Role-Based Access Control

Who can see what. Who can do what. Especially with AI.

Legacy PACS was built when access control meant 'can this person log in.' Today, AI models process patient data, generate findings, and influence clinical decisions. Sirona's granular RBAC controls every layer — from who reads which studies to who deploys AI models and accesses their outputs.

See Sirona in Action

How Sirona is Different

AI changes everything about access control

When AI models read studies, generate findings, and pre-populate reports, the question of 'who has access' expands dramatically. Who can enable a new AI algorithm? Who can see AI-generated findings before a radiologist reviews them? Who can modify AI configuration parameters? Who can access AI performance analytics? Legacy PACS has no concept of these permissions because it was built before AI existed in the workflow. Sirona's RBAC includes AI-specific permission layers — controlling model deployment, output visibility, configuration access, and audit trails for every AI action. In the age of AI, RBAC isn't just about data access. It's about algorithmic governance.

Access control at every layer

SAML SSO, granular permissions, and immutable audit logs — enforced across every module, every site, and every AI interaction. LDAP directory sync is on the roadmap.

SAML 2.0 SSO

Single sign-on via your existing identity provider. One set of credentials across Sirona, your EHR, and every other system. No separate passwords to manage.

LDAP Directory Sync

On the roadmap: roles and group memberships will sync from your Active Directory or LDAP, so a directory role change propagates to Sirona permissions automatically. Today, roles are defined and managed directly in Sirona.

Granular Role Definitions

Define custom roles with specific permissions for study access, report editing, AI configuration, worklist management, and administrative functions. As fine-grained as you need.

Facility-Level Scoping

Restrict roles to specific facilities, departments, or modalities. A radiologist at Site A sees only Site A studies. An admin manages only their assigned locations.

Immutable Audit Logs

Every access event, permission change, and AI interaction is logged immutably. Tamper-proof records for SOC 2 and HIPAA compliance.

AI-Specific Permissions

Control who can deploy AI models, view AI-generated findings, modify algorithm configurations, and access AI performance analytics. A new permission layer for a new era.

Governance that keeps pace with the platform

AI Governance

Permissions for the AI era

Sirona's RBAC extends beyond traditional data access to cover the full AI lifecycle. Who can enable a third-party AI algorithm in the workflow? Who can see AI-generated findings before radiologist review? Who can adjust sensitivity thresholds on QualityAssist? Who can access aggregate AI performance metrics? These are questions legacy systems never had to answer. Sirona defines AI permissions as first-class roles — not afterthoughts bolted onto a data access model. Every AI action is permissioned, logged, and auditable.

AI model deployment permissions — control who can enable/disable algorithms

AI output visibility — restrict pre-review findings to authorized roles

AI configuration access — limit who can modify model parameters

AI audit trail — every model interaction logged with user, timestamp, and action

Identity

One identity, enforced everywhere

Sirona integrates with your existing identity infrastructure — SAML 2.0 single sign-on today, with LDAP directory synchronization on the roadmap. Users authenticate once through your identity provider, and a single Sirona identity is enforced across viewer, reporter, worklist, admin dashboard, and AI configuration. As directory sync lands, role assignment and de-provisioning will follow directory group membership automatically — so a directory change propagates everywhere at once. Until then, roles are defined and managed in Sirona.

SAML 2.0 SSO — authenticate via your existing identity provider

LDAP directory sync — derive roles from directory groups (on the roadmap)

Automatic provisioning and de-provisioning as directory sync lands

One Sirona identity enforced across viewer, reporter, worklist, admin, and AI config

Multi-Site

Permissions that match your organizational complexity

A multi-site practice needs radiologists scoped to specific facilities, technologists with worklist access but no report editing, referring physicians with view-only access to their patients' studies, and administrators with scheduling and configuration rights. Sirona's role model supports all of these simultaneously — facility-level scoping, functional permission sets, data visibility rules, and AI governance controls — in a single unified system. No per-site instances, no separate permission databases, no inconsistent access policies across locations.

Facility-scoped roles — restrict access by site, department, or modality

Functional permissions — separate study viewing, report editing, and configuration

Data visibility rules — referring physicians see only their patients

Consistent enforcement across all sites from a single admin interface

Compliance

Audit-ready by default

Every access event in Sirona generates an immutable audit record: who accessed what, when, from where, and what they did. Permission changes are logged with before-and-after states. AI model deployments record who enabled the model, when, and which studies it processed. These logs are tamper-proof and queryable — evidence-ready for SOC 2 and HIPAA reviews without manual compilation. When your compliance team needs evidence of access controls, the evidence already exists. Compliance isn't a quarterly project — it's a continuous output of normal operations.

Immutable, tamper-proof audit logs for every access event

Permission change tracking with before/after states

AI-specific audit trails — model deployment, output access, configuration changes

SOC 2 and HIPAA audit-ready without manual effort

Access control that scales

Every

AI interaction permissioned and logged immutably

All sites

covered by facility-scoped roles

Active

SOC 2 program with HIPAA controls built in

1

admin interface for all sites, roles, and AI governance

Security and governance built in

Everlight RadiologyRead the partnership announcement

Through Sirona's platform, Everlight will be able to build and deploy AI-powered automations across clinical, administrative, and operational workflows. This partnership will fundamentally transform how our radiologists practice, and position Everlight at the forefront of AI-enabled diagnostic medicine globally.

Jeff Oakman

Global Chief Operating Officer, Everlight Radiology

The RadOS Platform: built for enterprise scale

A look at the architecture behind Sirona — cloud-native, unified, and built to overlay on the enterprise PACS you already run.

FAQs

Does Sirona support single sign-on?

Yes. Sirona supports SAML 2.0 SSO integration with any compliant identity provider — Okta, Azure AD, Ping Identity, ADFS, and others. Users authenticate once through your existing IdP and access Sirona without a separate password.

Is LDAP directory sync available?

LDAP/Active Directory sync is on our roadmap. When it lands, Sirona will pull user accounts and group memberships from your directory and map roles to directory groups, so group changes propagate to Sirona permissions automatically. Today, roles are defined and managed directly in Sirona, and SAML 2.0 SSO handles authentication through your identity provider.

What AI-specific permissions does Sirona support?

Sirona's RBAC includes permissions for AI model deployment (who can enable/disable algorithms), AI output visibility (who sees AI findings before radiologist review), AI configuration (who can modify model parameters), and AI analytics (who can access performance metrics). Every AI action is logged in the audit trail.

Can I restrict access by facility or site?

Yes. Roles can be scoped to specific facilities, departments, or modalities. A radiologist at Hospital A sees only Hospital A studies. An administrator manages only their assigned locations. All enforced from a single admin interface.

How does Sirona handle audit logs for compliance?

Every access event, permission change, and AI interaction generates an immutable audit record — who, what, when, and from where. These records are tamper-proof and queryable, ready for SOC 2 or HIPAA audits without manual log compilation.

What is Sirona's compliance posture?

Sirona runs an active SOC 2 program and is HIPAA compliant with a BAA included. The platform uses AES-256 encryption at rest and in transit, TLS 1.3, and the RBAC and audit log system described on this page.

How does RBAC differ from legacy PACS access control?

Legacy PACS typically offers basic login authentication with limited role granularity — often just 'radiologist' and 'admin.' Sirona provides granular, composable permissions spanning study access, report editing, worklist management, AI governance, facility scoping, and administrative functions — all logged immutably, with LDAP directory sync on the roadmap.