Permissions

App Type

All app types can create patients.

Only apps of type Business System are always allowed to manage (modifying and deleting) patients.

Other app types will need to be granted permission by the Business System. The Business System can allow/disallow management of patients by setting the shared business system setting 'PatientManagementAllowed' stored in Metadata https://himsanoah.atlassian.net/wiki/spaces/AD/pages/3162669077.

User Permissions

Each user is assigned a user role that determines which overall operations the user is allowed to perform.

The permissions granted to each user role can be adjusted in the Noah App Portal.

Granting a permission allows the app to call various routes and HTTP methods on behalf of the user.

https://himsanoah.atlassian.net/wiki/spaces/AD/pages/3195731969 shows which groups of routes will be accessible depending on the assigned permissions.

Patient Fields and Action Data Types

TenantApprovedPermissions has a list of Denied Permissions as well as a list of Approved Permissions - this is to enable apps to know which of its requested permissions have been accepted and which that has not.

Patient Fields

These restrictions apply on both input and output.

An app is not allowed to specify a value on creation/modification if the field hasn’t been allowed on the tenant. An error response will be returned if a value is specified anyway.

On output the field will have a null value if the app isn’t allowed to read the field. Note: If the app is allowed to read the field, a null value means that there is no value for that particular field.

In general: Be aware of changes to these restrictions all the time, i.e. listen for events about changed permissions. When modifying, be aware that a null value could overwrite an actual value if permissions are changed at the same time.

Action Data Types

An app is only allowed to create/modify actions and action previews of these specific data types and only allowed to view public and private data, and action previews of these data types.

User Account Access Levels

An app is only allowed to view the allowed fields.

Limited

Basic

Advanced

Limited

Basic

Advanced

UserAccountId
LegacyUserId
IdPId

All from lower levels.

FirstName
MiddleName
LastName
EmailAddress
DefaultPatientGroupId
NoahRoleId
IsActive

All from lower levels.

FirstName
MiddleName
LastName
EmailAddress
DefaultPatientGroupId
NoahRoleId
IsActive
Image
Notes
PhoneNumber
Created
Updated

Actions and Action Previews

Only the app that initially created is allowed to modify.

Manufacturer Setups

Only the app that initially created is allowed to modify.

Patient Setups

Only the app that initially created is allowed to modify.