Security Policies in Welkin implement Attribute-Based Access Control (ABAC), allowing administrators and implementers to define fine-grained rules that control what data users can access. Policies are configured in the Designer and applied to user roles.
For setup steps, see Setup Security Policies. For detailed policy rule reference, see Security Policy Detail.
Security policies define access at the data level – not just which pages a user can see, but which specific records, fields, and actions they can perform. For example:
A care manager can only see patients assigned to their care team
A supervisor can view all patients in their region
An admin can view all patients across all regions
Attributes – properties used to evaluate access rules, such as:
Patient region or territory
Care team membership
Program enrollment
User role
Rules – conditions that must be true for access to be granted. Rules can combine multiple attributes using AND/OR logic.
Scope – whether the policy applies to individual records, all records of a type, or a filtered subset.
Once a policy is created in the Designer:
Navigate to Roles in the Admin Portal or Designer.
Edit the relevant role.
Under Security Policies, attach the appropriate policy.
Publish the change.
Users assigned to that role will have their data access governed by the attached policy.
Security policy changes require a draft and publish cycle in the Designer before they take effect in the Care Portal.
Setup Security Policies – step-by-step configuration guide
Security Policy Detail – detailed policy rule reference
Security Policies: Attribute Based Access Control – ABAC overview in Admin
Defining Regions and Territories – region/territory attributes
Roles – user roles in Care
Last updated
Was this helpful?
Was this helpful?
