The efm-Information gateway that Asckey Data Services Ltd has built for the Department of Health (Health and Social Care Information Centre) controls access to a suite of data collection web applications that contribute to the effective management of the NHS Estate.
The gateway enables all users to login just once, as it not only identifies the user, but also the permissions information for the user for every application controlled by the gateway. Thus a user may only have access to one or two of the several applications, in which case that user will not be aware that the non-accessible ones exist.
In respect of each application the user can have variable permissions - as a supervisor for one, or only basic data entry privileges in another.
This in turn manages what a user may do. For example, most applications involve a two stage data entry process, where data is freely editable, and is only locally visible until finally committed. Once committed, that data may become visible to a larger audience. To general management perhaps, or in de-characterised form to a national audience for comparative - benchmarking - purposes. It therefore becomes desirable to limit "commit" authority to designated users. Even more so, to the "Uncommit" facility, provided to recognise that in the real world, errors can happen, and need to be correctable while maintaining reasonable control of the process. As a second example, applications typically contain many different reports, at several levels, and the user ID will determine what reports are visible and at what level.
The degree of rigour of security system behind the login validation is tailored to user needs, but encompasses all the usual requirements for renewal and reuse of passwords. Neither the login system nor any of the data entry systems are connected directly to any data, making the system very secure.