Difference between revisions of "Reporting Database User Permissions"
(New page: == Overview == Granting permissions for users directly accession the SQL Server where clinical data is stored should be done carefully. The primary concerns that we think of include: acc...) |
(No difference)
|
Latest revision as of 17:39, 14 April 2009
Overview
Granting permissions for users directly accession the SQL Server where clinical data is stored should be done carefully. The primary concerns that we think of include: access to information, and ability to edit/delete information in the database. Carefully evaluate the need for a particular individual's need for information when reporting - do they need access to all data? Only user data? Also evaluate whether there are any reasons to grant anything by read (db_datareader) access to the user.
Configurations
Here we share some recommended configurations for users reporting from the Allscripts Enterprise EHR.
Full report-only access
Create a new SQL Login with the following access, for each person who will be reporting from the database. Grant the user the db_datareader database role on all EHR-related databases, and any other permissions defined below:
- AHSCharge
- AHSDelta
- AHSLibrary
- AHSMessage
- AHSOCD (if exists)
- chInfoscan
- chMedcinSearch
- chMedispan
- IDXwf
- Impact (if exists)
- Impact_AUDIT_* (if exists, any Impact Audit databases)
- Winscribe (if exists)
- Works
- Execute on common functions:
- dbo.fnPhone
- dbo.fnGetIntListToTable
- dbo.fnGetChrToTable
- Execute on common functions: