Versions Compared

Version Old Version 14 New Version 15
Changes made by

Alx Dark

Alx Dark

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Object

Assoc(1)

Role

Permissions(2)

AccountSummary

global (but filtered)

researcher

read

Study (“participant”)

researcher

read

Organization (“member”)

org admin

read

App

all

read

dev, admin

update

superadmin

create, delete

AppConfig

public

read (filtered)

dev

create, read, write, delete

AppConfigElement

dev

create, read, write, delete

Assessment

Organization (“owner”)

dev

create, read, write

admin

delete

AssessmentConfig

public

read

Organization (“owner”)

dev

write

Enrollment

EnrollmentDetail

ExternalResource(Detail)

Account (“self”)

any

create, read, delete

Study

researcher

create, read, delete

Study

admin

create, read, delete

AssessmentResource

Organization (“owner”)

developer

create, read, delete

admin

delete

FileMetadata/Revision

developer

create, read, write

admin

delete

HealthDataRecord(Ex3)

MasterScheduleConfig

NotificationMessage

NotificationRegistration

NotificationTopic

OAuthProvider

Organization

RecordExportStatusRequest

ReportData

ReportIndex

RequestInfo

SchedulePlan

SmsTemplate

Study

StudyConsent

StudyParticipant

Subpopulation

Survey

Tag

Template/TemplateRevision

Upload

UploadSchema

(1) = association to another model object. This typically means an additional check to ensure is a member of an organization, or has access to a study through their organization, or is the target of the call as well as the caller, and so forth. If blank, then the association is to an app, because everything is scoped/tenanted to an app.

(2) C = create/write, R = read (list or detail object), U = update/write/delete logically, D = delete (physically).

Here are objects from the v2 domain model that have been designed far enough to think about permissions:

...