Search loading...

API Hub

Explore and Make use of Nationally Defined Messaging APIs

 

Access Controls

Overview of the access controls for NRL pointers

Overview

Access to NRL records is determined by Record Groups, where a Record Group contains one or more Record Types. Access to each Record Group is controlled by Role Based Access Control (RBAC) codes from the National RBAC Database and administered by an RA Managers within Trusts.

For each Record Group there are two RBAC codes:

  1. The first RBAC code will allow a user to view pointers only (for all the Record Types in that Record Group)

  2. The second RBAC code will allow a user to view pointers and retrieve records (for all the Record Types in that Record Group)

The two RBAC codes support the needs of different roles. For example, many clerical roles may only need to view pointers whereas most clinical roles will need to view pointers and retrieve records. This model of access is illustrated in the following diagram, with each box representing a separate RBAC code.

Three Record Groups, each of which contains one RBAC code for pointer-only access and another for pointer-and-record access

A user may have access to one or more Record Groups depending on the information needs of their role. Please note that there is currently only one Record Group, but this is expected to change as more Record Types are added to the NRL. To work out which RBAC codes should be applied to a user, refer to the RBAC Mapping Table in the following section. A user should have only one RBAC code for each Record Group assigned to them by their Trust’s RA Manager.

RBAC Mapping Table

This table outlines how records are allocated to different RBAC codes and whether an RBAC code provides pointer-only access or pointer and record access. The exact RBAC codes will be provided to an organisation once they complete the onboarding process.

Record Group Record Types Contained Access Level RBAC Code
Record Group 1 Mental health crisis plan Pointer-only access Bxxxx
Pointer and record access Bxxxy

The RBAC codes listed in this mapping table are limited by the number of Record Types currently available on the NRL. As additional Record Types are added to the NRL, the associated RBAC codes will be added to this table.

The Record Group that a Record Type fits into depends on its sensitivity. Record group 1 is a general grouping, to contain the majority of Record Types that are not deemed to be sensitive. Further Record Groups will be added if additional Record Types are deemed to need more restrictive controls. Using additional Record Groups for such Record Types ensures that they are protected by further access controls and will not routinely be available to the majority of NRL users.


All content is available under the Open Government Licence v3.0, except where otherwise stated