Role-based access control
Tidepool API permissions are applied to ALL requests to the platform and require authentication, authorization and audit.
Role-based access control (RBAC) is used across Tidepool internally for administrator and support roles, as well as to the Tidepool Application for our users. Different RBAC role permissions and rights apply, depending on the user profile.
Tidepool Application
Owner: Total control of the account, including metadata.
Share: Share with or invite another user
When an end user creates their own account and selects "Share", they can invite another user or Clinic to view their data and optionally allow them to upload data on their behalf. See https://tidepool.atlassian.net/wiki/spaces/PUBSEC/pages/862129090 for additional details.
Edit: Ability to edit data or notes.
Upload: Ability to upload diabetes data but not user data.
View: Ability to view data (must be granted by the owner of the data).
Notes: Ability to attach a note to a user's data.
Custodian: Permission to access a custodian account (but not change its password)
Edit: Ability to edit data or notes.
Upload: Ability to upload diabetes data but not user data.
View: Ability to view data (must be granted by the owner of the data).
Notes: Ability to attach a note to a user's data.
Clinic Account Admin
Edit Clinic account details
Add and remove clinician users
Change clinician permissions
Grant permission to merge patient lists
Add patient users
Accept patient invites
Remove patients from patient list
View and upload patient data
Clinic Team Member
Add patient users
Accept patient invites
View and upload patient data
View clinic members
Tidepool Internal Support and Administration Tool
Support:
Find User Account
View User Account
View User Activity
Confirm User’s Email
Reset User’s Password
Change User’s Role
Delete User Account
Delete User Upload
Change User’s Email Address
Disconnect API Connections
Capture Snapshot of User Data for MDR Investigation
Migrate Clinician user to Clinic account
Merge Clinician user Private Workspace patient list to Clinic account patient list
The content of the Tidepool Technical Documentation is licensed under a Creative Commons CC0 1.0 Universal (CC0 1.0) Public Domain Dedication.