Data in Consistency

Roles & Rights

Every feature. Every attribute. Every combination. The Datico® LIFE HUB unifies function-based and attribute-based permission management – for precise data access control in any organisational structure, no matter how complex.

Two permission layers. One platform.

Most systems offer either roles or attributes – the Datico® LIFE HUB combines both concepts in a consistent permission framework. The result: organisational and data-protection requirements of any complexity can be mapped precisely and with minimal maintenance – from a sports federation with three coaches to a clinic with a hundred users in highly varied roles.

Layer 1

Function-based permissions

Every individual feature in the LIFE HUB can be enabled or disabled per role. Who may do what – not as a blanket rule, but at the feature level.

Role: A-Squad Coach
Dashboard & HPW
Event Recording
Reports
Excel Export
KIS Connector
User Management
Billing & Administration
+

combined into

=

individual permission

Layer 2

Attribute-based permissions

Entities (persons, documents, data) are assigned attributes. Users only see records whose attributes match their own access attributes.

Attribute-based access control
Weber, Jonas A-Squad
Müller, Laura A-Squad
Training Plan Q2 Standard

Function-based permissions – who may do what.

In the Datico® LIFE HUB, every individual feature can be enabled or disabled independently for each role. This means: Device Connector, Smart Forms, KIS Connector, Reports, Excel Export, User Management – every menu item, every action, every output function can be controlled separately per role.

Roles are configured once in the LIFE HUB and then assigned to users. A user may hold multiple roles simultaneously – the resulting permissions are additive. This allows a therapist to carry both the "Therapy Documentation" and "Team Overview" roles simultaneously, without receiving administrative rights.

Every feature individually controllable – no blanket unlocking of entire areas
Multiple roles per user – additive permission assignment without conflicts
Roles managed centrally – a change to a role takes effect immediately for all holders
User profile: Dr. Sabine Koch
Sports Medicine Physician
Dashboard KIS Connector Therapy Docs Administration
Medical Team Lead
Team Overview User Reports Billing
Combined permissions Dashboard KIS Connector Therapy Docs Team Overview User Reports Administration Billing

Attribute-based permissions – who may see which data.

Squad assignment for athletes
Weber, Jonas · Schmidt, Felix · Braun, Anna
A-Squad Cycling
Müller, Kevin · Stein, Jana
B-Squad Cycling
A-Squad Coach sees: Weber, Schmidt, Braun
B-Squad Coach sees: Müller, Stein
Confidentiality levels for documents
Training Plan · Performance Diagnostics · Check-up Report
Standard
Medical Report · Psychological Assessment
Highly Confidential
Coach sees: standard documents
Physician / Psychologist sees: all confidentiality levels

The attribute-based permission concept allows records to be tagged with freely definable attributes – and data access is then controlled by matching user attributes against entity attributes.

A coach sees only the athletes in their squad. A physician sees only the records of patients in their department. A researcher sees only the subjects in their study. Documents tagged "highly confidential" are visible exclusively to users with the corresponding access attribute.

The attributes are fully configurable – whether squad, federation, department, project group, confidentiality level, or any custom categories. Any organisational structure can be mapped precisely.

Sport: Squad, federation, nationality, discipline
Clinic: Department, ward, case group, confidentiality
Research: Study, time point, arm, pseudonymisation level
Emergency services: Unit, classification level, rank

Any permission. Arbitrarily complex. Maintainable.

The strength of the Datico® permission concept lies in the combination of both layers: A role controls what a user may do. Attributes control which data they see while doing it. No additional setup is required – no special solutions, no hard-coded exceptions, no manual filter rules.

Scenario: Olympic Training Centre

The national head coach sees all athletes across all squads, but cannot access medical data. The squad therapist sees athletes in their own squad and can write therapy documentation. The federation sports physician sees all squads and can mark medical reports as highly confidential. Two roles × three squad assignments = nine different views – mapped with just two configuration steps each.

Scenario: Rehabilitation Clinic

The ward physician sees patients in their ward and may send KIS findings. The physiotherapist sees patients in their therapy group and may document therapy goals. The quality manager sees aggregated data from all wards, but no individual patient data. Three roles × ward attributes = complete data separation without system complexity.

What Roles & Rights offer in the LIFE HUB

EVERY FEATURE INDIVIDUALLY

Every feature in the LIFE HUB can be enabled or disabled per role – no blanket unlocking, no compromise between security and usability.

FREELY DEFINABLE ATTRIBUTES

Squad, department, federation, classification level – the attributes are fully configurable and adaptable to any organisational structure.

MULTIPLE ROLES PER USER

Users can hold multiple roles simultaneously. Permissions are additive – flexible, conflict-free, and centrally manageable.

GDPR-COMPLIANT DATA SEPARATION

The attribute-based concept ensures that users can structurally only access data they are authorised for – not through filters, but through system architecture.

Function-based rights Attribute-based rights Role concept Squad assignment Confidentiality levels Multiple roles RBAC ABAC GDPR-compliant data separation Audit Trail

Let's talk.

Success is built through collaboration.

Personal Consultation

Discuss your specific use case directly with one of our experts — individual, structured, and solution-focused.

Book appointment

Book a Live Demo

Experience the Datico® LIFE HUB and its key features live — tailored to your requirements.

Request demo

30-Day Free Trial

Start your 30-day free trial — full feature set, personal onboarding, no contract required.

Request trial access

Join a Live Webinar

Compact insights into features, use cases and best practices — live and interactive with our experts.

View webinars