342 lines
18 KiB
Markdown
342 lines
18 KiB
Markdown
# PX360 User Access Matrix
|
|
|
|
This document outlines which user roles can access which pages and features in the PX360 system.
|
|
|
|
## Role Hierarchy (High to Low)
|
|
|
|
| Role | Level | Description |
|
|
|------|-------|-------------|
|
|
| **PX Admin** | 100 | Full system access across all hospitals |
|
|
| **Hospital Admin** | 80 | Full access within their assigned hospital |
|
|
| **Department Manager** | 60 | Access to their department and sub-departments |
|
|
| **PX Coordinator** | 50 | Manages complaints, actions, and surveys |
|
|
| **Physician** | 40 | View patient feedback and own ratings |
|
|
| **Nurse/Staff** | 30/20 | Basic staff access to department data |
|
|
| **Viewer** | 10 | Read-only access to reports |
|
|
| **PX Source User** | 5 | External users - create/view only their own complaints/inquiries |
|
|
|
|
---
|
|
|
|
## 🎯 Quick Reference: Role Capabilities
|
|
|
|
| Feature | PX Admin | Hospital Admin | Dept Manager | PX Coord | Physician | Staff | Viewer | Source User |
|
|
|---------|:--------:|:--------------:|:------------:|:--------:|:---------:|:-----:|:------:|:-----------:|
|
|
| **Dashboard (Command Center)** | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | **❌ (Redirected to /px-sources/)** |
|
|
| **All Hospitals** | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| **All Complaints** | ✅ | ✅ Hospital | ✅ Dept | ✅ Hospital | ❌ | ❌ | ✅ | ✅ Own |
|
|
| **Create Complaint** | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ |
|
|
| **Assign Complaints** | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| **Surveys** | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
| **Staff Management** | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| **Settings** | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| **Analytics** | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ |
|
|
| **Admin Evaluation** | ✅ | ✅ | ❌ | **❌** | ❌ | ❌ | ❌ | ❌ |
|
|
| **PX Actions** | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
|
|
---
|
|
|
|
## 📊 Detailed Access by Module
|
|
|
|
### 1. DASHBOARD & ANALYTICS
|
|
|
|
| Page/Feature | PX Admin | Hospital Admin | Dept Manager | PX Coordinator | Physician | Staff | Viewer | Source User |
|
|
|-------------|:--------:|:--------------:|:------------:|:--------------:|:---------:|:-----:|:------:|:-----------:|
|
|
| `/` - Command Center Dashboard | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | **❌ (Redirected)** |
|
|
| `/dashboard/my/` - My Dashboard | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | **❌ (Redirected)** |
|
|
| `/dashboard/admin-evaluation/` | ✅ | ✅ | ❌ | **❌** | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/dashboard/admin-evaluation/staff/<id>/` | ✅ | ✅ | ❌ | **❌** | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/dashboard/admin-evaluation/benchmarks/` | ✅ | ✅ | ❌ | **❌** | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/analytics/dashboard/` | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | **❌ (Redirected)** |
|
|
| `/analytics/kpi-reports/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | **❌ (Redirected)** |
|
|
| `/analytics/command-center/` | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | **❌ (Redirected)** |
|
|
|
|
**Notes:**
|
|
- **PX Admin**: Can switch between all hospitals
|
|
- **Source User**: **STRICT ACCESS** - Can ONLY access `/px-sources/*` and password change. All other pages redirect to `/px-sources/dashboard/`
|
|
- **My Dashboard**: Shows items assigned to the user (complaints, inquiries, actions, tasks)
|
|
|
|
---
|
|
|
|
### 2. COMPLAINTS MODULE
|
|
|
|
| Page/Feature | PX Admin | Hospital Admin | Dept Manager | PX Coordinator | Physician | Staff | Viewer | Source User |
|
|
|-------------|:--------:|:--------------:|:------------:|:--------------:|:---------:|:-----:|:------:|:-----------:|
|
|
| `/complaints/` - List | ✅ All | ✅ Hospital | ✅ Dept | ✅ Hospital | ❌ | ❌ | ✅ | **❌ (Redirected)** |
|
|
| `/complaints/new/` - Create | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/complaints/<id>/` - Detail | ✅ All | ✅ Hospital | ✅ Dept | ✅ Hospital | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/complaints/<id>/assign/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/<id>/change-status/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/<id>/activate/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/<id>/escalate/` | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/<id>/add-note/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/<id>/pdf/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ |
|
|
| `/complaints/<id>/request-explanation/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/bulk/*` - Bulk Actions | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/export/*` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/analytics/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ |
|
|
| `/complaints/templates/` | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/settings/sla/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/settings/escalation-rules/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/oncall/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/adverse-actions/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
|
|
**INQUIRIES (within Complaints):**
|
|
| `/complaints/inquiries/` | ✅ All | ✅ Hospital | ✅ Dept | ✅ Hospital | ❌ | ❌ | ✅ | **❌ (Redirected)** |
|
|
| `/complaints/inquiries/new/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/complaints/inquiries/<id>/` | ✅ All | ✅ Hospital | ✅ Dept | ✅ Hospital | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/complaints/inquiries/<id>/activate/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/complaints/inquiries/<id>/assign/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
|
|
**SOURCE USER PORTAL (ONLY access for Source Users):**
|
|
| `/px-sources/dashboard/` | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | **✅ ONLY** |
|
|
| `/px-sources/complaints/` | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | **✅ ONLY** |
|
|
| `/px-sources/inquiries/` | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | **✅ ONLY** |
|
|
| `/px-sources/complaints/new/` | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | **✅ ONLY** |
|
|
| `/px-sources/inquiries/new/` | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | **✅ ONLY** |
|
|
|
|
**Notes:**
|
|
- **Source User**: **STRICT** - Can ONLY access via `/px-sources/*` portal. Main `/complaints/*` URLs redirect to source dashboard
|
|
- **Department Manager**: Can only see complaints for their department
|
|
- **Viewer**: Can view but not create/edit
|
|
|
|
---
|
|
|
|
### 3. SURVEYS MODULE
|
|
|
|
| Page/Feature | PX Admin | Hospital Admin | Dept Manager | PX Coordinator | Physician | Staff | Viewer | Source User |
|
|
|-------------|:--------:|:--------------:|:------------:|:--------------:|:---------:|:-----:|:------:|:-----------:|
|
|
| `/surveys/instances/` - Survey List | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | **❌ (Redirected)** |
|
|
| `/surveys/instances/<id>/` - Detail | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | **❌ (Redirected)** |
|
|
| `/surveys/templates/` - Templates | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/surveys/templates/create/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/surveys/send/` - Manual Send | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/surveys/send/phone/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/surveys/send/csv/` | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/surveys/his-import/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/surveys/bulk-jobs/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/surveys/reports/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | **❌ (Redirected)** |
|
|
| `/surveys/enhanced-reports/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | **❌ (Redirected)** |
|
|
| `/surveys/comments/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
|
|
**Notes:**
|
|
- **Source User**: **NO ACCESS** - All survey URLs redirect to `/px-sources/dashboard/`
|
|
- **Department Manager**: Can view surveys for their department
|
|
- **Physician**: Can view their own ratings/surveys only
|
|
|
|
---
|
|
|
|
### 4. PX ACTION CENTER
|
|
|
|
| Page/Feature | PX Admin | Hospital Admin | Dept Manager | PX Coordinator | Physician | Staff | Viewer | Source User |
|
|
|-------------|:--------:|:--------------:|:------------:|:--------------:|:---------:|:-----:|:------:|:-----------:|
|
|
| `/actions/` - Action List | ✅ All | ✅ Hospital | ✅ Dept | ✅ Hospital | ❌ | ❌ | ✅ | ❌ |
|
|
| `/actions/<id>/` - Detail | ✅ All | ✅ Hospital | ✅ Dept | ✅ Hospital | ❌ | ❌ | ✅ | ❌ |
|
|
| `/actions/create/` | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/actions/<id>/edit/` | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/actions/<id>/assign/` | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/actions/<id>/approve/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
|
|
**Notes:**
|
|
- **Source User**: NO ACCESS to PX Actions
|
|
- **PX Coordinator**: Full access to manage actions
|
|
|
|
---
|
|
|
|
### 5. STAFF & ORGANIZATIONS
|
|
|
|
| Page/Feature | PX Admin | Hospital Admin | Dept Manager | PX Coordinator | Physician | Staff | Viewer | Source User |
|
|
|-------------|:--------:|:--------------:|:------------:|:--------------:|:---------:|:-----:|:------:|:-----------:|
|
|
| `/organizations/` - Organizations | ✅ | ✅ Own Org | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/organizations/hospitals/` | ✅ | ✅ Own | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/organizations/departments/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | **❌ (Redirected)** |
|
|
| `/organizations/staff/` - Staff List | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/organizations/staff/<id>/` - Detail | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/organizations/staff/create/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/organizations/staff/<id>/edit/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/organizations/staff/hierarchy/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/organizations/sections/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/organizations/subsections/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/organizations/patients/` | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
|
|
**Notes:**
|
|
- **Source User**: **NO ACCESS** - All organization URLs redirect to `/px-sources/dashboard/`
|
|
- **Department Manager**: Can view staff in their department
|
|
- **Hospital Admin**: Full access within their hospital
|
|
|
|
---
|
|
|
|
### 6. PHYSICIANS MODULE
|
|
|
|
| Page/Feature | PX Admin | Hospital Admin | Dept Manager | PX Coordinator | Physician | Staff | Viewer | Source User |
|
|
|-------------|:--------:|:--------------:|:------------:|:--------------:|:---------:|:-----:|:------:|:-----------:|
|
|
| `/physicians/` - Physician List | ✅ | ✅ | ✅ | ✅ | ✅ Own | ✅ | ✅ | **❌ (Redirected)** |
|
|
| `/physicians/<id>/` - Detail | ✅ | ✅ | ✅ | ✅ | ✅ Own | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/physicians/dashboard/` | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | **❌ (Redirected)** |
|
|
| `/physicians/leaderboard/` | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | **❌ (Redirected)** |
|
|
| `/physicians/import/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/physicians/individual-ratings/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
|
|
**Notes:**
|
|
- **Source User**: NO ACCESS
|
|
- **Physician**: Can view their own ratings and profile
|
|
|
|
---
|
|
|
|
### 7. PX SOURCES MODULE
|
|
|
|
| Page/Feature | PX Admin | Hospital Admin | Dept Manager | PX Coordinator | Physician | Staff | Viewer | Source User |
|
|
|-------------|:--------:|:--------------:|:------------:|:--------------:|:---------:|:-----:|:------:|:-----------:|
|
|
| `/px-sources/` - Source List | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/px-sources/<id>/` - Source Detail | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/px-sources/<id>/users/create/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/px-sources/dashboard/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ ✅ |
|
|
| `/px-sources/complaints/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ ✅ |
|
|
| `/px-sources/inquiries/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ ✅ |
|
|
| `/px-sources/complaints/new/` | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ ✅ |
|
|
| `/px-sources/inquiries/new/` | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ ✅ |
|
|
|
|
**Notes:**
|
|
- **Source User**: Has their OWN simplified dashboard
|
|
- **Source User**: Can only create complaints/inquiries from their assigned source
|
|
- **Admin**: Can manage sources and create source users
|
|
|
|
---
|
|
|
|
### 8. SETTINGS & CONFIGURATION
|
|
|
|
| Page/Feature | PX Admin | Hospital Admin | Dept Manager | PX Coordinator | Physician | Staff | Viewer | Source User |
|
|
|-------------|:--------:|:--------------:|:------------:|:--------------:|:---------:|:-----:|:------:|:-----------:|
|
|
| `/config/dashboard/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/config/routing-rules/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/config/sla-config/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/integrations/survey-mapping-settings/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/notifications/send-sms-direct/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | **❌ (Redirected)** |
|
|
| `/notifications/settings/` | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | **❌ (Redirected)** |
|
|
| `/accounts/password/change/` | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | **✅ ONLY** |
|
|
| `/accounts/settings/` | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | **✅ ONLY** |
|
|
|
|
**Notes:**
|
|
- **Source User**: **ONLY** allowed Settings pages are password change and basic settings
|
|
- All other config pages redirect to `/px-sources/dashboard/`
|
|
- **Source User**: NO ACCESS to any settings
|
|
- **Hospital Admin**: Can configure hospital-specific settings
|
|
|
|
---
|
|
|
|
### 9. ACKNOWLEDGEMENTS (Onboarding)
|
|
|
|
| Page/Feature | PX Admin | Hospital Admin | Dept Manager | PX Coordinator | Physician | Staff | Viewer | Source User |
|
|
|-------------|:--------:|:--------------:|:------------:|:--------------:|:---------:|:-----:|:------:|:-----------:|
|
|
| `/acknowledgements/dashboard/` | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
|
|
| `/acknowledgements/signed/` | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
|
|
| `/acknowledgements/sign/<id>/` | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
|
|
| `/acknowledgements/categories/` | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/acknowledgements/checklist/` | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/acknowledgements/compliance/` | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
|
|
**Notes:**
|
|
- **Source User**: NO ACCESS to acknowledgements
|
|
- **Admin**: Can manage acknowledgement content
|
|
|
|
---
|
|
|
|
### 10. USER ACCOUNT & PROFILE
|
|
|
|
| Page/Feature | PX Admin | Hospital Admin | Dept Manager | PX Coordinator | Physician | Staff | Viewer | Source User |
|
|
|-------------|:--------:|:--------------:|:------------:|:--------------:|:---------:|:-----:|:------:|:-----------:|
|
|
| `/accounts/settings/` | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
|
| `/accounts/change-password/` | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
|
|
| `/accounts/users/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/accounts/users/<id>/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/accounts/roles/` | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/accounts/onboarding/provisional/` | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
|
|
| `/accounts/onboarding/wizard/` | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
|
|
|
|
**Notes:**
|
|
- **All users** can access their own settings and change password
|
|
- **Source User**: Can only view/edit their own profile
|
|
|
|
---
|
|
|
|
## 🚫 Access Denied Behavior
|
|
|
|
When a user tries to access a page they don't have permission for:
|
|
|
|
1. **API Endpoints**: Returns HTTP 403 Forbidden with error message
|
|
2. **UI Views**: Redirects to login or shows permission denied page
|
|
3. **Menu Items**: Hidden from sidebar (not shown)
|
|
|
|
---
|
|
|
|
## 🔐 Role Permission Summary
|
|
|
|
### PX Admin (Level 100)
|
|
- ✅ Full system access
|
|
- ✅ Can switch between all hospitals
|
|
- ✅ Can create/edit/delete users
|
|
- ✅ Can access all settings
|
|
- ✅ Can view all reports and analytics
|
|
|
|
### Hospital Admin (Level 80)
|
|
- ✅ Full access within their hospital
|
|
- ✅ Can manage staff in their hospital
|
|
- ✅ Can manage complaints/inquiries in their hospital
|
|
- ✅ Can configure hospital settings
|
|
- ❌ Cannot access other hospitals
|
|
|
|
### Department Manager (Level 60)
|
|
- ✅ Access to their department only
|
|
- ✅ Can view staff in their department
|
|
- ✅ Can manage complaints in their department
|
|
- ✅ Can view department reports
|
|
- ❌ Cannot access other departments
|
|
|
|
### PX Coordinator (Level 50)
|
|
- ✅ Can create and manage complaints
|
|
- ✅ Can create and manage PX Actions
|
|
- ✅ Can manage surveys
|
|
- ✅ Can view analytics
|
|
- ❌ Cannot manage staff or settings
|
|
|
|
### Physician (Level 40)
|
|
- ✅ Can view their own ratings
|
|
- ✅ Can view patient feedback
|
|
- ❌ Cannot create complaints
|
|
- ❌ Cannot access admin functions
|
|
|
|
### Nurse/Staff (Level 30/20)
|
|
- ✅ Can view department data
|
|
- ✅ Basic read access
|
|
- ❌ Limited write access
|
|
|
|
### Viewer (Level 10)
|
|
- ✅ Read-only access
|
|
- ✅ Can view reports and dashboards
|
|
- ❌ Cannot create or edit anything
|
|
|
|
### PX Source User (Level 5) - **STRICT ACCESS**
|
|
- ✅ Can create complaints from their source (via `/px-sources/complaints/new/`)
|
|
- ✅ Can create inquiries from their source (via `/px-sources/inquiries/new/`)
|
|
- ✅ Can view only their created complaints/inquiries (via `/px-sources/`)
|
|
- ✅ Can change password (`/accounts/password/change/`)
|
|
- ✅ Can access basic settings (`/accounts/settings/`)
|
|
- ❌ **NO access** to `/` (Command Center) - **Redirected**
|
|
- ❌ **NO access** to `/dashboard/my/` - **Redirected**
|
|
- ❌ **NO access** to `/complaints/` (main) - **Redirected**
|
|
- ❌ **NO access** to surveys - **Redirected**
|
|
- ❌ **NO access** to staff/organizations - **Redirected**
|
|
- ❌ **NO access** to settings/config - **Redirected**
|
|
- ❌ **NO access** to PX Actions - **Redirected**
|
|
- ❌ **NO access** to analytics - **Redirected**
|
|
- ❌ **NO access** to acknowledgements - **Redirected**
|
|
|
|
**ENFORCED BY MIDDLEWARE**: `SourceUserRestrictionMiddleware` ensures strict access control. Any attempt to access non-allowed URLs automatically redirects to `/px-sources/dashboard/`.
|
|
|
|
---
|
|
|
|
## 📝 Last Updated
|
|
|
|
- **Date**: 2026-02-25
|
|
- **Version**: 1.0
|
|
- **Changes**: Added PX Source User role documentation
|