Knowledge Base

Designer

Setup Security Policies

Designer: How to Setup Security Policies

Welkin Health provides your organization the ability to create specific access controls through Security Policies.  To create them, you need to:

  • Create a Security Policy
  • Create Role(s) for this Security Policy: Refer to KBC here: Roles
  • Assign Policies to Role(s)
  • Provision the Role/Policies to users
  • Review and modify final Security Policies

Step 1: Create a Security Policy

  • Under Access Control, click “Security Policies” and then “+ New” button.   Choose an option:
  • “New Empty” creates a policy with only Welkin system fields
  • “Read Only” only applies the ability to read system data.
  • “Admin Full” grants access to all fields

If you need more or less permission than defaulted, change the individual category permissions.  Categories include:

GeneralCalendar
Patient InfoEncounters
Patient ProfileInsights
Internal Data TypesProfiles
Data TypesCommunication
FormsExport Data
DocumentsCare Plans
ProgramsDictionaries

 

Each category has multiple options, explained here: Security Policy Detail 

Step 2: Create Role(s) that will leverage this Security Policy: Roles

Step 3: Assign Policy to Role(s)

  • In the Role you are assigning, choose the appropriate Policies that apply.

Step 4: Provision the Role/Policy to users:

  • In Admin, navigate to a user
  • In the row pertaining to the environment you are modifying, click on the small edit box to the right of the toggles
  • Make sure the user has a role that contains your new policy

Step 5: Review and modify final Security Policy

  • Return to Designer and make any needed policy tweaks that you would like.

Tips and tricks:

  • A “New Empty” policy will show some fields checked that are needed for Welkin’s system to communicate, and cannot be unchecked
  • Always review your policies when making configuration changes.  Many new elements will require additions to your policies
  • Best practice is for a 1:1 Policy to Role ratio to best help differentiate users and their permissions
  • In Admin, use Role assignment rather than Policy Assignment when granting permissions

More Questions?

If you have any questions, please visit the Welkin Health Knowledge-Base or contact your Implementation/CSM for more information.