Details
-
Bug
-
Status: Closed
-
Should
-
Resolution: Fixed
-
None
-
None
-
Medium
Description
The following is possible (just confirmed on demo.openmrs.org):
- Create a new role that has all permissions except for "Delete Patients"
2. Create a new user, and give them this role only.
3. Become this user
4. Go to Administration -> Manage Patients, find a patient, go into their record
5. Click "Voided", give it a reason, and Save Patient
This works fine, but should not be possible without "Delete Patient" privileges.
Gliffy Diagrams
Attachments
Issue Links
- is resolved by
-
TRUNK-226 Voiding a patient should void patient's related data
-
- Closed
-