Skip to main content

Roles & Permissions

A role is a named bundle of permissions, and the Roles tab of a project's Configuration page is where you decide which roles your project's users get. As Cockpit puts it: "Assigned roles define the permissions available for this user type."

These are the roles of the users inside the project โ€” not of the administrators who manage it.

Two things on the Roles tabโ€‹

1. Default roles per user typeโ€‹

Each user type โ€” HCP, Patient, Device, Organization, User, Admin โ€” has a default set of roles. The first table shows, per user type, its Configuration source (Default or Custom) and its Assigned roles. Change a user type's defaults here and every user of that type picks them up.

info

Changing a user type's default roles applies to existing users too, not just new ones โ€” every user of that type picks up the updated set. The only exception is a user whose roles were changed individually from the Users โ†’ Edit user page (set to Individual for this user): that user keeps their own roles and is no longer affected by changes to the type's defaults. Switch that user back to Default for <user type> and they immediately pick up the type's current roles as configured here on the Roles page. See the configuration sources below.

2. The roles themselvesโ€‹

The second table lists every Role with its Configuration source (Default or Custom), its Permissions (an expandable tree), and a description. "CardinalSDK provides default roles with predefined permissions. If those don't fit your needs, you can create custom roles with your own permission configuration."

Creating a custom roleโ€‹

Click Create custom role and fill in:

  • Role Name โ€” 3โ€“40 characters, letters/digits/underscores; auto-uppercased (e.g. CLINIC_MANAGER). Fixed after creation.
  • Role description โ€” optional, up to 300 characters.
  • Permissions โ€” a searchable, hierarchical tree grouped into business areas (Scheduling, Patients, Medical records, Billing, Messaging, Users & roles, Organizations & practitioners, Devices, Settings & configuration, Security & encryption, System & maintenance, Reference data). Tick the permissions the role grants; Select all / Expand all / Reset help you navigate. A "X of Y selected" counter tracks your choice.

You can edit or delete custom roles (the default roles provided by Cardinal can't be renamed or removed).

Default vs. individual role assignmentโ€‹

When you edit a user, its role assignment has a configuration source:

  • Default for <user type> โ€” the user follows the project-level defaults for its type. If you later add or remove roles for that type, this user's roles update automatically.
  • Individual for this user โ€” a custom assignment just for this user.
caution

Choose Individual for this user with care: that user won't automatically receive new roles you later add to its user type, and roles you remove from the type won't be removed from them.

Where to go nextโ€‹

Cardinal SDK reference: Define user roles โ€” assigning roles and permissions from the SDK.