All features

Roles & Permissions

Fine-grained access so every role sees only what they need.

175

Granular permissions

14

Top-level modules

3

Permission sources merged

0

Bypass paths for non-owners

Roles & Permissions

Overview

Every staff member gets exactly the access they need. Built-in Doctor, Assistant, and Manager presets cover common jobs; custom role templates let you define Receptionist, Accountant, or any specialty once and reuse across the team — all enforced on every API call.

Custom roles per job functionModule-level permission controlBranch-scoped access rulesAudit-friendly security model

How access is resolved

Illustrative flow — not live clinic data

Grant sourcesBuilt-in role presetDirect user grantsCustom role template
Merge all sources
Expand MANAGE_* wildcards
Gate every API call

Real-world use cases

1

Receptionist who books but cannot see finances

Create a custom role with patient and session permissions only — no invoice or payment access — and assign it to front-desk staff.

2

Doctor with full clinical access, no admin settings

Use the Doctor preset for prescriptions, medical reports, and treatment plans while keeping settings and user management Owner-only.

3

Multi-branch clinic with scoped staff

Assign users to specific branches and tune permissions per location — a branch manager sees their team without clinic-wide finance data.

4

Onboarding a new hire in minutes

Pick a saved custom role, set role to Custom, and the permission tree pre-fills — no manual checkbox hunting across 175 flags.

What you get

175 granular permissions

Covering patients, sessions, invoices, inventory, HR, CRM, labs, marketing, and more.

Reusable custom role templates

Define once, assign to many — update the template and re-link users as your team evolves.

Wildcard hierarchy

Grant MANAGE_PATIENTS and view, create, update, and delete flow automatically — less admin overhead.

Server-side enforcement

GraphQL shield checks every query and mutation — the UI cannot bypass security by hiding a button.

Patient profile tab control

Limit which tabs each user sees on a patient record, beyond module-level permissions.

Audit logging

Role and user permission changes recorded for accountability and support handover.

How it works

  1. 1

    Define your roles

    Create custom role templates from the staff page with the module permission tree.

  2. 2

    Assign to users

    Add staff with a built-in or Custom role, link templates, and fine-tune direct grants.

  3. 3

    Access enforced everywhere

    Merged permissions expand through hierarchy and gate every API call and admin route.

Need implementation details, APIs, or workflows?

Read the full documentation
Talk to us on WhatsApp

Related modules

Notifications & Push

Timely alerts for staff and patients across channels.

Ready to run your clinic on one platform?

See how Smart Clinic unifies EHR, ERP, growth tools, and AI — book a demo tailored to your specialty and size.

Get a free demoBack to home