Which of the following best describes the concept of 'role-based access control' in an EHR system like Epic?