Extra Horizon
GitHub
  • Extra Horizon Documentation
  • Getting Started
    • Start familiarizing yourself
  • Tutorials
    • Medical Device Tutorial
      • Preparation
      • Build your first prototype
        • Define a data model
        • Configure your workflows
          • Workflow 1: Analyze a measurement
          • Workflow 2: Create & store a PDF report
          • Workflow 3: Send an e-mail
        • Define your permissions
          • Update your schema with user permissions
          • Update your schema with group permissions
        • Build the Front-End
          • Set up oAuth in your backend
          • Demo login page
      • Summary & Wrap up
    • Polysomnography (PSG) Tutorial
    • Retool - Building dashboards Tutorial
  • FAQ
    • General
  • Services
    • Identity and Access Management
      • User service
        • Users
        • Groups
        • Global roles
        • Configuration
      • Auth Service
        • Applications
        • OAuth2
        • OAuth1
        • MFA
        • OpenID Connect
          • Google Cloud
          • Azure ADFS
    • Data Management
      • File Service
      • Data Service
        • Schemas
        • Documents
        • FAQ Data Service
    • Automation
      • Task Service
        • Functions
        • Tasks
        • API Functions
        • Examples
          • Hello world (JS)
          • Hello world (Py)
          • Hello world (Docker)
        • FAQ
      • Dispatchers Service
      • Event Service
        • System Events
    • Communication
      • Notification Service
        • Notifications
        • Settings
      • Mail Service
    • Other
      • Localization Service
        • Language Codes
      • Template Service
        • Localizations
      • Payments Service
        • Subscriptions
        • Stripe
        • iOS App Store
      • Configurations Service
  • API Reference
    • OpenAPI Specifications
    • 📦Changelog
      • Per-service Changelog
    • Postman Reference Collection
  • Tools
    • SDK
    • CLI
    • Control Center
  • Additional Resources
    • Resource Query Language (RQL)
    • Handling Errors
    • GitHub
    • API interaction (Python)
    • Migration guide: Enabling verification request limiting
  • ExH Platform
    • 🙋Support
    • ⏱️Usage and Performance
    • 🔓Security
    • 🗺️Regions
    • ⚖️Cloud Subscription Agreement
    • 🇺🇸CFR 21 Part 11
Powered by GitBook
On this page
  • Create a group
  • Create a Group Role
  • Group Permissions
  • Staff Enlistment
  • Default permissions
  • Enlist a Staff member
  • Patient Enlistment
  • Default permissions
  • Enlist a patient

Was this helpful?

  1. Services
  2. Identity and Access Management
  3. User service

Groups

Groups allow you to create access control policies for a group of users, or for users with a specific role within that group.

The user service is built for medical applications, where patients and medical staff collaborate and share information. A user can join a group from a patient and/or from a staff member's perspective.

A Patient Enlistment is a type of enlistment that is dedicated to patients without the ability to add more specific permissions.

A Staff Enlistment allows you to create roles within a group where you can attach any kind of permissions to create the role base access system you need for your application.

Create a group

A group is nothing more than the collection of its members. Creating a group is as simple as creating your first group role or attaching your first patient or staff member to a shared identifier: the groupId.

  • Create a group role

  • Enlist a staff member

  • Enlist a patient

Create a Group Role

Group roles give the ability to provide specific users with specific permissions in the context of a group. You can assign permissions that allow users to perform specific actions across the Extra Horizon Services.

//step1: create a new role
const myNewGroupRole = await exh.users.groupRoles.add(
    '841e55106a2a40c39ed6359b2c137a19',
    {
        name: 'myGroupRole',
        description: 'myNewGroupRoleDescription',
    }
);

//step2: attach permissions to the new group role
const rql = rqlBuilder().eq('id', myNewGroupRole.id).build();
await exh.users.groupRoles.addPermissions(
    myNewGroupRole.groupId,
    {
        permissions: ['UPDATE_GROUP_ROLE'],
    },
    rql
);

Group Permissions

You can attach a group Role to Staff Members. Permissions that are not granted to a user by default and you need to obtain via a group role. The table below gives a summary of the group permissions that you can attach to a group role. These permissions allow certain actions in the User Service.

Permission
Description

REMOVE_PATIENT

Remove a patient from the group where you have this permission

CREATE_GROUP_ROLE

Create a role for the group where you have this permission

UPDATE_GROUP_ROLE

Update a role for the group where you have this permission

DELETE_GROUP_ROLE

Delete a role for the group where you have this permission

ADD_GROUP_ROLE_PERMISSION

Add permissions to any role of the group where you have this permission

REMOVE_GROUP_ROLE_PERMISSION

Remove permissions from any role of the group where you have this permission

ADD_GROUP_ROLE_TO_STAFF

Assign a group role to a staff member of the group

REMOVE_GROUP_ROLE_FROM_STAFF

Remove a group role from a staff member of the group

ADD_STAFF

Add staff to the group

REMOVE_STAFF

Remove staff from the group

There are more permissions that you can attach to a group role that affect the allowed actions in other services. An overview of those permissions can be found in the designated service documentation.

Staff Enlistment

You can enlist a user as a staff member of a group. This provides that user with some basic permissions in the User Service and other Extra Horizon services.

Default permissions

See a limited set of fields of all patients and staff members (of the groups where you are enlisted as staff member)

View all the patients in a group

View the other staff members of the group

See a subset of the fields for any staff member or patient of the group

View the roles of the groups where you have a staff enlistment

Enlist a Staff member

await exh.users.groupRoles.addUsersToStaff({
    groups: ['841e55106a2a40c39ed6359b2c137a19'],
});

Once a staff member you can start attaching group roles to give the user additional permissions.

Patient Enlistment

You can enlist a user as a patient of a group. This will provide that user with some basic permissions in the User Service and other Extra Horizon services.

You can not attach additional permissions to patients

Default permissions

Description

See a limited set of fields of the staff members (of the groups where you are enlisted as a patient)

See a subset of the fields for any staff member or patient of the group

Enlist a patient

await exh.users.addPatientEnlistment('{userId}', {
    groupId: '841e55106a2a40c39ed6359b2c137a19',
    expiryTimestamp: 1234567890,
});

With a patient enlistment, you can optionally provide an expiryTimestamp. When you retrieve users, the user service will display whether the expiry timestamp was exceeded or not.

Use Case: You can use this feature to implement a prescription-like application functionality where you provide patients with access to specific functionality while the prescription lasts.

PreviousUsersNextGlobal roles

Last updated 1 year ago

Was this helpful?