Aura RBAC Console

One central permission engine. 30 predefined roles, 8 permission categories, component-level governance across every module — managed exclusively from the Super Admin Console.

Predefined roles

Permission categories

Modules governed

App instances

100%

Audited changes

Section B

Permission Taxonomy

Every access decision composes from these eight categories. Components — buttons, columns, exports, endpoints — are tagged with one or more codes.

View

See a component or data

Patient List, Revenue Dashboard, Doctor Calendar

Create

Create new records

Appointment, Prescription, Job Post

Edit

Modify existing records

Treatment Plan, Clinic Profile, Shift

Delete

Soft / hard delete records

Cancel Appointment, Remove Doctor

Export

Export or download data

Invoice PDF, Patient Report, Financials

Approve

Approve / reject workflows

KYC, Refund, Stock Transfer

Configure

Change system settings

Commission %, Clinic Hours, Templates

Impersonate

Act on behalf of another user

Support viewing as Patient

Section C

Visual Role Manager

Browse all 30 roles. Filter by ecosystem, search by ID/persona/module, click to inspect the full component-level access profile.

R-PAT-01

Patient – Basic

Patient

Mapped personas: P-01, P-02
Modules: ClinicX · TransportX · PharmaX
Highlight: Own data only

Granted permissions

VView

CCreate

EEdit

DDelete

XExport

AApprove

CFConfigure

IImpersonate

Section D

Admin Console Capabilities

Ten governance primitives that make RBAC manageable at scale — from inheritance to dependency mapping and dual-control approval.

RBAC-001

Visual Role Manager

Drag-and-drop role builder with V/C/E/D/X/A/CF/I matrix per module.

RBAC-002

Permission Inheritance

Roles inherit from parents (R-DOC-03 ⟵ R-DOC-02). Cascade updates with confirm.

RBAC-003

User-to-Role Assignment

Search by mobile/email/ID, assign multiple roles. Deny overrides Allow.

RBAC-004

Temporary Role Elevation

Auto-expiring elevated access (e.g. covering colleague). Fully audited.

RBAC-005

Role Simulation / Test

Impersonate a role to preview exact UI a user would see — no login.

RBAC-006

Data Scoping Rules

Per-role row filters: clinic_id, region, assigned-doctor — enforced at query layer.

RBAC-007

Change Approval Workflow

Dual authorization for R-ADM-01 / R-CHN-01 permission edits.

RBAC-008

Role Audit Trail

Immutable log of who/when/what for every role and assignment change.

RBAC-009

Permission Dependencies

Granting Create-Rx auto-suggests View-Clinical-History + View-Drug-DB.

RBAC-010

Export & Backup

JSON/CSV export of role definitions for env replication & audits.

Section E

Application-Level Enforcement

How the central RBAC engine actually reaches every page, query and API call across all nine application instances.

ENF-001

API Gateway Authorization

Every request validated at the gateway against required permission. 403 on mismatch.

ENF-002

Component-Level Rendering

UI components removed from DOM — not disabled. Permissions loaded on login.

ENF-003

Data-Level Backend Filtering

Queries auto-scoped: WHERE clinic_id IN (allowed_ids). Zero leak at SQL level.

ENF-004

Cross-Module Access Control

Module boundary re-checks user's module-specific permissions on navigation.

ENF-005

Session Timeout & Re-Auth

15-min idle timeout for sensitive roles. Critical actions require re-auth.

ENF-006

Permission Cache Invalidation

Affected sessions refresh cache within 60s of any role change — no logout.

One engine. Every permission.

See the full platform footprint or jump into any module surface.

Platform architecture Back to ecosystem