dhis2-devs team mailing list archive

Thread
Date
Re: [Dhis2-users] User Authorities and Dashboards

To: Georgi Chakarov <georgi@xxxxxxxxxxxxxxxxxxx>
From: Jason Pickering <jason.p.pickering@xxxxxxxxx>
Date: Thu, 4 May 2017 14:00:40 +0200
Cc: "dhis2-users@xxxxxxxxxxxxxxxxxxx" <dhis2-users@xxxxxxxxxxxxxxxxxxx>, Antonia - Pro <antonia@xxxxxxxxxxx>, "dhis2-devs@xxxxxxxxxxxxxxxxxxx" <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <MWHPR03MB30385564A3FFDAB02EDC9B89C0EA0@MWHPR03MB3038.namprd03.prod.outlook.com>
Hi Georgi,
Good. You are on the  right track then.

>From the user management app, each investor needs to be restricted by the
dimension you mentioned.


Like from the demo site, you might decide to restrict a user to the
"Funding agency" dimension.

In order for you to obfuscate data from other users, the category option
which is part of that dimension, should only be shared with a user group
which the user actually belongs to and with no other users.

The category option should have "Public access" set to none and should be
shared with a group with at least "Can view" which the user also belongs
to. This will allow the user to see these analytics values, but will not
allow other users to see them.

Even if you were able to restrict which pivots the users could see, savvy
users could always use the API to extract data from the system, thus, it
must be protected by proper configuration of sharing. With correct use of
sharing between users and category options, you should be able to achieve
this.

Regards,
Jason





On Thu, May 4, 2017 at 1:52 PM, Georgi Chakarov <georgi@xxxxxxxxxxxxxxxxxxx>
wrote:

> Hi Jason,
>
>
>
> Thank you for your response!
>
>
>
> This is exactly how I have structured my data originally. I have organized
> each investor as an Attribute category options and have created Attribute
> option combos and assigned to selected data sets. Here are my questions:
>
> 1)      How do I share only one category option with one user?
>
> 2)      What do you mean by "Selected dimension restrictions for data
> analytics"? Unless I allow users to “See Pivot table module” they do not
> see the reports on the dashboard. And from within the Pivot they have
> access to other Attribute options (namely investors). I cannot assign
> authorities to only part of the Pivot table functions, regretfully.
>
>
>
> Regards,
>
>
>
> Georgi
>
>
>
>
>
>
>
> *From:* Dhis2-users [mailto:dhis2-users-bounces+georgi=
> logicaloutcomes.net@xxxxxxxxxxxxxxxxxxx] *On Behalf Of *Jason Pickering
> *Sent:* Thursday, May 4, 2017 2:15 PM
> *To:* Antonia - Pro <antonia@xxxxxxxxxxx>
> *Cc:* dhis2-users@xxxxxxxxxxxxxxxxxxx; dhis2-devs@xxxxxxxxxxxxxxxxxxx
> *Subject:* Re: [Dhis2-users] User Authorities and Dashboards
>
>
>
> Hi Georgi,
>
>
>
> To be most specific I think, you will need to use the "Attribute option
> combo" to control who can see what. This is basically a way to disaggregate
> data by a custom dimension, in this case, by an investor group. Its often
> used in situations where multiple partners are entering data for the same
> health facility, but you do not want one partner to be able to see another
> partners data.  Once you disaggregate your data set this way, you can then
> use sharing to control who can see what, by only sharing the category
> option which is applicable to a given user, with that user.  Each investor
> would need to be belong to a common group with "their" category option. You
> would then need to restrict users in their user role  with "Selected
> dimension restrictions for data analytics" as well.
>
> This type of setup can get complex quickly, but has been used in larger
> implementations (i.e with the PEPFAR system) , but usually only when the
> groups are properly designed and the creation of users is done in a
> scripted way, to ensure that all of the permissions are set correctly.
>
>
>
> Hope that helps!
>
>
>
> Jason
>
>
>
>
>
> On Thu, May 4, 2017 at 12:58 PM, Antonia - Pro <antonia@xxxxxxxxxxx>
> wrote:
>
> Exactly Morten.
>
> For Dashboards, sharing also works at user level after the last update
> 2.26, but reports (data, event visualizer and reports and pivot tables)
> only work at group level currently (on the demo server).
>
>
> [image: Image removed by sender.]
>
> *Eng. Antonia Bezenchek*
>
> CIO - ICT Engineer
>
> *InformaPRO S.r.l.* via Guido Guinizelli, 98/100, Roma 00152, Italy
>
>
>
> 2017-05-04 12:29 GMT+02:00 Morten Olav Hansen <morten@xxxxxxxxx>:
>
> Hm, I think maybe we support this only for the dashboards, so it might not
> help you (you can share dashboards directly to users, but reporting apps
> are not updated for that yet).
>
>
> --
>
> Morten Olav Hansen
>
> Senior Engineer, DHIS 2
>
> University of Oslo
>
> http://www.dhis2.org
>
>
>
> On Thu, May 4, 2017 at 5:28 PM, Antonia - Pro <antonia@xxxxxxxxxxx> wrote:
>
> Permissions for Dashboard and Favorites are managed at the group level, so
> if they are not groupable, you need to create a group for each user.
>
>
>
> Regards,
>
> Antonia
>
>
>
>
>
>
>
> 2017-05-04 9:47 GMT+02:00 Georgi Chakarov <georgi@xxxxxxxxxxxxxxxxxxx>:
>
> Hi Alex,
>
>
>
> Thanks for the response!
>
>
>
> I have 150 investors and none of them should be able to see the reports of
> the other investors.
>
> Does this mean that I have to create 150 user groups with one investor
> each?
>
>
>
> Regards,
>
>
>
> Georgi
>
>
>
> *From:* Alex Tumwesigye [mailto:atumwesigye@xxxxxxxxx]
> *Sent:* Thursday, May 4, 2017 8:53 AM
> *To:* Georgi Chakarov <georgi@xxxxxxxxxxxxxxxxxxx>
> *Cc:* dhis2-devs@xxxxxxxxxxxxxxxxxxx; dhis2-users@xxxxxxxxxxxxxxxxxxx
> *Subject:* Re: [Dhis2-users] User Authorities and Dashboards
>
>
>
> Dear Georgi,
>
>
>
> The solution is Sharing and User Groups
>
>
>
> Implement the same sharing on each report/chart/gis map as you did on the
> dashboard.
>
> That is Set Public to *None *and then add the Investor User Group (which
> is has access) and set sharing to *View*
>
>
>
> *Alex*
>
>
>
> On Wed, May 3, 2017 at 7:27 PM, Georgi Chakarov <
> georgi@xxxxxxxxxxxxxxxxxxx> wrote:
>
> Hello all,
>
>
>
> I have a big problem setting up the correct authorities so that users see
> what I need them to.
>
> In brief, I am reporting on financial data. I have a few investors for
> whom I have prepared personal dashboards with pivots on how much return
> they have earned. I DO NOT want investors to be able to see each other’s
> data.
>
>
>
> This is what I have done:
>
> 1)      User Authorities:
>
> -          See dashboards
>
> -          See browser cache
>
> -          See pivot table module
>
> *IMPORTANT:* If I remove the “See pivot table module” the users are not
> able to see the saved pivot tables on their dashboard! So I need this
> authority.
>
>
>
> 2)      Dashboards
>
> -          Created personal dashboard for each investor
>
> -          Shared the dashboard only with the respective investor
>
>
>
> Every investor is able to see only their dashboard. Here comes the *BIG
> PROBLEM: *When an investor clicks “Explore” pivot table from the
> dashboard it takes him to the Pivot table app. From there, they can go to
> Favorites and open a saved report for any of the other investors and see
> data.
>
>
>
> Two questions here:
>
> 1)      Is there a way for user to see pivots on a dashboard without
> necessarily having access to the Pivot reporting module?
>
> 2)      If not, is there a way to restrict user of opening reports saved
> as favorites in the Pivot reporting module?
>
>
>
>
>
> Your comments are highly appreciated!
>
> Georgi
>
>
>
>
>
>
>
>
>
>
> Georgi Chakarov, CIA | georgi@xxxxxxxxxxxxxxxxxxx | +1-647-478-5634 x 104
> <(647)%20478-5634> | LogicalOutcomes c/o Centre for Social Innovation,
> 720 Bathurst Street, Toronto Canada M5S 2R4 | *You may unsubscribe from
> receiving commercial electronic messages from LogicalOutcomes by emailing *
> *info@xxxxxxxxxxxxxxxxxxx* <info@xxxxxxxxxxxxxxxxxxx>
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
>
> --
>
> Alex Tumwesigye
>
>
>
> Technical Advisor - DHIS2 (Consultant),
> Ministry of Health/AFENET  | HISP Uganda
>
> Kampala
>
> Uganda
> +256 774149 775, + 256 759 800161 <+256%20759%20800161>
>
> Skype ID: talexie
>
>
> IT Consultant (Servers, Networks and Security, Health Information Systems
> - DHIS2, Disease Outbreak & Surveillance Systems) & Solar Consultant
>
>
> "I don't want to be anything other than what I have been - one tree hill "
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
>
> --
>
> Jason P. Pickering
> email: jason.p.pickering@xxxxxxxxx
> tel:+46764147049 <076-414%2070%2049>
>



-- 
Jason P. Pickering
email: jason.p.pickering@xxxxxxxxx
tel:+46764147049
References

Re: [Dhis2-users] User Authorities and Dashboards
From: Antonia - Pro, 2017-05-04
Re: [Dhis2-users] User Authorities and Dashboards
From: Jason Pickering, 2017-05-04