...
Object | Assoc(1) | Role | Permissions(2) |
|---|---|---|---|
AccountSummary | global (but filtered) | researcher | read |
Study (“participant”) | researcher | read | |
Organization (“member”) | org admin | read | |
App | all | read | |
dev, admin | update | ||
superadmin | create, delete | ||
AppConfig | public | read (filtered) | |
dev | create, read, write, delete | ||
AppConfigElement | dev | create, read, write, delete | |
Assessment | Organization (“owner”) | dev | create, read, write |
admin | delete | ||
AssessmentConfig | public | read | |
Organization (“owner”) | dev | write | |
Enrollment(Detail) | Account (“self”) | any | create, read, delete |
Study | researcher | create, read, delete | |
Study | admin | create, read, delete | |
AssessmentResource | Organization (“owner”) | developer | create, read, delete |
admin | delete | ||
FileMetadata/Revision | developer | create, read, write | |
admin | delete | ||
HealthDataRecord(Ex3) | participant | create | |
worker | write | ||
MasterScheduleConfig | superadmin | create, read, write, delete | |
NotificationMessage | self, admin, researcher | create | |
NotificationRegistration | self, researcher, admin | read | |
NotificationTopic | developer | create, read, write | |
admin | delete | ||
Organization | any | read | |
Account (“membership”) | org_admin | write | |
admin | create, delete | ||
RecordExportStatusRequest | worker | write | |
ReportData | Study | any/public | read |
Study | dev, worker | create, delete | |
ReportIndex | Study | any | read |
Study | dev | create, write | |
RequestInfo | Account (“self”) | ||
RequestInfo | Study | researcher | read |
admin, worker | read | ||
SchedulePlan | developer, researcher, worker | read | |
developer | create, write | ||
admin | delete | ||
SmsTemplate | Account | worker | create |
Study | org_admin | create | |
Organization (“sponsors”) | org_admin | create, read, delete | |
StudyConsent | dev | create, read | |
StudyParticipant | Study (“enrolled”) | researcher | create, read, write |
worker | read | ||
Participant (“self”) | read, write | ||
admin | create | ||
Subpopulation | dev | create, read, write | |
researcher | read | ||
admin | delete | ||
Survey | dev, researcher, worker | read | |
dev | create, write | ||
admin | delete | ||
Tag | public | read | |
superadmin | create, delete | ||
Template/TemplateRevision | dev | create, read, write | |
admin | delete | ||
Upload | dev, admin, worker | read | |
UploadSchema | dev | create, read, write | |
admin | delete |
(1) = association to another model object. This typically means an additional check to ensure is a member of an organization, or has access to a study through their organization, or is the target of the call as well as the caller, and so forth. If blank, then the association is to an app, because everything is scoped/tenanted to an app.
...