← Back to team overview

dhis2-devs team mailing list archive

Re: Decentralization of user management

 

Thanks Lars for updating members on new development on user roles.

The assigning of finer right to various users is of paramount at this stage.
This will go along way in improving security and even create ownership. The
roles  to various Coordinators like HIV, DDSR, RH, TB&L, HR, Financial
officers will be able to see only what is related to their core activities.
The role assign to Enter data will improve participation/ empowerment on the
dataset or reports  received from various Health facilities where technology
is not available.

Lars, Clarification on:-

- The current user can not issue his own user roles to another user and also
amend/update the existing user meaning there will be communication
facilitating the amendment of other users rights.


-Because we don't want districts users to create new district users, rather
to create facility users and coordinators of various programmes only.


Regards



2011/6/11 Lars Helge Øverland <larshelge@xxxxxxxxx>

>
> Hi,
>
> one learning from Kenya is that "local concerns" such as assignment of
> services (datasets) and classification (group assignment) of facilities
> should be decentralized to district managers as they can perform this task
> more efficiently and with a better understanding of their local area.
>
> We now increasingly see that facility users start entering data online
> themselves and decentralizing management of facility user accounts would be
> a good idea. This comes with a few challenges however as we want to provide
> them the ability only to create users with "less" authority than what they
> have themselves. We have now implemented a solution for this in trunk which
> implies that a user can issue a user role to a new user if:
>
> - The current user has the ALL authority OR the issued user role authority
> group is a subset of the aggregated authorities of the current user (i.e.
> the current user has all of the authorities he wants to issue to another
> user.)
>
> - The issued user role is NOT among the current user's user roles (i.e. the
> current user can not issue his own user roles to another user.)
>
> The latter rule is there e.g. because we don't want districts users to
> create new district users, rather to create facility users only.
>
> This solution means that it is now sensible to allow district and province
> users access to the user module. Just to keep you informed...
>
>
> Lars
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Samuel Cheburet
Ministry Of Health
P.O. Box 20781
Nairobi, Kenya
Mobile- 0721624338

*Don't Compromise The Quality! Don't Risk It! apply Available Standards to
Achieve Your/organizational Goal.*

References