I have a customer that would like to have an ACL type that would prevent access to the reports menu entirely. This is actually to prevent providers (and others) that leave the practice from stealing the patient list (which has happened).
It seems a bit overkill, but it does pose a question about how one goes about adding a new ACL type and then implementing it correctly.
How granular should something like this be? All Reports, Reports by top level menu catg, individual reports?
Should the ACL be negative or positive, ie: Access Allowed -vs- Access Denied. web sevices used “Deny Access to all” then allow access to some things… for instance
Can be as granular as you want depending on your goal(if desire per report, then make one for each report; if desire more of a category, then can categorize). One thing to remember is to place the Acl check on both the menu link and on the page itself (so users can’t simply enter in the script web address).
The ACL should by positive (ie. access is allowed when have the acl/key).
The ACL should by positive (ie. access is allowed when have the acl/key).
This seems like the hard way. If you do that then you have to add this extra ACL to every existing group or they will all be denied access by default. Maybe that’s right anyway, just extra work…
Hi Tony,
There’s a method for adding new ACO/ACLs (see above wiki pages), although at some point need to work in a version incrementation (like the database setting in version.php) to only run pertinent stuff in the acl upgrade script (to avoid undoing modifications that a user has made. Think how complicated things would get if there were also negative ACO’s…
Check out this topic which touches on this: http://stackoverflow.com/questions/1704264/access-control-list-best-practices-acl-setting-negative-roles-for-users-who
-brady OpenEMR