The operations allowed on the TASKs stored in the platform are controlled by the following permissions:

read: Indicates whether the active USER can request information about a TASK
edit: Indicates whether the active USER can modify the properties of a TASK (e.g. the scheduled date, assignments, etc.)
delete: Indicates whether the active USER can delete a TASK
alter_contents: indicates whether the active USER can edit the ACTIVITIES of a TASK (answering the questions in the FORMS of a TASK)
add_activity: Depending on the configuration of the PROGRAM, some TASK TEMPLATES are designed so that it is possible to append manually new ACTIVITIES. This permission determines whether the USER is allowed to add new ACTIVITIES manually
open: Permission to open a closed TASK

This permissions are granted/denied depending on the characteristics of the active session USER. Currently there are 3 possible scenarios:

The active USER is a CASE (patient)
The active USER is an ASSOCIATE of a CASE (someone taking care of a patient) trying to get access to the TASKs of the patient
The active USER is a PROFESSIONAL

The following sections describe how permissions are granted depending on the active USER:

1 As a CASE (patient)
2 As an ASSOCIATE accessing the TASKS of his patient
3 As a PROFESSIONAL

As a CASE (patient)

Permission	Permission granted (all conditions must be true)

Permission	Permission granted (all conditions must be true)
read	The TASK is assigned to the patient The TASK is not assigned to the patient but at least one of the following conditions is true: Is a Medical Record visible by the patient (according to the configuration of the PROGRAM) The TASK is part of the Health Profile of the patient The status of the TASK is not “CANCELED”
edit	Never granted. This permission would permit to modify the properties of the TASK (date/time, assignments, etc.)
delete	Has “read” permission The status of ADMISSION to which the TASK corresponds is INCOMPLETE, ENROLL or ACTIVE The PROGRAM is not locked The TASK was created by the CASE or any of his ASSOCIATES (inserted as an optional TASK)
alter_contents	Has “read” permission The status of ADMISSION is “INCOMPLETE”, “ENROLL” or “ACTIVE” The PROGRAM is not locked The TASK is open The TASK is not “locked”
add_activity	Has “read” permission The status of ADMISSION to which the TASK corresponds is INCOMPLETE, ENROLL or ACTIVE The PROGRAM is not locked The TASK is open The TASK is not “locked” The TASK is configured to allow adding activities
open	Has “read” permission The status of ADMISSION to which the TASK corresponds is INCOMPLETE, ENROLL or ACTIVE The PROGRAM is not locked The TASK is closed The TASK is not an EDUCATIONAL TASKS The TASK was created by the CASE or any of his ASSOCIATES (inserted as an optional TASK)

As an ASSOCIATE accessing the TASKS of his patient

An ASSOCIATE that tries to do any operation on a TASK of one of his patients must meet the same conditions than the patient, but also must have specific permissions granted by the patient:

Permission	Require ASSOCIATE Permission

Permission	Require ASSOCIATE Permission
read	BROWSE_ACTIVITIES
edit	(edition of the properties of a TASK is never granted)
delete	EDIT_ACTIVITES
alter_contents	EDIT_ACTIVITES
add_activity	EDIT_ACTIVITES
open	EDIT_ACTIVITES

As a PROFESSIONAL

The minimum required condition to execute any operation over a TASK related with a CASE is that the CASE is a patient of the active PROFESSIONAL. This means that the PROFESSIONAL must be member of any of the SUBSCRIPTIONS where the CASE has an ADMISSION.

Therefore: No permission will be granted on a TASK of a CASE that is not patient of the PROFESSIONAL

For example, consider the following situation:

A Patient called “John P” has 2 ADMISSIONS:
- an ADMISSION in a SUBSCRIPTION of a PROGRAM called “Care Plan 1”, which contains a TASK called “Task 1”
- an ADMISSION in a SUBSCRIPTION of a PROGRAM called “Care Plan 2”, which contains a TASK called “Task 2”
The Professional “P1”:
- Is member of the SUBSCRIPTION of “Care Plan 1” with ROLE “Case Manager” (any other ROLE would also be valid). This makes “John P” one of his patients.
- Is not member of the SUBSCRIPTION of “Care Plan 2”
The Professional “P2” is not member of any of the SUBSCRIPTIONS “Care Plan 1” nor “Care Plan 2”.

In this situation:

The professional “P1” can operate on “Task 1” because “John P” he is member of the SUBSCRIPTION “Care Plan 1”
The professional “P1” can operate on “Task 2” even though he is not member of the SUBSCRIPTION “Care Plan 2”, because “John P” is one of his patients (some restrictions in the level of access may apply).
The professional “P2” can’t see “Task 1” nor “Task 2”, because “John P” is not one of his patients in any SUBSCRIPTION

Apart from this basic conditions, the different permissions are calculated as follows:

Permission	Permission granted (all conditions must be true)

Permission	Permission granted (all conditions must be true)
read	Always
edit	Has “read” permission The PROGRAM is not locked The status of the ADMISSION is one of the following unless the active ROLE is “SERVICE” (a “SERVICE” can modify the properties of a TASK in any stage of the ADMISSION) INCOMPLETE, ENROLL or ACTIVE DISCHARGED, only if the TASK is in the “DISCHARGE” stage It is not an EDUCATIONAL TASKS unless the active ROLE is “SERVICE” (only a “SERVICE” user can modify the properties of an EDUCATIONAL TASK) The active session’s ROLE is one of the followin, and the active USER has that ROLE in the SUBSCRIPTION of the TASK: CASE MANAGER SERVICE ROLE MANAGER, and the TASK is open (The ROLE MANAGER role is intended only to change the assignments of a TASK that has not been completed yet, but once completed it can only be modified by a CASE MANAGER or SERVICE)
delete	Has “read” permission The PROGRAM is not locked The status of the ADMISSION is one of the following unless the active ROLE is “SERVICE” (a “SERVICE” can delete a TASK in any stage of the ADMISSION) INCOMPLETE, ENROLL or ACTIVE DISCHARGED, only if the TASK is in the “DISCHARGE” stage The active session’s ROLE is one of the following, and the active USER has that ROLE in the SUBSCRIPTION of the TASK: CASE MANAGER SERVICE
alter_contents	The permission will be always denied unless the following conditions are true: Has “read” permission The PROGRAM is not locked The TASK is open The status of the ADMISSION is one of the following: INCOMPLETE, ENROLL or ACTIVE DISCHARGED, only if the TASK is in the “DISCHARGE” stage Additionally, depending on the active session’s ROLE: SERVICE: if the active USER has that ROLE in the SUBSCRIPTION, the permission is always granted CASE MANAGER: if the active USER has that ROLE in the SUBSCRIPTION, the permission is always granted ROLE MANAGER: if the active USER has that ROLE in the SUBSCRIPTION, the permission is only granted if: The TASK is assigned specifically to the PROFESSIONAL The TASK to a ROLE/TEAM and the active USER is member of the SUBSCRIPTION with that ROLE in the specified TEAM The TASK is assigned only to a ROLE and the active USER is member of the SUBSCRIPTION with that ROLE (in any TEAM) Other ROLES (the active session’s ROLE is different than “SERVICE”, “CASE MANAGER” nor “ROLE MANAGER”, or is one of them but the active USER doesn’t have that ROLE in the SUBSCRIPTION of the TASK), then the permission is only granted if: The TASK is assigned specifically to the PROFESSIONAL The TASK is not assigned to a PROFESSIONAL, but is assigned to the active TEAM and the active ROLE The TASK is not assigned to any PROFESSIONAL nor to any TEAM , but it is assigned to the active ROLE
add_activity	Has “alter_contents” permission The WORKPLAN is configured to permit adding ACTIVITES manually
open	Has “alter_contents” permission (except that the TASK must be closed instead of open) The TASK is not an EDUCATIONAL TASKS

Linkcare Server WS API

TASK OBJECT PERMISSIONS

As a CASE (patient)

As an ASSOCIATE accessing the TASKS of his patient

As a PROFESSIONAL

Related content