URL:
<https://savannah.gnu.org/task/?16294>
Summary: Harden access control to key patient models
Project: GNU Health
Submitter: meanmicio
Submitted: Sun 18 Dec 2022 08:49:03 PM UTC
Should Start On: Sun 18 Dec 2022 12:00:00 AM UTC
Should be Finished on: Sun 25 Dec 2022 12:00:00 AM UTC
Category: Security
Priority: 5 - Normal
Status: In Progress
Privacy: Public
Percent Complete: 0%
Assigned to: meanmicio
Open/Closed: Open
Release: None
Discussion Lock: Any
Module: healh
Component: Hospital Management
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Sun 18 Dec 2022 08:49:03 PM UTC By: Luis Falcon <meanmicio>
Dear GNUHealth devs
The access control to the GNU Health / Tryton models are quite robust. In
addition, we can new groups and / or adapt the current groups.
Finding the balance between security and usability is not trivial, and most of
the time, it requires further adaptations on implementations.
In the default groups, I we should have stronger ACL for the main patient
related models, such as patient and evaluation, not allowing deletion by
default.
Bests
Luis
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/task/?16294>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
