User Roles & Permissions

ICARE uses a granular Role-Based Access Control (RBAC) system to segregate administrative, clinical, and accounting operations.

Role Hierarchy

The platform separates access levels based on distinct operational roles:

Role Access Scope Key Capabilities
Super Admin Platform-wide Create/modify SaaS subscription plans, approve tenant registrations, view platform audit logs.
Clinic Admin Single Clinic (Tenant) Manage clinic settings, add/edit staff, configure services, and review reports.
Doctor Clinic-scoped (Own Patients) Manage appointments schedule, write patient prescriptions, and view personal income logs.
Assistant / Nurse Clinic-scoped Register patients, perform check-ins, record vitals, and view clinic calendar.
Accounting Clinic-scoped Generate invoices, accept payments, handle doctor payouts, and export financial summaries.
Lab Staff Clinic/Lab-scoped Manage diagnostic bookings, update pathology sub-test parameters, and upload result sheets.
Patient Self-contained Schedule appointment, review digital prescriptions, update personal vitals tracker.

Granular Permission Keys

Behind each role is a mapping of explicit permission strings. In the codebase, authorization is checked dynamically using:

Helpers::hasPermission('PERMISSION_KEY')

Primary Permission Groups

Roles Management Dashboard

Here is the Roles & Permissions management panel from the live Admin Dashboard where roles can be added and permissions toggled in real time:

Roles Management Panel

Dynamic Role Mapping Flow

The permission inheritance model maps as follows: User identities link to specific roles, which map to individual permissions.

graph LR USR[User Account] -->|assigned| ROLE[Role] ROLE -->|has| PERM_MAP[RolePermission Matrix] PERM_MAP -->|grants| P1[DOCTOR_INCOME_VIEW] PERM_MAP -->|grants| P2[APPOINTMENT_REASSIGN_DOCTOR] PERM_MAP -->|grants| P3[CLINIC_REPORTS_VIEW]