Hi,
I wanted to restrict the front desk user from opening documents attached to an encounter.
The default front desk user I have set to “Not authorized to view this encounter” when opening certain encounters, but it still lists the documents attached.
I also have set in practice an access control to a new group to control who can see documents in that category, but the Front Desk user can open new encounters, so they can see attached files of any past encounter by viewing it.
Basically if Front Desk user can see encounters they can see documents attached to those (even those without permission) in the encounter as they still list and linked.
Clicking a document takes them into summary view where they can see all the documents in that category but cannot click any of them.
Is the encounter page checking for permissions on documents or does it just list/link any attached and just check if the user can see encounters?
From what I can tell the Front Desk can view the documents page (controller.php?document&list&patient_id=1) for example, even if they dont have access. They also get the permission to view and upload to categories they should not have permission to. Basically I want to disable/hide document/areas the front desk should not have access to.
Is there something I’m missing here or a way of doing this?