First, I am trying to understand the meaning of the ‘authorized’ and ‘active’ flags that are on the new/edit user form.
Second, I would like to have at least 2 types of users:
1) doctors, who are available on the calendar page (want only doctors on calendar)
2) data clerks, who can do pretty much anything, but are not visible on calendar
How can I do this?
Third, at what stage it becomes necessary to use phpGACL to manage permissions? Is there a tutorial that explains the whole user permissions / access issue?
1) Authorized means the user has a calendar. It used to have greater meaning before PHPGACL was embedded into the software. Active means the user account is not disabled. An inactive account cannot be used to log into the system. It’s a way to temporarily disable somebody’s access to OpenEMR. This too is a checkbox whose purpose has changed over the years.
2) You can have RXs and Front Office staff. They are defined by PHPGACL and already exist as pre-defined roles. For example, there are CLinicians, Front-Office, Adminstrators, etc in the security section on the Admin->Users screens. I believe I answered the part about only RXs have calendars in (1).
3) PHPGACL is now built in. You ought to be using it exclusively at this point unless you are running an older version of the software.
Does that help?
My answers are based upon v3.0+ of the software.
hey,
Quick addition to Jason’s superb answer. As he stated, phpGACL is now installed and configured with OpenEMR since version 3.0. To administer it go to the admin->acl menu. At some point there will be documentation, but it is rather intuitive to use. In the admin->acl menu in user section you can add/remove users to access groups. There are 5 groups included (admin, clinician, etc.); you can add/remove groups and edit the actual “controls” these groups can access in the the groups section (I’d suggest not doing this unless need to customize). The Advanced link is only for php-gacl experts.
-brady
That’s funny, since it was required of users of prior versions in order to have any access control. The user HAD to be defined and therefore permitted within phpGACL external using the AXO stuff BEFORE they were created within OpenEMR, or there was no ability to edit the ACL for that user within OpenEMR.
And unless I missed something, ver 3 has only had a "stable" version for one day, right? Just a reality check
If the return value is “write”, the user may add or modify the Access Control Objects.
If the return value is “addonly”, the user may view and add but not modify entries.