dhis2-users team mailing list archive

Thread
Date

user roles, access control

To: DHIS 2 Developers list <dhis2-devs@xxxxxxxxxxxxxxxxxxx>, DHIS 2 Users list <dhis2-users@xxxxxxxxxxxxxxxxxxx>
From: Lars Helge Øverland <larshelge@xxxxxxxxx>
Date: Fri, 14 Mar 2014 11:33:56 +0100

Hi all,

an issue where input is needed from the community:

Currently, one rule for user management says that users cannot see nor edit
users which have granted the same user roles as themselves.

The rationale for this restriction is e.g. that district officers should
not be able to create other district officer user accounts.

*Is this restriction still necessary?*

Reason for asking is that some organisations have started designing user
roles in a way where you a have a larger number of user roles focused on
topics, and user roles are mixed and matched when creating new users. This
restriction does not work well in this scenario.

A second rule is that users can only see other users for which they have
all of their authorities. This restriction will remain.

regards,

Lars

Follow ups

Re: user roles, access control
From: Bayo Mohammed Onimode Jnr, 2014-03-14