HH/USER_ACCESS_MATRIX.md

PX360 User Access Matrix

This document outlines which user roles can access which pages and features in the PX360 system.

Role Hierarchy (High to Low)

Role	Level	Description
PX Admin	100	Full system access across all hospitals
Hospital Admin	80	Full access within their assigned hospital
Department Manager	60	Access to their department and sub-departments
PX Coordinator	50	Manages complaints, actions, and surveys
Physician	40	View patient feedback and own ratings
Nurse/Staff	30/20	Basic staff access to department data
Viewer	10	Read-only access to reports
PX Source User	5	External users - create/view only their own complaints/inquiries

---

🎯 Quick Reference: Role Capabilities

Feature	PX Admin	Hospital Admin	Dept Manager	PX Coord	Physician	Staff	Viewer	Source User
Dashboard (Command Center)	✅	✅	✅	✅	✅	✅	✅	❌ (Redirected to /px-sources/)
All Hospitals	✅	❌	❌	❌	❌	❌	❌	❌
All Complaints	✅	✅ Hospital	✅ Dept	✅ Hospital	❌	❌	✅	✅ Own
Create Complaint	✅	✅	✅	✅	❌	❌	❌	✅
Assign Complaints	✅	✅	❌	❌	❌	❌	❌	❌
Surveys	✅	✅	✅	✅	❌	❌	❌	❌
Staff Management	✅	✅	❌	❌	❌	❌	❌	❌
Settings	✅	✅	❌	❌	❌	❌	❌	❌
Analytics	✅	✅	✅	✅	❌	❌	✅	❌
Admin Evaluation	✅	✅	❌	❌	❌	❌	❌	❌
PX Actions	✅	✅	✅	✅	❌	❌	❌	❌

---

📊 Detailed Access by Module

1. DASHBOARD & ANALYTICS

Page/Feature	PX Admin	Hospital Admin	Dept Manager	PX Coordinator	Physician	Staff	Viewer	Source User
/ - Command Center Dashboard	✅	✅	✅	✅	✅	✅	✅	❌ (Redirected)
/dashboard/my/ - My Dashboard	✅	✅	✅	✅	✅	✅	✅	❌ (Redirected)
/dashboard/admin-evaluation/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/dashboard/admin-evaluation/staff/<id>/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/dashboard/admin-evaluation/benchmarks/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/analytics/dashboard/	✅	✅	✅	✅	✅	❌	✅	❌ (Redirected)
/analytics/kpi-reports/	✅	✅	✅	✅	❌	❌	✅	❌ (Redirected)
/analytics/command-center/	✅	✅	✅	✅	✅	✅	✅	❌ (Redirected)

Notes:

• PX Admin: Can switch between all hospitals
• Source User: STRICT ACCESS - Can ONLY access /px-sources/* and password change. All other pages redirect to /px-sources/dashboard/
• My Dashboard: Shows items assigned to the user (complaints, inquiries, actions, tasks)

---

2. COMPLAINTS MODULE

Page/Feature	PX Admin	Hospital Admin	Dept Manager	PX Coordinator	Physician	Staff	Viewer	Source User
/complaints/ - List	✅ All	✅ Hospital	✅ Dept	✅ Hospital	❌	❌	✅	❌ (Redirected)
/complaints/new/ - Create	✅	✅	✅	✅	❌	❌	❌	❌ (Redirected)
/complaints/<id>/ - Detail	✅ All	✅ Hospital	✅ Dept	✅ Hospital	❌	❌	❌	❌ (Redirected)
/complaints/<id>/assign/	✅	✅	❌	❌	❌	❌	❌	❌
/complaints/<id>/change-status/	✅	✅	✅	✅	❌	❌	❌	❌
/complaints/<id>/activate/	✅	✅	❌	❌	❌	❌	❌	❌
/complaints/<id>/escalate/	✅	✅	✅	❌	❌	❌	❌	❌
/complaints/<id>/add-note/	✅	✅	✅	✅	❌	❌	❌	❌
/complaints/<id>/pdf/	✅	✅	✅	✅	❌	❌	✅	❌
/complaints/<id>/request-explanation/	✅	✅	❌	❌	❌	❌	❌	❌
/complaints/bulk/* - Bulk Actions	✅	✅	❌	❌	❌	❌	❌	❌
/complaints/export/*	✅	✅	✅	✅	❌	❌	❌	❌
/complaints/analytics/	✅	✅	✅	✅	❌	❌	✅	❌
/complaints/templates/	✅	✅	✅	❌	❌	❌	❌	❌
/complaints/settings/sla/	✅	✅	❌	❌	❌	❌	❌	❌
/complaints/settings/escalation-rules/	✅	✅	❌	❌	❌	❌	❌	❌
/complaints/oncall/	✅	✅	❌	❌	❌	❌	❌	❌
/complaints/adverse-actions/	✅	✅	❌	❌	❌	❌	❌	❌

INQUIRIES (within Complaints): | /complaints/inquiries/ | ✅ All | ✅ Hospital | ✅ Dept | ✅ Hospital | ❌ | ❌ | ✅ | ❌ (Redirected) | | /complaints/inquiries/new/ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ (Redirected) | | /complaints/inquiries/<id>/ | ✅ All | ✅ Hospital | ✅ Dept | ✅ Hospital | ❌ | ❌ | ❌ | ❌ (Redirected) | | /complaints/inquiries/<id>/activate/ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | | /complaints/inquiries/<id>/assign/ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |

SOURCE USER PORTAL (ONLY access for Source Users): | /px-sources/dashboard/ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ ONLY | | /px-sources/complaints/ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ ONLY | | /px-sources/inquiries/ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ ONLY | | /px-sources/complaints/new/ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ ONLY | | /px-sources/inquiries/new/ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ ONLY |

Notes:

• Source User: STRICT - Can ONLY access via /px-sources/* portal. Main /complaints/* URLs redirect to source dashboard
• Department Manager: Can only see complaints for their department
• Viewer: Can view but not create/edit

---

3. SURVEYS MODULE

Page/Feature	PX Admin	Hospital Admin	Dept Manager	PX Coordinator	Physician	Staff	Viewer	Source User
/surveys/instances/ - Survey List	✅	✅	✅	✅	❌	❌	✅	❌ (Redirected)
/surveys/instances/<id>/ - Detail	✅	✅	✅	✅	❌	❌	✅	❌ (Redirected)
/surveys/templates/ - Templates	✅	✅	✅	✅	❌	❌	❌	❌ (Redirected)
/surveys/templates/create/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/surveys/send/ - Manual Send	✅	✅	✅	✅	❌	❌	❌	❌ (Redirected)
/surveys/send/phone/	✅	✅	✅	✅	❌	❌	❌	❌ (Redirected)
/surveys/send/csv/	✅	✅	✅	❌	❌	❌	❌	❌ (Redirected)
/surveys/his-import/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/surveys/bulk-jobs/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/surveys/reports/	✅	✅	✅	✅	❌	❌	✅	❌ (Redirected)
/surveys/enhanced-reports/	✅	✅	✅	✅	❌	❌	✅	❌ (Redirected)
/surveys/comments/	✅	✅	✅	✅	❌	❌	❌	❌ (Redirected)

Notes:

• Source User: NO ACCESS - All survey URLs redirect to /px-sources/dashboard/
• Department Manager: Can view surveys for their department
• Physician: Can view their own ratings/surveys only

---

4. PX ACTION CENTER

Page/Feature	PX Admin	Hospital Admin	Dept Manager	PX Coordinator	Physician	Staff	Viewer	Source User
/actions/ - Action List	✅ All	✅ Hospital	✅ Dept	✅ Hospital	❌	❌	✅	❌
/actions/<id>/ - Detail	✅ All	✅ Hospital	✅ Dept	✅ Hospital	❌	❌	✅	❌
/actions/create/	✅	✅	❌	✅	❌	❌	❌	❌
/actions/<id>/edit/	✅	✅	❌	✅	❌	❌	❌	❌
/actions/<id>/assign/	✅	✅	❌	✅	❌	❌	❌	❌
/actions/<id>/approve/	✅	✅	❌	❌	❌	❌	❌	❌

Notes:

• Source User: NO ACCESS to PX Actions
• PX Coordinator: Full access to manage actions

---

5. STAFF & ORGANIZATIONS

Page/Feature	PX Admin	Hospital Admin	Dept Manager	PX Coordinator	Physician	Staff	Viewer	Source User
/organizations/ - Organizations	✅	✅ Own Org	❌	❌	❌	❌	❌	❌
/organizations/hospitals/	✅	✅ Own	❌	❌	❌	❌	❌	❌ (Redirected)
/organizations/departments/	✅	✅	✅	✅	❌	❌	✅	❌ (Redirected)
/organizations/staff/ - Staff List	✅	✅	✅	✅	❌	❌	❌	❌ (Redirected)
/organizations/staff/<id>/ - Detail	✅	✅	✅	✅	❌	❌	❌	❌ (Redirected)
/organizations/staff/create/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/organizations/staff/<id>/edit/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/organizations/staff/hierarchy/	✅	✅	✅	✅	❌	❌	❌	❌ (Redirected)
/organizations/sections/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/organizations/subsections/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/organizations/patients/	✅	✅	✅	✅	❌	❌	❌	❌ (Redirected)

Notes:

• Source User: NO ACCESS - All organization URLs redirect to /px-sources/dashboard/
• Department Manager: Can view staff in their department
• Hospital Admin: Full access within their hospital

---

6. PHYSICIANS MODULE

Page/Feature	PX Admin	Hospital Admin	Dept Manager	PX Coordinator	Physician	Staff	Viewer	Source User
/physicians/ - Physician List	✅	✅	✅	✅	✅ Own	✅	✅	❌ (Redirected)
/physicians/<id>/ - Detail	✅	✅	✅	✅	✅ Own	❌	❌	❌ (Redirected)
/physicians/dashboard/	✅	✅	✅	✅	✅	✅	✅	❌ (Redirected)
/physicians/leaderboard/	✅	✅	✅	✅	✅	✅	✅	❌ (Redirected)
/physicians/import/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/physicians/individual-ratings/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)

Notes:

• Source User: NO ACCESS
• Physician: Can view their own ratings and profile

---

7. PX SOURCES MODULE

Page/Feature	PX Admin	Hospital Admin	Dept Manager	PX Coordinator	Physician	Staff	Viewer	Source User
/px-sources/ - Source List	✅	✅	❌	❌	❌	❌	❌	❌
/px-sources/<id>/ - Source Detail	✅	✅	❌	❌	❌	❌	❌	❌
/px-sources/<id>/users/create/	✅	✅	❌	❌	❌	❌	❌	❌
/px-sources/dashboard/	✅	✅	❌	❌	❌	❌	❌	✅ ✅
/px-sources/complaints/	✅	✅	❌	❌	❌	❌	❌	✅ ✅
/px-sources/inquiries/	✅	✅	❌	❌	❌	❌	❌	✅ ✅
/px-sources/complaints/new/	❌	❌	❌	❌	❌	❌	❌	✅ ✅
/px-sources/inquiries/new/	❌	❌	❌	❌	❌	❌	❌	✅ ✅

Notes:

• Source User: Has their OWN simplified dashboard
• Source User: Can only create complaints/inquiries from their assigned source
• Admin: Can manage sources and create source users

---

8. SETTINGS & CONFIGURATION

Page/Feature	PX Admin	Hospital Admin	Dept Manager	PX Coordinator	Physician	Staff	Viewer	Source User
/config/dashboard/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/config/routing-rules/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/config/sla-config/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/integrations/survey-mapping-settings/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/notifications/send-sms-direct/	✅	✅	❌	❌	❌	❌	❌	❌ (Redirected)
/notifications/settings/	✅	✅	✅	✅	✅	✅	❌	❌ (Redirected)
/accounts/password/change/	✅	✅	✅	✅	✅	✅	✅	✅ ONLY
/accounts/settings/	✅	✅	✅	✅	✅	✅	✅	✅ ONLY

Notes:

• Source User: ONLY allowed Settings pages are password change and basic settings
• All other config pages redirect to /px-sources/dashboard/
• Source User: NO ACCESS to any settings
• Hospital Admin: Can configure hospital-specific settings

---

9. ACKNOWLEDGEMENTS (Onboarding)

Page/Feature	PX Admin	Hospital Admin	Dept Manager	PX Coordinator	Physician	Staff	Viewer	Source User
/acknowledgements/dashboard/	✅	✅	✅	✅	✅	✅	✅	❌
/acknowledgements/signed/	✅	✅	✅	✅	✅	✅	✅	❌
/acknowledgements/sign/<id>/	✅	✅	✅	✅	✅	✅	✅	❌
/acknowledgements/categories/	✅	❌	❌	❌	❌	❌	❌	❌
/acknowledgements/checklist/	✅	❌	❌	❌	❌	❌	❌	❌
/acknowledgements/compliance/	✅	❌	❌	❌	❌	❌	❌	❌

Notes:

• Source User: NO ACCESS to acknowledgements
• Admin: Can manage acknowledgement content

---

10. USER ACCOUNT & PROFILE

Page/Feature	PX Admin	Hospital Admin	Dept Manager	PX Coordinator	Physician	Staff	Viewer	Source User
/accounts/settings/	✅	✅	✅	✅	✅	✅	✅	✅
/accounts/change-password/	✅	✅	✅	✅	✅	✅	✅	✅
/accounts/users/	✅	✅	❌	❌	❌	❌	❌	❌
/accounts/users/<id>/	✅	✅	❌	❌	❌	❌	❌	❌
/accounts/roles/	✅	❌	❌	❌	❌	❌	❌	❌
/accounts/onboarding/provisional/	✅	✅	❌	❌	❌	❌	❌	❌
/accounts/onboarding/wizard/	✅	✅	✅	✅	✅	✅	✅	❌

Notes:

• All users can access their own settings and change password
• Source User: Can only view/edit their own profile

---

🚫 Access Denied Behavior

When a user tries to access a page they don't have permission for:

1. API Endpoints: Returns HTTP 403 Forbidden with error message
2. UI Views: Redirects to login or shows permission denied page
3. Menu Items: Hidden from sidebar (not shown)

---

🔐 Role Permission Summary

PX Admin (Level 100)

• ✅ Full system access
• ✅ Can switch between all hospitals
• ✅ Can create/edit/delete users
• ✅ Can access all settings
• ✅ Can view all reports and analytics

Hospital Admin (Level 80)

• ✅ Full access within their hospital
• ✅ Can manage staff in their hospital
• ✅ Can manage complaints/inquiries in their hospital
• ✅ Can configure hospital settings
• ❌ Cannot access other hospitals

Department Manager (Level 60)

• ✅ Access to their department only
• ✅ Can view staff in their department
• ✅ Can manage complaints in their department
• ✅ Can view department reports
• ❌ Cannot access other departments

PX Coordinator (Level 50)

• ✅ Can create and manage complaints
• ✅ Can create and manage PX Actions
• ✅ Can manage surveys
• ✅ Can view analytics
• ❌ Cannot manage staff or settings

Physician (Level 40)

• ✅ Can view their own ratings
• ✅ Can view patient feedback
• ❌ Cannot create complaints
• ❌ Cannot access admin functions

Nurse/Staff (Level 30/20)

• ✅ Can view department data
• ✅ Basic read access
• ❌ Limited write access

Viewer (Level 10)

• ✅ Read-only access
• ✅ Can view reports and dashboards
• ❌ Cannot create or edit anything

PX Source User (Level 5) - STRICT ACCESS

• ✅ Can create complaints from their source (via /px-sources/complaints/new/)
• ✅ Can create inquiries from their source (via /px-sources/inquiries/new/)
• ✅ Can view only their created complaints/inquiries (via /px-sources/)
• ✅ Can change password (/accounts/password/change/)
• ✅ Can access basic settings (/accounts/settings/)
• ❌ NO access to / (Command Center) - Redirected
• ❌ NO access to /dashboard/my/ - Redirected
• ❌ NO access to /complaints/ (main) - Redirected
• ❌ NO access to surveys - Redirected
• ❌ NO access to staff/organizations - Redirected
• ❌ NO access to settings/config - Redirected
• ❌ NO access to PX Actions - Redirected
• ❌ NO access to analytics - Redirected
• ❌ NO access to acknowledgements - Redirected

ENFORCED BY MIDDLEWARE: SourceUserRestrictionMiddleware ensures strict access control. Any attempt to access non-allowed URLs automatically redirects to /px-sources/dashboard/.

---

📝 Last Updated

• Date: 2026-02-25
• Version: 1.0
• Changes: Added PX Source User role documentation