Tidepool API permissions are applied to ALL requests to the platform and require authentication, authorization and audit.
Role-based access control (RBAC) is used across Tidepool internally for administrator and support roles, as well as to the Tidepool Application for our users. Different RBAC role permissions and rights apply, depending on the user profile.
Tidepool Application - PwD, Clinician, and Custodial accounts
Owner: Total control of the account, including metadata.
Share: Share with or invite another user
When an end user creates their own account and selects "Share", they can invite another user to view their data and optionally allow them to upload data on their behalf. See User account relationships for additional details.
Edit: Ability to edit data or notes.
Upload: Ability to upload diabetes data but not user data.
View: Ability to view data (must be granted by the owner of the data).
Notes: Ability to attach a note to a user's data.
Custodian: Permission to access a custodian account (but not change its password)
Edit: Ability to edit data or notes.
Upload: Ability to upload diabetes data but not user data.
View: Ability to view data (must be granted by the owner of the data).
Notes: Ability to attach a note to a user's data.
Tidepool Internal Support and Administration Tool
Support:
Find User Account
View User Account
View User Activity
Confirm User’s Email
Reset User’s Password
Change User’s Role
Delete User Account
Delete User Upload
Change User’s Email Address
Disconnect API Connections
Capture Snapshot of User Data for MDR Investigation