Roles & Permissions
Roles and permissions are how Care decides who can do what, and where. A permission is a single action ("Can Create Patient"), a role bundles permissions into a job-shaped set ("Doctor"), and a grant gives a person that role inside one boundary — a facility, an organization, or a single patient.
Organization
An organization is how Care groups people and permissions so that access is defined once and reused, instead of configured per person. Organizations form a tree, and a role granted on a parent flows down to everything beneath it — they are the backbone of who-can-do-what across a deployment. (FHIR calls this grouping primitive Organization; Care uses that term rather than "group," which is ambiguous in a clinical setting.)
Facility Organization
A facility organization is a department, team, or group inside a single facility — Cardiology, the Emergency Ward, the night-shift nursing team. It is how one facility is divided internally so that staff, patients, and resources can be grouped, and so that access can be granted to a part of the facility rather than the whole of it.
User
A user in Care is an account that a person — or an automated integration — uses to sign in and act on the platform. It is the identity behind every action in the record: the doctor who writes a note, the nurse who records an observation, and the operator who registers a patient all do so as a user.