Role Permissions in Depth
Tobi McLennan avatar
Written by Tobi McLennan
Updated over a week ago

Donesafe allows the creation of roles based on customer requirements, the following is an in depth guide on how role settings work within the platform.

Adding a role

To create a new role within Donesafe, simply navigate to the settings section and select “roles”. From here you may update the default roles (Admin and No-Rights-User) and create additional roles, using the add role button.

Global Permissions:

A number of global permissions exist for the product, these permission enable role level access to a number of functions:

  • Unable to modify own profile: Determines whether a user can edit their own profile information including general user information, email and personal information.

  • Can see other users profile: Determines whether a user can view the profile of another user.

  • Can edit organisations: Determines whether a user can edit the organisational information on a record (e.g. change the business unit associated with a record from a statistical point of view).

  • Can view confidential records: This determines whether a user has permission to view confidential records that would otherwise be hidden from view.

  • Can access report builder module: This determines whether and end user can build their own reports.

  • Can see other users personal data: This determines whether and end user can see the personal details of other employee including pay information and home contact details.

An additional global permission can be added to a user via user settings called “technical admin”, this enables the user to moderate all settings within the product and should be limited via internal governance to those responsible for systems administration.

Allowed Actions:

The allowed actions section allow the set up of which participant rules will allow an end user access to a record, the majority of these participant rules inherit organisation reporting lines for the line management, the only exception to this is “All” access which as it sounds will give the user visibility of everything.

The Allowed Action types are as followed:

  • Create: Determines if the end user can create a record.

  • View: Determines if the end user can view a record based on participant role.

  • Edit: Determines if the end user can edit a record based on participant role.

  • Delete: Determines if the end user can delete a record based on participant role.

Participant Roles

The following section outlines the types of participant roles by module type:

Action:

  • All: Allows the end user to complete their “allowed action” on all actions regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the action creator.

  • Assignee: Allows the end user to complete their “allowed action” if they are the action assignee.

Audit:

  • All: Allows the end user to complete their “allowed action” on all Audits regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the audit creator.

  • Auditors: Allows the end user to complete their “allowed action” if they are the auditor of the audit record.

  • Auditee: Allows the end user to complete their “allowed action” if they are the auditee of the audit record.

  • Action Assignee: Allows the end user to complete their “allowed action” if they are the assignee of a related action to the parent audit record.

Chemical Register:

  • All: Allows the end user to complete their “allowed action” on all Chemical Register records regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the chemical register record creator.

  • Action Assignee: Allows the end user to complete their “allowed action” if they are the assignee of a related action to the parent chemical register record.

Company Register:

  • All: Allows the end user to complete their “allowed action” on all Company Register records regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the company register record creator.

  • Contract Manager: Allows the end user to complete their “allowed action” if they are the assigned contract manager on a company register record.

Consultation:

  • All: Allows the end user to complete their “allowed action” on all Consultation records regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the consultation register record creator.

  • Raised by: Allows the end user to complete their “allowed action” if they are the raised by person of a consultation record.

  • Creator: Allows the end user to complete their “allowed action” if they are the attendee of a consultation record.

  • Apologies: Allows the end user to complete their “allowed action” if they are an apology on a consultation record.

  • Action Assignee: Allows the end user to complete their “allowed action” if they are the assignee of a related action to the parent consultation register record.

Drug Testing Register:

  • All: Allows the end user to complete their “allowed action” on all drug testing records regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the Drug Testing record creator.

  • Action Assignee: Allows the end user to complete their “allowed action” if they are the assignee of a related action to the parent drug testing record.

  • Tested By: Allows the end user to complete their “allowed action” if they are the Tested by person of the drug testing record.

  • Tested Persons: Allows the end user to complete their “allowed action” if they are the person tested of the drug testing record.

Hazard:

  • All: Allows the end user to complete their “allowed action” on all Hazard Register records regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the hazard register record creator.

  • Reported by: Allows the end user to complete their “allowed action” if they are the person who reported the hazard.

  • Reported to: Allows the end user to complete their “allowed action” if they are the person who the hazard was reported to.

  • Action Assignee: Allows the end user to complete their “allowed action” if they are the assignee of a related action to the parent hazard register record.

Incident:

  • All: Allows the end user to complete their “allowed action” on all Incident Register records regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the incident register record creator.

  • Reported by: Allows the end user to complete their “allowed action” if they are the person who reported the incident.

  • Reported to: Allows the end user to complete their “allowed action” if they are the person who the incident was reported to.

  • Investigator: Allows the end user to complete their “allowed action” if they are the the person responsible for conducting an investigation.

  • Participating User: Allows the end user to complete their “allowed action” if they are a person who has been selected under “persons involved”.

  • Action Assignee: Allows the end user to complete their “allowed action” if they are the assignee of a related action to the parent incident register record.

Learning Record:

  • All: Allows the end user to complete their “allowed action” on all Learning Register records regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the learning register record creator.

  • Instructor: Allows the end user to complete their “allowed action” if they are the instructor of the learning for the record.

  • Participant: Allows the end user to complete their “allowed action” if they are the the learning record participant.

  • Action Assignee: Allows the end user to complete their “allowed action” if they are the assignee of a related action to the parent learning register record.

Observation:

  • All: Allows the end user to complete their “allowed action” on all Observations regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the observation creator.

  • Observer: Allows the end user to complete their “allowed action” if they are the observer of the audit record.

  • Observee: Allows the end user to complete their “allowed action” if they are the observee of the audit record.

  • Action Assignee: Allows the end user to complete their “allowed action” if they are the assignee of a related action to the parent observation record.

Plant Register:

  • All: Allows the end user to complete their “allowed action” on all Plant Register records regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the plant register record creator.

  • Action Assignee: Allows the end user to complete their “allowed action” if they are the assignee of a related action to the parent plant register record.

Procedure (Knowledgebase):

  • All: Allows the end user to complete their “allowed action” on all Procedure Register records regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the procedure register record creator.

  • Action Assignee: Allows the end user to complete their “allowed action” if they are the assignee of a related action to the parent procedure register record.

Visitor Register:

  • All: Allows the end user to complete their “allowed action” on all Visitor Register records regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the visitor register record creator.

  • Visitee: Allows the end user to complete their “allowed action” if they are the visitee listed within the visitor register record.

  • Visitor: Allows the end user to complete their “allowed action” if they are the visitor listed within the visitor register record.

  • Action Assignee: Allows the end user to complete their “allowed action” if they are the assignee of a related action to the parent visitor register record.

Workers Compensation:

  • All: Allows the end user to complete their “allowed action” on all Workers Compensation Register records regardless of hierarchy.

  • Creator: Allows the end user to complete their “allowed action” if they are the workers compensation register record creator.

  • Treated by: Allows the end user to complete their “allowed action” if they are the person who conducted treatment on the initial injury record.

  • Person Involved: Allows the end user to complete their “allowed action” if they are the person affected under the initial injury record.

  • Case Manager: Allows the end user to complete their “allowed action” if they are the case manager of the workers compensation record.

  • Action Assignee: Allows the end user to complete their “allowed action” if they are the assignee of a related action to the parent workers compensation register record.

Special Permissions:

Special permissions are module specific privileges that can be associated to a role in a similar fashion to global permissions, these include:

Company Register:

  • Use Bank Details: Allows the user to add and view bank details of records they have access to.

Hazard:

  • Use Hazard High Threat: Allows the user to mark a hazard as high threat in which automated actions and notifications can be optionally spawned.

Incident:

  • Use Incident High Threat: Allows the user to mark an incident as high threat in which automated actions and notifications can be optionally spawned.

  • Use Incident Notify Regulator: Allows the user to notify the regulator using the PDF XML injector.

Procedure:

  • Use Mandatory for Visit: Allows the user to mark procedures and mandatory for viewing on the Donesafe Visitor Register Native Application.

Workers Compensation:

  • Use Case manager: Allows the user to assign a case manager for a workers compensation record.

  • Use Liability status: Allows the user to assign a liability status to the record which may be used in determining statistics and payment.

  • Use Insurance claim status: Allows the user to assign the status of the claim to the record which may be used in determining statistics and payment.

  • Use Return to work location: Allows the user to assign a person affected within a workers compensation record a new location for the purpose of rehabilitation.

  • Use Notify regulator: Allows the user to notify the regulator via XML injection into PDF.

  • Use Return to work leader: Allows the user to assign a person affected within a workers compensation record a new manager for the purpose of rehabilitation.

  • Use Return to work approval status: Allows the user to approve an individuals return to work.

  • Use Relate medical certificate: Allows the user to create a return to work plan off of a medical certificate.

  • Use Case notes: Allows the user to create and access case notes on records that they have access to.

  • Use Return plan: Allows the user to create a return to work plan.

  • Use Hours and days lost: Allows the user to manually enter the hours and or days lost.

Did this answer your question?