RBAC is an access-control mechanism defined by mapping user-assignable roles to related privileges and features, governed by three core aspects: role assignment, role authorisation, and permission authorisation.
The Authoring Platform uses RBAC to authorise an authenticated user account with permissions to perform particular actions within the platform, defined by role-group mapping and membership.
The current roles defined on the AP can be considered in three groups:
Authoring and content promotion control
SNOMED CT release control
Technical support and platform administration
AUTHOR
PROJECT_MANAGER
PROJECT_LEAD
RELEASE_USER
RELEASE_MANAGER
RELEASE_LEAD
RELEASE_ADMIN
ADMIN
These roles are assigned to particular access control groups, which are mapped to global or project level content branch permissions on the Terminology Server. The technical support and platform administration, and SNOMED CT release control roles are outside the scope of this AP user guide, but mentioned here for completeness. When an account login is authenticated, it is then assigned AP feature access and permissions according to the roles defined for the groups of which the account is a member.
AUTHOR is the core permission which enables an authenticated account to work on SNOMED CT content through authoring projects and their related tasks.
PROJECT_MANAGER adds permissions to define Service Acceptance Criteria (SAC) which are used by Authoring Access Gateway (AAG) controls to grant (or deny) permissions for promotion of content at task and project level.
PROJECT_LEAD adds permissions to approve SAC items which allow project content promotion to the content mainline.
These roles also determine the visibility and presentation of access-controlled features in the AP user interface.