Setting Up Location Access

Users have access to all locations in your installation, unless their access permissions have been restricted.

  • In the Admin Console, go to Settings > Location Access.

    The Location Access page lists the roles whose access is limited to one or more locations, based on Active Directory groups and individuals. All other users can see data from all locations.

Only Administrators and Owners can add, edit, and delete user access roles.

NOTE:

Changes to the Location Access settings take effect the next time the user logs in to the Imprivata PatientSecure Admin Console.

To add a role with access restrictions:

  1. In the Admin Console, go to Settings > Location Access.

    The Location Access page lists the roles whose access is limited to one or more locations, based on Active Directory groups and individuals.

  2. Click Add new role in the upper-right corner of the page.

  3. In the Role Name field, enter a unique name.

    Imprivata PatientSecure verifies that the role name does not match one already in use.

  4. Specify the Active Directory groups and users to add to the restricted access list.

    Domain Select the Active Directory domain from the drop-down list.
    Groups Enter the full name of one or more Active Directory groups to add to the restricted access list. Separate multiple entries with a , (comma).
    Users Enter the user name of one or more Active Directory users to add to the restricted access list. Separate multiple entries with a , (comma).

    Be sure to enter the names exactly. Imprivata PatientSecure checks the Active Directory entries when you click Save.

  5. Specify the locations that will be accessible by this role, starting with the highest, organization, level. A lower-level location is not available until you select its parent level.

    IMPORTANT:

    Be specific. The users in this role will have access to the locations you specify but not to any other locations at this level, any upper levels, or any other organizations in your installation.

    Organizations Select one or more organizations; users in this role will not have access to any other organizations.
    Facilities Select one or more available facilities; users in this role will not have access to organization-level data for the facilities you select or to any other facilities in the organization.
    Departments Select one or more available departments; users in this role will not have access to facility-level or organization-level data for the departments you select or to any other departments in the facility.
    TIP:

    Start typing the location name: a list of matching names pops up and you can select a name from the list. You can add more than one available organization, facility, and department. To remove a location from the list, click x next to the name.

    NOTE: If a location is later deleted, then it will no longer appear in location access roles and users will no longer have access to data for that location. If all locations assigned to a user are deleted, then the user will have no access to view Imprivata PatientSecure data.

  6. Click Save.

    Imprivata PatientSecure validates your Active Directory entries before creating the new role, and then returns to the Location Access page.

To edit the location access for a role:

  1. In the Admin Console, go to Settings > Location Access.

    The Location Access page lists the roles whose access is limited to one or more locations, based on Active Directory groups and individuals.

  2. Locate the role in the Location Access list, and then click the row.

    The Edit Role page displays the settings for the role.

  3. Review the role settings and make changes, as needed:

    Role Name Enter a unique name. Imprivata PatientSecure verifies that the role name does not match one already in use.
    Domain Select the Active Directory domain from the drop-down list.
    Groups Enter the full name of one or more Active Directory groups to add to the restricted access list. Separate multiple entries with a , (comma).
    Users Enter the user name of one or more Active Directory users to add to the restricted access list. Separate multiple entries with a , (comma).
    Organizations Select one or more organizations; users in this role will not have access to any other organizations.
    Facilities Select one or more available facilities; users in this role will not have access to organization-level data for the facilities you select or to any other facilities in the organization.
    Departments Select one or more available departments; users in this role will not have access to facility-level or organization-level data for the departments you select or to any other departments in the facility.
    TIP:

    Start typing the location name: a list of matching names pops up and you can select a name from the list. You can add more than one available organization, facility, and department. To remove a location from the list, click x next to the name.

  4. Click Save.

    Imprivata PatientSecure validates any changes to your Active Directory entries, and then returns to the Location Access page.

If you remove a location access role, then the groups and users in that role will have access to all locations in your installation, until you add them to a new or existing location access role.

To delete a location access role:

  1. In the Admin Console, go to Settings > Location Access.

    The Location Access page lists the roles whose access is limited to one or more locations, based on Active Directory groups and individuals.

  2. Locate the role in the Location Access list, and then click the row.

    The Edit Role page displays the settings for the role.

  3. Review the role settings to make sure that you want to delete this role.

  4. To remove the location access restrictions from the groups and users listed in this role, click Delete.

  5. Click Confirm Delete.