2 Oracle Clinical Menu-Based Security
You control which users have access to which menu items in the Oracle Clinical Navigator (see Figure 2-1) by assigning database roles to users.
Oracle Clinical includes a set of predefined database roles that allow access to a predefined set of Oracle Clinical menu items, including second- and third-level menu items (see Figure 2-2). You can enforce security by assigning users only the database roles they need to do their work, preventing them from seeing other parts of the system and taking actions they are not authorized to take.
For information about predefined database roles, see Creating an Administrator User Account, About the Add User Script, and Granting Additional Database Roles to User Accounts.
If necessary, you can modify the menu items associated with the predefined database roles or create entirely new database roles.
Figure 2-1 Oracle Clinical Navigator with Top-Level Menu Items Displayed
Although each company distributes Oracle Clinical tasks differently among its personnel, following is a guideline for which users need which menu items:
- Administrators need some or all of the Admin menu.
- Study designers need some of the Admin menu and the Plan, Design, and Definition menus. They may also need Glib (Global Library), or you may have people who use only the Global Library.
- Data Managers need the Conduct, Data Entry, and Labs menus. They may also need some or all of the Definition menu.
- Data entry operators need the Data Entry menu.
- Programmers who write validation and derivation Procedures and data extract macros need parts of the Definition menu.
For information about the tasks in each menu, see the following Oracle Clinical user documentation:
- The Oracle Clinical Administrator's Guide has information on the Admin menu.
- Oracle Clinical Creating a Study has information on the Plan, Design, Global Library, Definition, and Labs menus.
- Oracle Clinical Conducting a Study has information on the Conduct, Data Entry, and Labs menus.
In many cases, there are two menu items for the same form associated with different database roles. In this way you control user's privileges through menu access. Menu items based on the same form may differ as follows:
- Query and Read-Write Versions: One menu item allows read-only privileges and the other allows write privileges as well. If a user has access only to the Query version of the form, he or she cannot view the data there but cannot make any changes.
- Provisional and Active Definitions. Definitional objects can have a status of Provisional or Active. Some menu items allow the user read and write access only to Provisional objects, while a different version of the same form allows access to Active objects, which may be currently in production use, as well.
- Test and Production Patient Data. One menu items allows read and write access to test data and the other allows read and write access to production data.
Figure 2-2 Oracle Clinical Navigator with the Definition DCIs Menu Displayed
For more information, see: