Users and permissions

This module controls who can enter the system, what actions they can perform and how permissions are assigned per submodule. Additionally, from here you can consult the audit log of a user's events.

How the screen is organized

The main screen shows a table with the list of users. Above the table there is a toolbar with a search engine and high and bulk delete buttons. For each row, individual actions can be executed: edit, assign permissions, delete and view audit log.

Permissions and load

• USERS: WRITE to create, edit and assign permissions.
• USERS: ADMIN to delete users.
• Action SHOW_LOGS (via HCPActionsService.hasAction) to open the audit log from a row.

Access levels per submodule

The system handles 5 access levels that are assigned per submodule:

• NONE: no access.
• READ: read only.
• WRITE: read and write.
• ADMIN: read, write and administration (includes deletion and critical configurations).
• ALL: total access.

Available actions

• Create user: opens the dialog with tabs (personal data, contact, permissions, etc.).
• Edit user: opens the dialog with the preloaded information.
• Assign permissions: opens the permissions dialog to define the access level per submodule.
• Delete user: asks for confirmation; requires USERS: ADMIN.
• View audit log: opens the LogComponent filtered by the user; requires SHOW_LOGS action.

Documented features

Feature	Page
Create user	Create user
Edit user	Edit user
Assign permissions	Assign permissions to a user
Deactivate or delete user	Deactivate or delete user
Consult user audit log	Consult user audit log

Security recommendations

• Assign the minimum permission level necessary for each role.
• Periodically audit the permissions of users with ADMIN or ALL level.
• Deactivate users instead of deleting them to preserve history.
• Keep emails updated for sending notifications and access recovery.

Typical roles and suggested permissions

Role	Suggested permissions
Administrator	ALL in key modules: USERS, MODULES, SUBMODULES, NOTIFICATIONS, AUTOMATIONS.
Reception	READ/WRITE in AGENDA, PATIENTS, CASH_BOX, SERVICES, TAGS.
Doctor	READ/WRITE in AGENDA, PATIENTS, PRESCRIPTIONS, MEDICAL_CAPTURE, MEDICAL_STAFF (their profile).
Cashier	READ/WRITE in CASH_BOX; READ in PATIENTS, SERVICES, AGENDA.
Lab technician	READ/WRITE in MEDICAL_CAPTURE, BANK; READ in PATIENTS.

Pending: validate with administration the exact levels for each role.

Relation with other modules

• Modules and Submodules: permissions are assigned on the active submodules.
• Staff types / Actions: special actions (SHOW_LOGS, AGENDA_PARAMETERS, etc.) are validated independently.
• Audit log: all critical actions are recorded in the audit log, accessible from the user's row.