dhis2-users team mailing list archive

[Lars Helge Øverland <larshelge@xxxxxxxxx>]

On Fri, Jun 29, 2012 at 6:26 AM,  <hiattt@xxxxxxxxxxxx> wrote:
> Okay, thanks for your help. I think I'm getting this.
>
>
>
> So,
>
>
>
> ·         A user manager can only see the users who have privileges that are
> within his list of privileges.
>
> ·         A user manager can only assign roles (see them listed) that are
> within his list of priveleges.
>
>
>
> ·         This actually doesn't have to do with who added the user (as
> stephocay mentioned), so if a superuser adds a user with sufficiently
> limited privileges, then the user manager will be able to see that user.
>

This is correct.

>
>
> Some odd behavior I noticed:
>
>
>
> ·         A user manager can see users assigned to org units that he is not
> assigned to.
>

Yes that is right. If you need to restrict this you can remove the
authority for viewing all users (through the "Users" menu item) and
only give those users the authority to view users within their org
unit sub-tree through the "User by Organisation Unit" menu item.



> ·         If a user manager has the role of 'editor' and 'user manager' with
> associated privileges for each he cannot view other users even though he has
> all their privileges with his 2 roles combined. But if these privileges are
> combined into one role he can see them.
>

OK. There is also a rule saying a user can not view/modify other users
with the same user role as yourself - could this be the reason why you
get this?

Lars