← Back to team overview

dhis2-devs team mailing list archive

  1. dhis2-devs team
  2. Mailing list archive
  3. Message #51047

data level sharing and access control in 2.29

  Thread PreviousDate PreviousThread Next 
Hi all,

in 2.29 we introduced a significant change in the access control solution
in DHIS 2.

In essence, two new levels within the sharing solution were introduced: *Can
capture data* and *Can view data*. These levels applies to capturing
data/events and viewing data/events in analytics, and complements the two
existing levels so that we now have:

Metadata
--
1. Can edit and view metadata
2. Can view metadata

Data/events
--
3. Can capture and view data
4. Can view data


This means that you can now control who can capture data for data sets,
programs and program stages through the sharing solution. Previous to 2.29
this was done through user roles, where data sets and programs were
associated with user roles.

You can also control who can see data in analytics for programs and
category options through the new "can view data" sharing level.


We have updated the sharing user *documentation* to reflect this:

https://docs.dhis2.org/master/en/user/html/sharing.html


We have also have some excellent new *videos* which elaborates on this
topic - look for "Data level sharing":

https://www.dhis2.org/spotlight


The *motivation* behind this change in the access control model is:

- It provides a single place to control access to DHIS 2 objects. The user
role associations to data sets and programs have been removed and replaced
by the mentioned sharing levels.

- It opens for more flexibility in access control. Going forward we plan to
introduce more fine-grained data level sharing and include support for
entities like data elements and tracked entity attributes.

- It allows better control over who can view data in analytics, in
particular for program and tracker data.


The 2.29 *upgrade* script will create a user group per user role and share
those groups with the appropriate data sets and programs. You can of course
opt not to run this part of the script and instead do the upgrade manually.

https://github.com/dhis2/dhis2-utils/blob/master/resources/sql/upgrade-229.sql


best regards,

Lars


PS. thanks Nick Dutta for excellent videos.


-- 
Lars Helge Øverland
Technical lead, DHIS 2
University of Oslo
lars@xxxxxxxxx
https://www.dhis2.org

Follow ups

  Thread PreviousDate PreviousThread Next