Settings

Clinic Access Rules

Configure role-based permissions for viewing, creating, updating, deleting, and self-only access.

Open Settings → Users → Access Control.

The production URL is Access Control.

Access Control defines permission templates by role. These templates decide what users can view, create, update, delete, configure, or access only for themselves.

What Access Rules control

Access rules can cover major areas such as:

  • core settings;
  • office operations;
  • patients;
  • calendar and appointments;
  • clinical records;
  • invoices and payments;
  • inventory;
  • notifications;
  • reports;
  • user and settings management.

The exact rules shown depend on the clinic setup and the role selected.

Permission meanings

Access Control uses compact permission choices. Depending on the rule, a permission can mean:

  • View: the user can open or see the area.
  • Create/Update: the user can create new records or edit existing ones.
  • Delete: the user can remove records when deletion is allowed.
  • Configure: the user can change setup for the area.
  • Self-only: the user can access only their own records, such as their own doctor report or salary report.
  • No access: the area is hidden or blocked.

Role templates

Select a role at the top of the page to review its template. Changes to a role template affect how permissions are applied to users with that role.

Use role templates for the normal clinic pattern. For example, receptionists, doctors, managers, and inventory staff usually need different access.

Simplified and detailed views

Access Control can show permissions in simplified or detailed views. Use simplified view for broad role setup. Use detailed view when a specific module needs careful control.

Exceptions

Some rules support exceptions by Fields or Methods. Use exceptions when a role should have general access but certain fields or actions need special handling.

Exceptions are powerful, so keep them rare and easy to explain. Too many exceptions make permissions hard to audit.

Update Access Rules

  1. Open Settings → Access Control.
  2. Select the role you want to change.
  3. Choose simplified or detailed view.
  4. Adjust view, create/update, delete, configure, or self-only permissions.
  5. Add field or method exceptions only when needed.
  6. Click Save Changes.
  7. When prompted, decide whether the changes should update existing profiles.

After changing access rules, test with a real user role when possible. Permission mistakes can either block staff from working or expose areas they should not use.