Creating Custom Roles
Administrators often need to tailor permission sets to align with their organization's specific requirements. Unlike Tendo-provided roles, which are fixed and cannot be edited, administrators have the option to create custom roles to define precisely the permissions that a role at a particular healthcare organization requires.
When creating a custom role, it’s helpful to use existing Tendo-provided roles as examples of how roles and permissions can be organized.
Roles creation is somewhat of an art form that needs to be considered carefully in the context of not only a role, but different states in specialties during the lifestyle of care.
The goal of creating custom roles is to make sure that they match roles that a specific healthcare organization uses or wants to use.
It's also beneficial to create foundational persona roles that encompass a broad set of common permissions for users. Subsequently, administrators can create feature set roles to grant additional permissions to select users as needed.
Creating Roles
To create a custom role, click on the + icon at the top of the Roles list view in Access.
An Add Role modal will display.
Add the following in the fields:
Name - Input the name of your role in Pascal format, with no spaces and the first letter of each word capitalized.
Display Value - Input the name that you want to display in standard English, such as Business Administrator.
Type - Choose the type of role you want in the Type dropdown menu. Type restricts where a role can be used. For example, choose Internal user when assigning user roles, but Machine when assigning a role to a Service Account UI. In the Add Role modal for adding a role to a role group, only roles with the same type as the role group can be selected.
- External User
- Guest
- Internal User
- Machine
Click Add.
Once you have created the role, you can view and click on it in the list view. The detail view of the role will appear on the right, and you can adjust the permissions in that view.
Duplicating a Role
With the large set of permissions for some roles, it's difficult for admins to build them from scratch. Instead, they can duplicate existing roles, and then modify the duplicates as needed for new roles. In this way, Tendo-fefined roles can be used but fine-tuned to meet the specific needs of a healthcare organization.
To duplicate a role, click on it in the roles list, then go to the top right corner and click on the … button and choose Duplicate Role.
A Duplicate Role modal displays, and you can change the name (in Pascal format with no spaces and uppercase letters at the beginning of each word) and display value. You can change the type of role in the Type dropdown menu, and add a description for the new role. Click Save.
Now click through the various tabs under the role’s detail view, and make the modifications the permissions that you want.
You can duplicate both individual roles and role groups.
Role Groups
A Role Group is a set of Roles - the union of its permissions and the permissions of any other roles that have been included in it. Roles for certain types of users can be grouped together in a Roles Group so that administrators can grant access to a Role Group rather than separately assigning each role to users. These roles can include:
Feature Set Roles - These are limited to the set of permissions needed for a feature. This allows feature teams to just manage the permissions that are required by a feature, and allows others to know what is required for a feature to work in a certain capacity. Feature set roles are not role groups, but roles within a Role Group.
- Persona Role - This is a broad set of permissions needed for a persona to work. A persona role can be a Role Group of Feature Set Roles. An example is a CDI Manager role that can be a role group that includes a Report feature set role. In the Detail view of a role, you can see a Role Group field that specifies whether this role is a role group or not. If the field value is False, it is an individual Role. If the Role Group is True, it is a Role Group that includes other roles
When you add a new role in the Add Role modal, you must decide to check this field if it is a Role Group, or leave it blank if it isn’t a role group. This field cannot be changed later by editing the role.
If a Role Group box is checked, only Roles of the same type can be added to the Role Group.
The Role Group's detail view will include a Roles subtab on which is a list of roles that are part of that role group. You can click on any of them to see more details about individual roles in the group. You also can add another role to the group by clicking on the + icon on the upper right.
This opens an Add Role modal that includes a dropdown on which are roles you can select to add to the role group. You can add multiple roles. Then click Add.
Only roles that are designated Role Group is False can be included in a role group.
When the Role Group field is checked, the list view will display its status as a Group.
The Role Group field is available when editing a role, but can only be checked if the role is not used in a role group.
Deleting Roles
You can delete a role in a Role Group under its Roles subtab by clicking on the trash can icon next to each role.
Note that the Application, Objects, and System sub tabs in Roles only display the permissions specific to this role and not other roles that have been added as part of a role group.
Role Groups are enabled in all tenants in Tendo. Any user with the Role Manager role has permissions to view and modify roles and create role groups.