The Record Level Access Permission (RLAP) feature allows restricting records in the system to be only visible to certain users or teams within the database.
To give customers more flexibility in the protection of sensitive records, there are 2 configuration options.
This article provides examples to help organisations decide what is the best fit for their service, usually only relevant in more complex database structures, e.g. OOHC or databases that have Teams installed and share modules (e.g. Incidents) between programs.
Note:
RLAP handling is currently under review to increase customer visibility over record permissions
Option 1: Configuration Setting Off (default)
IF a CDS user has access to an individual’s sensitive client record, let’s call this client ‘Emily’
AND Emily is involved in an incident that involves another client that the user does not have access to
THEN the user will not see any record of the incident involving Emily and the other client.
The other client’s information is fully protected in this way.
Option 2: Configuration Setting On
IF a CDS user has access to an individual’s sensitive client record, let’s call this client ‘Emily’
AND Emily is involved in an incident that involves another client that the user does not have access to
THEN the user will see a named link to the incident involving Emily but will be unable to click through to the detail. A message will display advising the user that they have insufficient permissions to access the detailed information.
The other client’s information is mostly protected in this way however a name or other revealing information could potentially be exposed in the record label.
Tip:
Database setup varies, databases may have sensitive records restricted to ‘individual users’, Teams or a combination of individual users and Teams. Please contact your CDS account manager to discuss your instance.
Further information
For further information, refer to the following articles: