This describes the algorithm that determines, whether the user may update a (patient data) record (= form instance).

The only way to update a patient data record from the user interface, is to open it (from the Patient Record Tree) and then click the "Save" button in the form. I.e. in order to update a record, you must read it first.

This implies, that if the user does not have access to read a record, (s)he cannot update the record. Check Security Record Read for algorithm for read access.

• First steps in the "allow update" algorithm depend on whether the logged in user is an employee or a patient:

  • Employee user:

    • If the user does not have permission to update records, then obviously update access is denied, and the below steps are skipped.

    • When the user has update permission, update access depends on the value of AccessModeWrite:

      • All: all users have access - so update access is granted.

      • All other values: The organizational unit of the record is compared to the set of org.units associated with the user. If the record's data owner is in the set of org.units associated with the user, update access is granted.

  • Patient user:

    • Update access is granted iff PatientAccessMode=Write.

• If the current record or any of its ancestor records is closed, access to update the current record is denied, and the below steps are skipped.

  • Refer to Status Closed for details on how it is determined that a record is "closed".

• Finally, if computation "Update" is defined, this computation is evaluated. If it returns false, update access is denied.

Access to update record is NOT visible in the Patient Record Tree. If user has read access, but not update access, records may be opened normally using the Patient Record Tree, but the "Update" buttons in the form are disabled, and the fields in the form will be "read only" (grayed, disabled).