></strong
></li
>
112 <li
><?php
echo xlt('View/Create/Update groups appointment in calendar (gcalendar)');?
> <i
class="fa fa-exclamation-circle oe-text-green" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 5"); ?
></strong
></li
>
113 <li
><?php
echo xlt('Group encounter log (glog)');?
> <i
class="fa fa-exclamation-circle oe-text-green" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 5"); ?
></strong
></li
>
114 <li
><?php
echo xlt('Group detailed log of appointment in patient record (gdlog)');?
> <i
class="fa fa-exclamation-circle oe-text-green" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 5"); ?
></strong
></li
>
115 <li
><?php
echo xlt('Send message from the permanent group therapist to the personal therapist (gm)');?
> <i
class="fa fa-exclamation-circle oe-text-green" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 5"); ?
></strong
></li
>
117 <li
><strong
><?php
echo xlt('Lists (lists)');?
></strong
></li
>
119 <li
><?php
echo xlt('Default List (write,addonly optional) (default)');?
></li
>
120 <li
><?php
echo xlt('State List (write,addonly optional) (state)');?
></li
>
121 <li
><?php
echo xlt('Country List (write,addonly optional) (country)');?
></li
>
122 <li
><?php
echo xlt('Language List (write,addonly optional) (language)');?
></li
>
123 <li
><?php
echo xlt('Ethnicity-Race List (write,addonly optional) (ethrace)');?
></li
>
125 <li
><strong
><?php
echo xlt('Menus (menus)');?
></strong
></li
>
127 <li
><?php
echo xlt('Modules (modle)');?
></li
>
129 <li
><strong
><?php
echo xlt('Nation Notes (nationnotes)');?
></strong
></li
>
131 <li
><?php
echo xlt('Nation Notes (nn_configure)');?
></li
>
133 <li
><strong
><?php
echo xlt('Patient Portal (patientportal)');?
></strong
></li
>
135 <li
><?php
echo xlt('Patient Portal (portal)');?
></li
>
137 <li
><strong
><?php
echo xlt('Patients (patients)');?
></strong
></li
>
139 <li
><?php
echo xlt('Clinical Reminders/Alerts (write,addonly optional) (alert)');?
> <i
class="fa fa-exclamation-circle oe-text-orange" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 4"); ?
></strong
></li
>
140 <li
><?php
echo xlt('Amendments (write,addonly optional) (amendment)');?
> <i
class="fa fa-exclamation-circle oe-text-orange" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 4"); ?
></strong
></li
>
141 <li
><?php
echo xlt('Appointments (write,wsome optional) (appt)');?
></li
>
142 <li
><?php
echo xlt('Demographics (write,addonly optional) (demo)');?
></li
>
143 <li
><?php
echo xlt('Disclosures (write,addonly optional) (disclosure)');?
> <i
class="fa fa-exclamation-circle oe-text-orange" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 4"); ?
></strong
></li
>
144 <li
><?php
echo xlt('Documents (write,addonly optional) (docs)');?
></li
>
145 <li
><?php
echo xlt('Documents Delete (docs_rm)');?
> <i
class="fa fa-exclamation-circle" style
="color:purple" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 8"); ?
></strong
></li
>
146 <li
><?php
echo xlt('Lab Results (write,addonly optional)');?
> <i
class="fa fa-exclamation-circle oe-text-orange" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 4"); ?
></strong
></li
>
147 <li
><?php
echo xlt('Medical/History (write,addonly optional) (med)');?
></li
>
148 <li
><?php
echo xlt('Patient Notes (write,addonly optional) (notes)');?
></li
>
149 <li
><?php
echo xlt('Patient Reminders (write,addonly optional) (reminder)');?
> <i
class="fa fa-exclamation-circle oe-text-orange" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 4"); ?
></strong
></li
>
150 <li
><?php
echo xlt('Prescriptions (write,addonly optional) (rx)');?
> <i
class="fa fa-exclamation-circle oe-text-orange" aria
-hidden
="true"></i
> 
;<strong
><?php
echo xlt("New in ACL Ver 4"); ?
></strong
></li
>
151 <li
><?php
echo xlt('Sign Lab Results (write,addonly optional) (sign)');?
></li
>
152 <li
><?php
echo xlt('Transactions (write optional) (trans)');?
></li
>
154 <li
><strong
><?php
echo xlt('Placeholder (placeholder)');?
></strong
></li
>
156 <li
><?php
echo xlt('Placeholder (Maintains empty ACLs) (filler)');?
></li
>
158 <li
><strong
><?php
echo xlt('Sensitivities (sensitivities)');?
></strong
></li
>
160 <li
><?php
echo xlt('Normal (normal)');?
></li
>
161 <li
><?php
echo xlt('High (high)');?
></li
>
163 <li
><strong
><?php
echo xlt('Squads (squads)');?
></strong
></li
>
167 <p
><?php
echo xlt("The ACL page two sections."); ?
>
168 <ul id
="listed_items">
169 <li
><a href
="#users_section"><?php
echo xlt("User Memberships");?
></a
></li
>
170 <li
><a href
="#groups_section"><?php
echo xlt("Groups and Access Controls");?
></a
></li
>
173 <div
class= "row" id
="users_section">
174 <h4
class="oe-help-heading"><?php
echo xlt("User Memberships"); ?
><a href
="#listed_items"><i
class="fa fa-arrow-circle-up float-right oe-help-redirect" aria
-hidden
="true"></i
></a
></h4
>
175 <p
><?php
echo xlt("By default the User Memberships section is selected and all the active registered users will be listed in alphabetical order by their user names."); ?
>
177 <p
><?php
echo xlt("Clicking on the icon next to their name will bring up the 'Edit' window."); ?
>
179 <p
><?php
echo xlt("The 'Edit' window is divided into two columns, 'Active' and 'Inactive'. The groups (AROs) that are listed in the active column are those groups that the user belongs to."); ?
>
181 <p
><?php
echo xlt("The user's actual privileges are determined by the access to the parts of the program i.e. (ACO) that each group (ARO) has."); ?
>
183 <p
><?php
echo xlt("To move the groups from one column to another select one or more items from the column that you need to move them out of and press the relevant button with the double chevrons."); ?
> <input
class='button_submit oe-inline oe-no-float' type
='button' value
=' >> ' > 
; 
;<input
class='button_submit oe-inline oe-no-float' type
='button' value
=' << ' >
185 <p
><?php
echo xlt("To select multiple groups hold down the 'Shift' or 'Ctrl' keys while clicking."); ?
>
187 <p
><i
class="fa fa-exclamation-circle oe-text-orange" aria
-hidden
="true"></i
> <strong
><?php
echo xlt("Note there is no 'Save' button."); ?
></strong
>
189 <div
class= "row" id
="groups_section">
190 <h4
class="oe-help-heading"><?php
echo xlt("Groups and Access Controls"); ?
><a href
="#listed_items"><i
class="fa fa-arrow-circle-up float-right oe-help-redirect" aria
-hidden
="true"></i
></a
></h4
>
191 <p
><?php
echo xlt("Checking the Groups and Access Controls checkbox will reveal this section that lists all the categories with sub-categories (ACOs), i.e. the parts of the program controlled by the access control list privileges."); ?
>
193 <p
><?php
echo xlt("It also lets you create new groups (AROs) as well as remove existing ones."); ?
>
195 <p
><?php
echo xlt("These groups (AROs) can then be given a set of privileges by assigning different categories (ACOs)."); ?
>
197 <p
><i
class="fa fa-exclamation-circle oe-text-orange" aria
-hidden
="true"></i
> <strong
><?php
echo xlt("This section DOES NOT let you create new ACOs."); ?
></strong
>
199 <p
><?php
echo xlt("There are three actions that can be performed here - edit an existing group (ARO), add a new group (ARO) or delete an existing group (ARO)."); ?
>
201 <p
><strong
><?php
echo xlt("EDIT EXISTING GROUP"); ?
> :</strong
>
203 <p
><?php
echo xlt("To edit an existing group (ARO) click on the icon next to the desired group. This will bring up the edit window."); ?
>
205 <p
><?php
echo xlt("The items listed in the 'Active' column delineate the privileges of this group (ARO) and constitutes this group's Access Control List (ACL)."); ?
>
207 <p
><?php
echo xlt("Move the individual items from 'Active' to 'Inactive' or vice-versa by selecting the items and pressing the relevant button with the double chevron."); ?
> <input
class='button_submit oe-inline oe-no-float' type
='button' value
=' >> ' > 
; 
;<input
class='button_submit oe-inline oe-no-float' type
='button' value
=' << ' >
209 <p
><i
class="fa fa-exclamation-circle oe-text-orange" aria
-hidden
="true"></i
> <strong
><?php
echo xlt("Note there is no 'Save' button."); ?
></strong
>
211 <p
><?php
echo xlt("Click the slashed-eye icon to close."); ?
>
213 <p
><strong
><?php
echo xlt("ADD NEW GROUP"); ?
> :</strong
>
215 <p
><?php
echo xlt("Click the 'Add New Group' button to display the 'New Group Information' section."); ?
>
217 <p
><?php
echo xlt("The Title will be the name of the new group (ARO) that you are going to create."); ?
>
219 <p
><?php
echo xlt("Use a unique word to identify this group, it has to be a single word, if using two words link them together with an underscore or hyphen."); ?
>
221 <p
><?php
echo xlt("Choose one of the four return values that reflect varying degrees of privilege."); ?
>
223 <li
><?php
echo xlt("view - can only read but not add or modify"); ?
></li
>
224 <li
><?php
echo xlt("addonly - can read and add but not modify"); ?
></li
>
225 <li
><?php
echo xlt("wsome - can read and partially modify"); ?
></li
>
226 <li
><?php
echo xlt("write - can read and fully modify"); ?
></li
>
229 <p
><?php
echo xlt("A short description of this group that will appear when you hover over the newly created group (ARO)."); ?
>
231 <p
><i
class="fa fa-exclamation-triangle oe-text-red" aria
-hidden
="true"></i
> <strong
><?php
echo xlt("Review all the parameters that are entered and only then move to the next step. This is because once you create a group (ARO) you will NOT be able of modify any of the data that you have entered in THIS section. You can only delete the entire group (ARO) and start afresh."); ?
></strong
>
233 <p
><?php
echo xlt("Click on the 'Add Group' button to create this new group (ARO)."); ?
>
235 <p
><?php
echo xlt("The group (ARO) that you created will now appear in alphabetical order in the 'Groups and Access Controls' section."); ?
>
237 <p
><?php
echo xlt("If you click on the edit icon next to this newly created group (ARO) you will note that the 'Active' column contains only a single entry - Placeholder (Maintains empty ACLs). As yet this new group (ARO) has NO access to any part of the program as there are no ACOs assigned in the 'Active' column."); ?
>
239 <p
><?php
echo xlt("Add desired privileges by moving items (ACOs) from the 'Inactive' column to the 'Active' column."); ?
>
241 <p
><i
class="fa fa-exclamation-circle oe-text-orange" aria
-hidden
="true"></i
> <strong
><?php
echo xlt("Note there is no 'Save' button."); ?
></strong
>
243 <p
><?php
echo xlt("You can close the edit box by clicking on the 'slashed eye' icon next to the group's name."); ?
>
245 <p
><?php
echo xlt("If you click on any user in the 'User Memberships' section you will now see these newly created group (ARO) in the 'Inactive' column. These can now be assigned in the usual fashion as needed."); ?
>
247 <p
><strong
><?php
echo xlt("REMOVE GROUP"); ?
> :</strong
>
249 <p
><?php
echo xlt("Click the 'Remove Group' button to display the 'Remove Group Form'."); ?
>
251 <p
><?php
echo xlt("Select the group (ARO) that you wish to remove."); ?
>
253 <p
><?php
echo xlt("Click the 'Yes' radio button."); ?
>
255 <p
><?php
echo xlt("Click the 'Delete Group' button to completely remove this group."); ?
>
257 <div
class= "row" id
="advanced_acl">
258 <h4
class="oe-help-heading"><?php
echo xlt("Advanced - Finer Access Control"); ?
><a href
="#"><i
class="fa fa-arrow-circle-up float-right oe-help-redirect" aria
-hidden
="true"></i
></a
></h4
>
259 <p
><?php
echo xlt("Click on the icon next to the 'Access Control List Administration' title to go to the phpGACL page."); ?
> <i id
='advanced' class='fa fa-external-link small' aria
-hidden
='true'></i
>
261 <p
><?php
echo xlt("Here you can customize the ACL further."); ?
>
263 <p
><?php
echo xlt("You have to have an understanding how the program is structured and the ability and willingness to modify the underlying code."); ?
>
265 <p
><?php
echo xlt("Click on the the following link to learn more about what is involved."); ?
> <strong
><a href
="http://www.open-emr.org/wiki/index.php/ACL_Fine_Granular_Control" target
="_blank"><?php
echo xlt("ACL Fine Granular Control"); ?
></a
></strong
>
267 <p
><?php
echo xlt("Best of Luck."); ?
> :)
269 </div
><!--end of container div
-->
271 $
('#show_hide').click(function() {
272 var elementTitle
= $
('#show_hide').prop('title');
273 var hideTitle
= '<?php echo xla('Click to Hide
'); ?>';
274 var showTitle
= '<?php echo xla('Click to Show
'); ?>';
275 $
('.hideaway').toggle('1000');
276 $
(this
).toggleClass('fa-eye-slash fa-eye');
277 if (elementTitle
== hideTitle
) {
278 elementTitle
= showTitle
;
279 } else if (elementTitle
== showTitle
) {
280 elementTitle
= hideTitle
;
282 $
('#show_hide').prop('title', elementTitle
);