Difference between revisions of "Reporting Database User Permissions"

From Galen Healthcare Solutions - Allscripts TouchWorks EHR Wiki
Jump to navigation Jump to search
(New page: == Overview == Granting permissions for users directly accession the SQL Server where clinical data is stored should be done carefully. The primary concerns that we think of include: acc...)
 
(No difference)

Latest revision as of 17:39, 14 April 2009

Overview

Granting permissions for users directly accession the SQL Server where clinical data is stored should be done carefully. The primary concerns that we think of include: access to information, and ability to edit/delete information in the database. Carefully evaluate the need for a particular individual's need for information when reporting - do they need access to all data? Only user data? Also evaluate whether there are any reasons to grant anything by read (db_datareader) access to the user.

Configurations

Here we share some recommended configurations for users reporting from the Allscripts Enterprise EHR.

Full report-only access

Create a new SQL Login with the following access, for each person who will be reporting from the database. Grant the user the db_datareader database role on all EHR-related databases, and any other permissions defined below:

  • AHSCharge
  • AHSDelta
  • AHSLibrary
  • AHSMessage
  • AHSOCD (if exists)
  • chInfoscan
  • chMedcinSearch
  • chMedispan
  • IDXwf
  • Impact (if exists)
  • Impact_AUDIT_* (if exists, any Impact Audit databases)
  • Winscribe (if exists)
  • Works
    • Execute on common functions:
      • dbo.fnPhone
      • dbo.fnGetIntListToTable
      • dbo.fnGetChrToTable
Retrieved from "https://wiki.galenhealthcare.com/index.php?title=Reporting_Database_User_Permissions&oldid=6691"