User Role Matrices

Roles and Permissions

To see or do anything in the system, a user will need to have a role, assigned location (or locations), and contract type (or types). Roles are the actions that user could take, and permissions are the locations and contract types that the user has access to.

Roles

• Admins assign roles to each user to determine the capabilities that the user will have. These capabilities are listed in the user role matrices.

• User roles are separated into three categories:

  • Workflow roles allow selected users to interact with workflows.

  • Contract roles allow selected users to interact with the Contract Library.

  • TERMS roles allow selected users to interact with TERMS.

Permissions

• Admins set user permissions, which determine the contracts and workflows that the user has access to. Permissions consist of three parts: Location | Contract Types | Roles

• Admins can customize permissions via permission overrides.

Considerations for Structuring Permissions

• Does each legal entity have a separate internal admin team? When the healthcare system’s structure of users is parallel to org tree differences, then it is best to utilize nodes of the org tree.

• Does the healthcare system have smaller, cross-functional teams. Is there a need to trigger a particular VP as a workflow participant based on data entered in the workflow? This scenario will benefit from the use of fewer org tree nodes, more triggers, and more user groups.

• At what level node in the org tree do the decision makers work?

• Note that user roles are functional—they determine what actions a user can perform. Where they can perform those actions is determined by their Contract Location permissions, and the workflows in which they can perform the actions are determined by their Contract Type permissions.

Considerations for Assigning User Roles

• How does the average user interact with the app?

• You can configure different location permissions for different roles for the same user.

• You can select a default approver within a group. If one person will be the regular approver and there’s an occasional need for a backup approver, then give them the same permissions, but designate one as the default approver.