CHAPTER THREE METHODOLOGY 3.

0 HIERACHIER OF HOSPITAL MANAGEMENT

FIGURE 3.0

3.1 DESCRIPTION OF THE MODEL The figure 3.0 shows the hierarchy of assigning roles and partitioning hospital management into activities as required by hospital management in the implementation process of role-based-access control.

It also illustrates the relationship between the working partners (users), subjects, roles which operate in an RBAC system. From the figure 3.0, according to the basic idea underlying the hospital management technology is a system that defines the roles, and manages the execution of workflow through the use of a designed software. In this case, we are looking at an Administrator that manages a system in such a way that it controls the Receptionist, Doctor and Nurse using the RBAC method as shown in the hierarchy. This workflow engine is able to understand and interpret the process with the hospital staff and where needed uses of information technology tools and applications. The management directing segment has one or more activities which be done or proceeded strictly sequential manner. For this design it implies the Doctor connecting with the surgeon and the physician. The workflow specified by management, defines and managed by a workflow management system which enacts each segment in the order specified by the process definition input. According to the design, the RBAC is used to define hospital membership of the individual working in the hospital by assigning individuals to roles, assign permissions to roles, and then activate the roles with respect to the appropriate points in the sequence.

The first step in the hierarchy using RBAC to enact the workflow according to the design is again divided representing hospital business flow into a sequence of sequential and parallel routing. The overall management process is divided into subs: M. sub 1, M. sub.2, M. sub. 3 (Receptionist, Doctor and Nurse). Wherein M. sub 1 and M. sub. 3 (Receptionist and Nurse) consist of a single activity. After M. sub 2 is completed, the process is passed on to and Split processing junction as the following segment M. sub. 2 (Doctor) includes parallel activities M2. Sub 2.1 and M2. Sub. 2.2 (Surgeon and the Physician) which may be processed in either order, or simultaneously. When both activities M2 Sub 2.1 and M2. Sub. 2.2 have been completed with various roles and access based on their assigned process.

Activities continues with the third hierarch as shown in the figure 3.0. In this RBAC system unlike others, access to objects like patiences file or folder is managed at a level corresponding to the managements structure. Each user is assigned one or more ROLES and each ROLE is assigned one or more Permission that are authorized for the users in that role by the administrator. With this design, permissions consist principally of the opportunity to perform operations within an activity of the hospital workflow. Objects, such as files and processes, can be organized into the hierarchies. In such object hierarchies, it is important to know not only the access of role of group to an object but also to know whether the path in the hierarchy could be traversed. The capability of evaluating the path is provided in the ROLE/PERMISSION view box allowing the path mode. 3.2 PROGRAMING The following are the steps providing the detailed mathematical setting up the workflow processing from the managerial point of view: a sequential routing segment M. sun .j using RBAC to control access to the role, according to the setup. For each activity A. sub. J, k, k= 1, N.sub.M.sbs.j in M.sub.j: Assigning permission to perform operation OP.sub.A.sbsb.j.k(wf) to ROLE.M.sbsb.j Assign ROLES.sub.M.sbsb.j to USER.sub.A.sbsb.j.k Enable the capability of OP.sub.A.sbsb.j.k(wf) to be activated Sleep, resuming at next line when message received from OP.sub.A.sbsb.j.k(wf) Remove assigning of ROLE.sub.M.sbs.j from USER.sub.A.sbsb.j.k Remove permission to perform operation OP.sub.A.sbsb.j.k(wf) from ROLE.sub.M.sbsb.j Disable the capability for OP.sub.A.sbsb.j.k(wf) to be activated If completion message indicate error: Notify administrator of terminate Repeat for Group A and Group B

Assigning permission to perform operation OP.sub.A.sbsb.j.k(wf) to ROLE.M.sbsb.j Assign ROLES.sub.M.sbsb.j to USER.sub.A.sbsb.j.k Enable the capability of OP.sub.A.sbsb.j.k(wf) to be activated Sleep, resuming at next line when message received from OP.sub.A.sbsb.j.k(wf) Remove assigning of ROLE.sub.M.sbs.j from USER.sub.A.sbsb.j.k Remove permission to perform operation OP.sub.A.sbsb.j.k(wf) from ROLE.sub.M.sbsb.j Disable the capability for OP.sub.A.sbsb.j.k(wf) to be activated

Remove ROLE.sub.M.sbsb.j from the RBAC system. Withdrawing each permission as the corresponding activity is completed; and deactivating each role as the corresponding segment is completed

3.3 SETUP OF THE DESIGN After the setup has been installed, an icon on the desktop. Clicking the icon the window allowing the administrator to log in is as show in figure 3.3

Figure 3.3.1: Administrator log in screen This will give accessibility to the administrator to log in and prepare the database based on the hierarchy and command therein programmed. The system settings has got edit as shown which allow the system administrator to create, edit and remove user access. For example when a role is selected from the data base the passwords are then provided. To change these, the system administrator simply delete from the data base the password.

Figure 3.3.2: Log in Access screen for Receptionist, Doctor and Nurse Finally, a further user interface screen Figure 3.3.2 the ROLE/Group permission view screen which allows determination of permission provided by a roles membership in a hierarchy.

Figure 3.3.3 Access screen for Surgeon and Physician As discussed above, the issues of access also arises in connection with relational databases, which may be accessed from a variety of processors not necessarily connected in the network operated.

Figure 3.3.4

Figure 3.3.5 The question of access control also arises in connection with user such that they can be accessed over the internet or web ie. Such that they can be located by universal resources locator inquiries, the servers storing the resources may similarly store ACLs for restoring access to various objects to individuals of group of individuals. Again, implementation of the design in the environment would typically accomplished by allowing the system administrator to control the server through which access to the resource sought to pass to define as above. Finally, it is to be understood that the terminology access control list as used.