dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #28483
user roles, access control
Hi all,
an issue where input is needed from the community:
Currently, one rule for user management says that users cannot see nor edit
users which have granted the same user roles as themselves.
The rationale for this restriction is e.g. that district officers should
not be able to create other district officer user accounts.
*Is this restriction still necessary?*
Reason for asking is that some organisations have started designing user
roles in a way where you a have a larger number of user roles focused on
topics, and user roles are mixed and matched when creating new users. This
restriction does not work well in this scenario.
A second rule is that users can only see other users for which they have
all of their authorities. This restriction will remain.
regards,
Lars
Follow ups