Veona Admin

import { Steps } from ‘@astrojs/starlight/components’; import { Aside } from ‘@astrojs/starlight/components’;

What this is

Veona Admin is where a facility is configured and its people are managed: facility and department settings, the staff register, role assignment (who can do what), the asset register, payroll and roster, and internal staff communications.

Two capabilities here are deliberately the most privileged in the whole product:

• Role assignment (admin.access.manage) — assigning a staff member to a role drives the real RBAC (membership + role), so it is Administrator-only.
• Payroll approval and the most sensitive settings — also reserved to the Administrator role.

Who uses it

Verified in apps/api/src/admin/admin.permissions.ts:

• HR Manager (hr_manager) — manage staff profiles, publish rosters and shifts, run a pay run, and send staff broadcasts. Cannot assign roles or approve payroll.
• Facility Admin (facility_admin) — manage departments, facility configuration and the asset register. Cannot manage staff or assign roles.
• Administrator — the only role that can assign roles (admin.access.manage), approve payroll (admin.payroll.approve) and change the privileged settings. Holds every admin key.

Role assignment and the privileged settings are Administrator-gated by design. An HR Manager can add a staff member, but only an Administrator can grant that staff member a role.

Editions

Veona Admin is included in all four editions — Health Centre, Hospital, Network and Public Health.

Screens

The Veona Admin work surfaces (from apps/web/src/modules/admin/nav.tsx):

Overview · Roster · Staff · Add Staff · Roles · Access · Departments · Facility · Storage · Storage Governance · Compliance · Assets · Comms · Notifications · Channels · Audit Log · Security Log · Patient Access · Reports · Settings.

Facility settings

1. Open Facility (/admin/facility) to configure the facility profile, branding and multi-location setup (admin.facility.manage — Facility Admin or Administrator).
2. Open Departments (/admin/departments) to define the departments staff and clinical work are organised under.
3. Open Settings (/admin/settings) for the privileged facility-wide configuration (Administrator).

Users and roles

1. Open Staff (/admin/staff) to see the staff register, or Add Staff (/admin/staff-new) to create a profile (admin.staff.manage — HR Manager or Administrator). Creating a staff profile provisions the underlying user and facility membership.
2. To grant or change what a staff member can do, open Roles (/admin/role) and Access (/admin/access). Assigning a role is admin.access.manage — Administrator only.
3. The role you assign maps to the canonical RBAC role set (e.g. clinician, lab_scientist, cashier); the staff member’s permissions are re-resolved from that assignment.

Assets

Open Assets (/admin/assets) to maintain the asset register and maintenance log (admin.asset.manage — Facility Admin or Administrator).

Payroll and roster

1. Open Roster (/admin/roster) to publish rosters and shifts (admin.roster.manage — HR Manager).
2. Build a pay run from the roster/employment data — admin.payroll.run (HR Manager).
3. Approve and post the pay run — admin.payroll.approve — Administrator only.

Staff comms

Open Comms (/admin/comms) to compose and send internal staff broadcasts (admin.comms.send — HR Manager or Administrator). Staff communications are PHI-safe — patient health information is never included in an outbound broadcast.

The Notifications, Channels, Audit Log, Security Log and Patient Access screens give Administrators visibility into the notification engine, the tamper-evident audit trail, and who accessed which patient record.