
Role-Based Access Control
Who can see what. Who can do what. Especially with AI.
Legacy PACS was built when access control meant 'can this person log in.' Today, AI models process patient data, generate findings, and influence clinical decisions. Sirona's granular RBAC controls every layer — from who reads which studies to who deploys AI models and accesses their outputs.
How Sirona is Different
AI changes everything about access control
When AI models read studies, generate findings, and pre-populate reports, the question of 'who has access' expands dramatically. Who can enable a new AI algorithm? Who can see AI-generated findings before a radiologist reviews them? Who can modify AI configuration parameters? Who can access AI performance analytics? Legacy PACS has no concept of these permissions because it was built before AI existed in the workflow. Sirona's RBAC includes AI-specific permission layers — controlling model deployment, output visibility, configuration access, and audit trails for every AI action. In the age of AI, RBAC isn't just about data access. It's about algorithmic governance.
Access control at every layer
SAML SSO, granular permissions, and immutable audit logs — enforced across every module, every site, and every AI interaction. LDAP directory sync is on the roadmap.
SAML 2.0 SSO
Single sign-on via your existing identity provider. One set of credentials across Sirona, your EHR, and every other system. No separate passwords to manage.
LDAP Directory Sync
On the roadmap: roles and group memberships will sync from your Active Directory or LDAP, so a directory role change propagates to Sirona permissions automatically. Today, roles are defined and managed directly in Sirona.
Granular Role Definitions
Define custom roles with specific permissions for study access, report editing, AI configuration, worklist management, and administrative functions. As fine-grained as you need.
Facility-Level Scoping
Restrict roles to specific facilities, departments, or modalities. A radiologist at Site A sees only Site A studies. An admin manages only their assigned locations.
Immutable Audit Logs
Every access event, permission change, and AI interaction is logged immutably. Tamper-proof records for SOC 2 and HIPAA compliance.
AI-Specific Permissions
Control who can deploy AI models, view AI-generated findings, modify algorithm configurations, and access AI performance analytics. A new permission layer for a new era.
Governance that keeps pace with the platform
AI Governance
Permissions for the AI era
Sirona's RBAC extends beyond traditional data access to cover the full AI lifecycle. Who can enable a third-party AI algorithm in the workflow? Who can see AI-generated findings before radiologist review? Who can adjust sensitivity thresholds on QualityAssist? Who can access aggregate AI performance metrics? These are questions legacy systems never had to answer. Sirona defines AI permissions as first-class roles — not afterthoughts bolted onto a data access model. Every AI action is permissioned, logged, and auditable.
AI model deployment permissions — control who can enable/disable algorithms
AI output visibility — restrict pre-review findings to authorized roles
AI configuration access — limit who can modify model parameters
AI audit trail — every model interaction logged with user, timestamp, and action
Identity
One identity, enforced everywhere
Sirona integrates with your existing identity infrastructure — SAML 2.0 single sign-on today, with LDAP directory synchronization on the roadmap. Users authenticate once through your identity provider, and a single Sirona identity is enforced across viewer, reporter, worklist, admin dashboard, and AI configuration. As directory sync lands, role assignment and de-provisioning will follow directory group membership automatically — so a directory change propagates everywhere at once. Until then, roles are defined and managed in Sirona.
SAML 2.0 SSO — authenticate via your existing identity provider
LDAP directory sync — derive roles from directory groups (on the roadmap)
Automatic provisioning and de-provisioning as directory sync lands
One Sirona identity enforced across viewer, reporter, worklist, admin, and AI config
Multi-Site
Permissions that match your organizational complexity
A multi-site practice needs radiologists scoped to specific facilities, technologists with worklist access but no report editing, referring physicians with view-only access to their patients' studies, and administrators with scheduling and configuration rights. Sirona's role model supports all of these simultaneously — facility-level scoping, functional permission sets, data visibility rules, and AI governance controls — in a single unified system. No per-site instances, no separate permission databases, no inconsistent access policies across locations.
Facility-scoped roles — restrict access by site, department, or modality
Functional permissions — separate study viewing, report editing, and configuration
Data visibility rules — referring physicians see only their patients
Consistent enforcement across all sites from a single admin interface
Compliance
Audit-ready by default
Every access event in Sirona generates an immutable audit record: who accessed what, when, from where, and what they did. Permission changes are logged with before-and-after states. AI model deployments record who enabled the model, when, and which studies it processed. These logs are tamper-proof and queryable — evidence-ready for SOC 2 and HIPAA reviews without manual compilation. When your compliance team needs evidence of access controls, the evidence already exists. Compliance isn't a quarterly project — it's a continuous output of normal operations.
Immutable, tamper-proof audit logs for every access event
Permission change tracking with before/after states
AI-specific audit trails — model deployment, output access, configuration changes
SOC 2 and HIPAA audit-ready without manual effort
Access control that scales
Every
AI interaction permissioned and logged immutably
All sites
covered by facility-scoped roles
Active
SOC 2 program with HIPAA controls built in
1
admin interface for all sites, roles, and AI governance
Security and governance built in
“Through Sirona's platform, Everlight will be able to build and deploy AI-powered automations across clinical, administrative, and operational workflows. This partnership will fundamentally transform how our radiologists practice, and position Everlight at the forefront of AI-enabled diagnostic medicine globally.”
Jeff Oakman
Global Chief Operating Officer, Everlight Radiology
The RadOS Platform: built for enterprise scale
A look at the architecture behind Sirona — cloud-native, unified, and built to overlay on the enterprise PACS you already run.
FAQs
Does Sirona support single sign-on?
Is LDAP directory sync available?
What AI-specific permissions does Sirona support?
Can I restrict access by facility or site?
How does Sirona handle audit logs for compliance?
What is Sirona's compliance posture?
How does RBAC differ from legacy PACS access control?