It depends on the context. Yes if you’re integrating OpenMRS in an entreprise setup.
Careful. Because Spring Security is not implemented in OpenMRS, therefore you can not manage role assignments outside of OpenMRS. There’s limitations as to what can be done:
- You can create users with a mechanism that lets the authentication server provide the ‘seed roles’ when creating users. But that’s just for the user creation moment in OpenMRS.
- For already created users, roles must be managed within OpenMRS.
About 1, that’s almost implemented in OAuth 2 Login, look at this:
createUser(user, RandomStringUtils.random(100, true, true),
Arrays.asList(new String[0]))
The last argument that you see now being provided as an empty list is meant to be a list of OpenMRS role names. The authentication provider could provide such list through a custom attribute of the ‘user info’. That was the plan when this was implemented and it was de-prioritised, but the last mile here is very easy to run.