How privileges and access are controlled
Due to the sensitive nature of subject information and the different levels of complexity in the database, Otobase is equipped with a number of features to help define user access. You can establish different user classes that define levels of access by creating user names and passwords. These different levels exist to limit access to data and modifiable parts of the database. Even if the program is only being used by a single user, it is highly recommended that the person not just log in as administrator, but also create a separate login as a provider. This is important because:
In addition to user classes, Otobase also allows you to control access to very specific parts of the database such as tables or navigation tabs.
User classes
Four classes of users exist in the database: providers, group administrators, subadministrators and the administrator The administrator has access to every function of the database including modifying forms and lists, deleting records, and assigning privileges. There is only one administrator.
In order for any user to have privileges, he or she must first have a Provider record, which is created by the administrator. If you do not have a Provider record, Otobase will not allow you to log in.
In order to access subject records, a user must meet one of the requirements below:
- Be a designated provider for the subject (see Entering subject recordsEntering subject records).
- Have privileges to view a Clinical Group's subjects (see Viewing Clinical Group records).
- Have `"All Subject" privileges to view all subject information (see Change password).
Below is a more detailed list of specific privileges available to each user class.
Provider
The most common user classification in Otobase is that of provider. Prior to using Otobase, you must be assigned a login and password by the administrator.
Note: "User" will appear in the text to denote anyone who can log in to the database in a generic fashion, while "provider" often infers privileges to view subject records.A provider can:
- Access subject records for whom they are designated subject providers. For more information, see Entering subject recordsChange password.
- Add subjects and related records, such as tumor records and treatment records.
- Change his or her own password. For more information see Change password.
A provider cannot:
- Delete a record (see Unlocking forms).
- Assign any privileges to other users.
Depending on the privileges assigned by the administrator or subadministrator, a provider can also:
Note: Groups are typically institutions, such as hospitals or groupings of subjects that share a commonality, for example, a study of cis-plati- num/5FU/radiation.
- Modify a previously saved record (see Unlocking forms).
- Modify or delete Reminder records.
Group administrator
A group administrator has all of the privileges assigned to a provider. In addition, a group administrator can:
A group administrator cannot modify another group administrator's privileges.
Subadministrator
A subadministrator has all of the privileges assigned to a group administrator. In addition, a subadministrator can:
A subadministrator cannot:
Depending on the privileges assigned by the administrator, a subadministrator can also:
- Delete subjects and related records.
- Modify a previously saved record (see Unlocking forms).
- Allow other users to modify a previously saved record.
The administrator
The administrator has all of the privileges assigned to a subadministrator. In addition the administrator can also:
Otobase Otobase Web Site Voice: (206) 221-2430 Fax: (206) 221-5152 otobase@u.washington.edu |