Location Based Access Control - v0.1.0 Released
Hi every one,
I am very happy to announce that the first version of the Location Based Access control module has been released!. You can download and install the module from these resources,
- AddOns - https://addons.openmrs.org/show/org.openmrs.module.locationbasedaccess
- Bintray - https://bintray.com/openmrs/omod/locationbasedaccess/0.1.0
Deployment Steps for the Location based access control module can be found here :
The tickets information for this release can be found on the JIRA project here: https://issues.openmrs.org/browse/LBAC
I would like to request the community to download and test this module and give your feedback which is the most wanted requirement for now . Please feel free to post your feedback and comments about the module, and any suggestions or ideas to be added into this module.
What is Location Based Access Control?
Currently, OpenMRS has user privileges based access control. So the user needs to have the required privilege to access some of the OpenMRS service. Anyway, OpenMRS doesn’t have any proper location control for their services. Even anyone from any location can access the stored data(eg: Patients information, Encounters, etc)in the OpenMRS. Actually, still, they haven’t concerned about the location management inside the OpenMRS. But we should prepare the OpenMRS to support the access control based on the locations. It will add more value to the data security also and accessibility also.
Like the privileges based access control, we decided to implement a Location based Access control system for the OpenMRS. It will manage the access to all services based on the locations. Some implementations want to register the users and patients (the persons also) in certain selected locations. Then access them based on the location that someone has logged in. That way, if someone is logged in a certain location, they should see only those encounters, observations, and patients registered in that location.
Anyway, the user who has multiple locations access (like Admin in our privilege based access control system) should be able to see patients in all locations. We can allocate multiple locations access to the System Developer or System administrator.
I think you can simply understand the concept by these images,
How to use Location Based Access Control module?
Major features from this module are,
All Patient, Person, and User objects are restricted by the locations. A user from a location can’t get the patient/person/user information from another location.
Able to assign/edit the locations to the patient during the registration through the patient dashboard.
- Go to Patient Registration Dashboard. You can see a new section as “Patient Location”, and there will be a selection box with all active locations in your distribution.
- Select a location for the patient and complete the patient registration.
- Go to Find Patient Dashboard, and search for the patient. You can see that person only when you logged in with the same location of that patient location which was assigned during the registration.
Able to assign/edit the accessible location to the users through the Manage Account Page (In User section).
- Go to Manage Account Dashboard. You can see a new field as “Location” in the user section, and there will be a selection box with all active locations in your distribution.
- Select a location for the user and save it (Make sure about the user privileges).
Users can log in with only their credentials (username and password). There will be no need to select the locations from the login.
Encounters and Observations are restricted by the locations to see only the information which belongs to the user logged in location.
Cc : @dkayiwa