Please Share your Product Ideas with us!

All ideas are welcome. Just because the Idea doesn't make it into the product immediately does not make it a bad idea.

Security level to create / modify 'domain-owned' assets rather than 'enterprise-owned' assets

While we're strong proponents of configurable security checkpoints that would allow us to customize our security to align with our roles, we were directed to suggest specific security combinations that would help us provision our users in the meantime. We have a hub-and-spoke model for governance, meaning we have a centralized enterprise level and sanctioned domain-specific activities which align with the processes set at the enterprise. We would like to see a distinction between creating/modifying assets that are available to the enterprise and creating/modifying assets that are specific to a domain. For example, we may allow our Quality and Patient Safety domain to create rules and policies that they want their team to follow when tracking their terms representing report output, but we wouldn't want them to create or modify enterprise-level rules or policies. Ideally, we'd flag a user as belonging to a level (specific domain or to the enterprise) which would control what they can read, edit, and create.

  • Guest
  • Jun 29 2020
  • Likely to Implement
  • Jun 30, 2020

    Admin response

    We are scoping a more thorough change management and and versioning system that would introduce a more detailed security model to address these type of concerns. This concept of enterprise vs "locally" owned assets is in our plans to support with the exact details of the implementation going through design phases now

  • Attach files